Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proxy configuration not working in Spring Cloud Config #2608

Open
moiMeme opened this issue Oct 28, 2024 · 5 comments
Open

Proxy configuration not working in Spring Cloud Config #2608

moiMeme opened this issue Oct 28, 2024 · 5 comments

Comments

@moiMeme
Copy link

moiMeme commented Oct 28, 2024

Describe the bug
When configuring a proxy in Spring Cloud Config, HTTP requests to the config server do not route through the specified proxy. Despite setting http.proxyHost and http.proxyPort (or equivalent settings in application.yml), the connection bypasses the proxy and connects directly. This issue impacts users who require proxy routing for secure or restricted network environments.

Step to reproduce

  1. Set up a Spring Boot project with the following dependencies:
 <dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-config</artifactId>
    </dependency>
</dependencies>
  1. Configure the proxy settings in application.yml:
spring:
  cloud:
    config:
      server:
        defaultLabel: master
        git:
          deleteUntrackedBranches: true
          clone-on-start: true
          skipSslValidation: true
          searchPaths:
            - "{application}"
            - "{application}/{profile}"
          uri: "https://config-server-url"  # Replace with your config server URL
          proxy:
            host: "proxy.example.com"       # Replace with your proxy hostname
            port: 8080                      # Replace with your proxy port
  1. Start the Spring Boot application. Verify if requests to the config server route through the specified proxy (e.g., by checking proxy logs)

Expected Behavior
Requests to the config server should be routed through the configured proxy (proxy.example.com:8080).

Actual Behavior
Requests to the config server bypass the configured proxy and connect directly. Proxy logs show no incoming requests, confirming that the proxy is not being used.

Environment

  • Spring Cloud Version: 2023.0.3
  • Spring Boot Version: 3.3.5
  • Java Version: 21
  • Environment: Docker, Kubernetes, or local

Additional Context
No related exceptions or errors appear in the logs. The following configurations were tested without success:

  • Environment Variables: http.proxyHost and http.proxyPort.
  • Java System Properties: -Dhttp.proxyHost=proxy.example.com -Dhttp.proxyPort=8080.
  • Direct Configuration in application.yml.

Workaround Solution
To route requests through the proxy despite the original configuration issue, I extended HttpClientConfigurableHttpConnectionFactory and modified the create method to ensure a new proxy is always created if none is provided or if the proxy type is set to DIRECT. This approach successfully routed requests through the proxy as expected. (not a good solution)

Here’s a summary of the code:

public class CustomHttpConnectionFactory extends HttpClientConfigurableHttpConnectionFactory {

    @Override
    public HttpConnection create(URL url, Proxy proxy) throws IOException {
        // Check if the proxy is null or has a direct type
        Proxy newProxy = Optional.ofNullable(proxy)
                      .filter(pp -> !Proxy.Type.DIRECT.equals(pp.type()))
                      .orElse(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("proxy.example.com", 3128)));
        return super.create(url, newProxy );
    }
}

In this method:

If the provided proxy is null or of type DIRECT, it creates a new Proxy instance with Proxy.Type.HTTP and the desired proxy host and port.
This successfully routes the request via the specified proxy.(for test purpose)

@ryanjbaxter
Copy link
Contributor

It sounds like there is a bit of a confusion here.

The properties under spring.cloud.config.server.git.proxy are used by the CONFIG SERVER to access the Git server through a proxy, it has no effect on the CONFIG CLIENT. Based on your issue it sounds like you are trying to configure the config client to use a proxy to access the config server.

The config client uses RestTemplate to make requests to the config server so you should be able to follow the Spring Boot documentation for configuring a proxy for the client.
https://docs.spring.io/spring-boot/reference/io/rest-client.html#io.rest-client.resttemplate.customization

@moiMeme
Copy link
Author

moiMeme commented Oct 31, 2024

I am setting up Spring Cloud Config Server to connect to a Git server through a proxy. The issue arises when using a token for authentication. Upon debugging, I found that the private lookupHttpClientBuilder(url) method fails to locate the HttpClientBuilder by URL.

During configuration, HttpClientConfigurableHttpConnectionFactory creates an HttpClientBuilder and stores it in a Map<String, HttpClientBuilder> httpClientBuildersByUri, where the key is the URL (including the token) from the properties file. However, the lookupHttpClientBuilder method is called with a URL that lacks the token, leading to a lookup failure.

@ryanjbaxter
Copy link
Contributor

Can you provide a complete, minimal, verifiable sample that reproduces the problem? It should be available as a GitHub (or similar) project or attached to this issue as a zip file.

@moiMeme
Copy link
Author

moiMeme commented Nov 6, 2024

Please find attached a demo to reproduce the issue: demo.zip.
For the proxy I used squid as a docker container:
docker run --name proxy -d -e TZ=UTC -p 3128:3128 ubuntu/squid
You need to change the gitlab config repository URL and the gitlab token.

@moiMeme
Copy link
Author

moiMeme commented Nov 7, 2024

After debugging, I found that the HttpConnection create(URL url, Proxy proxy) method in HttpClientConfigurableHttpConnectionFactory is being invoked with a URL that lacks the token. Meanwhile, the HttpClientBuilder is cached in httpClientBuildersByUri using a URL that includes the token.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants