Describe the bug When configuring a proxy in Spring Cloud Config, HTTP requests to the config server do not route through the specified proxy. Despite setting http.proxyHost and http.proxyPort (or equivalent settings in application.yml), the connection bypasses the proxy and connects directly. This issue impacts users who require proxy routing for secure or restricted network environments.
Step to reproduce
- Set up a Spring Boot project with the following dependencies:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
</dependencies>
- Configure the proxy settings in application.yml:
spring:
cloud:
config:
server:
defaultLabel: master
git:
deleteUntrackedBranches: true
clone-on-start: true
skipSslValidation: true
searchPaths:
- "{application}"
- "{application}/{profile}"
uri: "https://config-server-url" # Replace with your config server URL
proxy:
host: "proxy.example.com" # Replace with your proxy hostname
port: 8080 # Replace with your proxy port
- Start the Spring Boot application. Verify if requests to the config server route through the specified proxy (e.g., by checking proxy logs)
Expected Behavior Requests to the config server should be routed through the configured proxy (proxy.example.com:8080).
Actual Behavior Requests to the config server bypass the configured proxy and connect directly. Proxy logs show no incoming requests, confirming that the proxy is not being used.
Environment
- Spring Cloud Version: 2023.0.3
- Spring Boot Version: 3.3.5
- Java Version: 21
- Environment: Docker, Kubernetes, or local
Additional Context No related exceptions or errors appear in the logs. The following configurations were tested without success: - Environment Variables: http.proxyHost and http.proxyPort. - Java System Properties: -Dhttp.proxyHost=proxy.example.com -Dhttp.proxyPort=8080. - Direct Configuration in application.yml.
Workaround Solution To route requests through the proxy despite the original configuration issue, I extended HttpClientConfigurableHttpConnectionFactory and modified the create method to ensure a new proxy is always created if none is provided or if the proxy type is set to DIRECT. This approach successfully routed requests through the proxy as expected. (not a good solution)
Here’s a summary of the code:
public class CustomHttpConnectionFactory extends HttpClientConfigurableHttpConnectionFactory {
@Override
public HttpConnection create(URL url, Proxy proxy) throws IOException {
// Check if the proxy is null or has a direct type
Proxy newProxy = Optional.ofNullable(proxy)
.filter(pp -> !Proxy.Type.DIRECT.equals(pp.type()))
.orElse(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("proxy.example.com", 3128)));
return super.create(url, newProxy );
}
}
In this method:
If the provided proxy is null or of type DIRECT, it creates a new Proxy instance with Proxy.Type.HTTP and the desired proxy host and port. This successfully routes the request via the specified proxy.(for test purpose)
Comment From: ryanjbaxter
It sounds like there is a bit of a confusion here.
The properties under spring.cloud.config.server.git.proxy are used by the CONFIG SERVER to access the Git server through a proxy, it has no effect on the CONFIG CLIENT. Based on your issue it sounds like you are trying to configure the config client to use a proxy to access the config server.
The config client uses RestTemplate to make requests to the config server so you should be able to follow the Spring Boot documentation for configuring a proxy for the client.
https://docs.spring.io/spring-boot/reference/io/rest-client.html#io.rest-client.resttemplate.customization
Comment From: moiMeme
I am setting up Spring Cloud Config Server to connect to a Git server through a proxy. The issue arises when using a token for authentication. Upon debugging, I found that the private lookupHttpClientBuilder(url) method fails to locate the HttpClientBuilder by URL.
During configuration, HttpClientConfigurableHttpConnectionFactory creates an HttpClientBuilder and stores it in a Map
Comment From: ryanjbaxter
Can you provide a complete, minimal, verifiable sample that reproduces the problem? It should be available as a GitHub (or similar) project or attached to this issue as a zip file.
Comment From: moiMeme
Please find attached a demo to reproduce the issue: demo.zip.
For the proxy I used squid as a docker container:
docker run --name proxy -d -e TZ=UTC -p 3128:3128 ubuntu/squid
You need to change the gitlab config repository URL and the gitlab token.
Comment From: moiMeme
After debugging, I found that the HttpConnection create(URL url, Proxy proxy) method in HttpClientConfigurableHttpConnectionFactory is being invoked with a URL that lacks the token. Meanwhile, the HttpClientBuilder is cached in httpClientBuildersByUri using a URL that includes the token.
Comment From: ryanjbaxter
Why are you not using the git username and password properties?
spring:
application:
name: demo
cloud:
config:
server:
defaultLabel: master
git:
uri: https://{GITLAB_CONFIG_REPO_PATH}
username: gitlab-ci-token
password: ${GITLAB_ACCESS_TOKEN}
Comment From: moiMeme
I tested like that but I get this error "two-factor authentication (2FA)"
Comment From: ryanjbaxter
Please provide more details about the error, was there a stack trace?
Comment From: moiMeme
It is working fine with this config:
spring:
application:
name: demo
cloud:
config:
server:
defaultLabel: master
git:
uri: https://{GITLAB_CONFIG_REPO_PATH}
username: gitlab-ci-token
password: ${GITLAB_ACCESS_TOKEN}
However, proxy is not working if we configure the username and the password with uri.
This is not blocking for me I will close the ticket
Thank you for your support