Skip to content

Add configurable network interface or SOCKS/HTTP proxy for outgoing requests

khanon requested to merge proxy-support into main

Feature

Application now allows setting the HTTP agent used by oai-reverse-proxy when making connections to other servers, such as when checking keys or when forwarding users' requests. You can use this to route all traffic through another SOCKS4/SOCKS5/HTTP proxy server or to select a particular network interface on your machine (like a VPN's) instead of using the OS defaults.

This affects all requests made by the proxy to external services, including:

  • key checker and model tests
  • requests proxied via http-proxy-middleware
  • DALL-E image generation mirroring
  • Vertex AI oauth access token exchange
  • Firebase websocket connections

New configs

  • HTTP_AGENT_INTERFACE - The name of the external network interface through which all outbound requests should be made. You can use this if you're on a VM with multiple network interfaces/IPs and you want to ensure the proxy makes all requests to upstream services from a particular IP.
    • Default: undefined (OS default interface)
    • Example: "eth0"
  • HTTP_AGENT_PROXY_URL - The url to an http, https, socks4, or socks5 proxy through which all outbound requests should be made. You can use this to send all prompts through another proxy, such as if you wish to hide the IP address of your origin server.

Refactor

Also includes a big ass refactor of a bunch of the http-proxy middleware and HTTP handling of requests under the /proxy route. Removed a few shitty abstractions, probably added a new one, and removed a lot of the boilerplate involved in setting up new http-proxy-middleware routers. This was necessary because when a custom http.Agent is supplied to http-proxy (such as ProxyAgent for the aforementioned SOCKS proxy feature), it causes a number of downstream issues around stream handling and proxying of request bodies, and makes onProxyReq hooks unable to mutate the request.

The proxy's architecture has always been confusing and difficult to grok, partly because of a lot of workarounds accumulated for weird behavior in the http-proxy-middleware/http-proxy libraries, which perform well but are poorly maintained and prone to a number of issues and incompatibilities. These require deep dives into esoteric low-level nodejs stream/socket internals and are painful to debug.

To put a stop to all of that, I've gotten rid HPMProxyCallback and abstracted away all of the fucked up http-proxy setup and lifecycle management within createQueuedProxyMiddleware, which now accepts some simpler configuration and provides a single type of hook for modifying requests before they're proxied, in the form of ProxyReqMutator. Mutators accept a manager param which provides an interface through which the proxied request can be modified, with the manager taking care of rolling back the request's state when it needs to be returned to the queue after a 429.

This means there are now two types of simpler hooks. Most things can just use the first type, which is a very simple (req: Request) => Promise<void> function.

  • RequestPreprocesor - runs once per request, before it's put into the queue. use for one-time validation and transformation.
  • ProxyReqMutator - runs every time the request is dequeued and about to be proxied. use to assign API keys and add signature headers.

Now none of the high level proxy code needs to deal with http-proxy or http-proxy-middleware, and if I ever need to completely rip those out in the future it should be pretty easy.

Todo

  • Fix issue with custom localAddress requests
    • Subsequent requests after the first one seem to just stall before onProxyReq, even though the request makes it upstream fine
    • Streaming is a bit wonky and seems to be buffered
  • Test AWS/Azure signed requests when using SOCKS5 proxy
  • Test vanilla config with no localAddress/proxyUrl set
Edited by khanon

Merge request reports

Loading