Add configurable network interface or SOCKS/HTTP proxy for outgoing requests
Feature
Application now allows setting the HTTP agent used by oai-reverse-proxy when making connections to other servers, such as when checking keys or when forwarding users' requests. You can use this to route all traffic through another SOCKS4/SOCKS5/HTTP proxy server or to select a particular network interface on your machine (like a VPN's) instead of using the OS defaults.
This affects all requests made by the proxy to external services, including:
- key checker and model tests
- requests proxied via http-proxy-middleware
- DALL-E image generation mirroring
- Vertex AI oauth access token exchange
- Firebase websocket connections
New configs
-
HTTP_AGENT_INTERFACE
- The name of the external network interface through which all outbound requests should be made. You can use this if you're on a VM with multiple network interfaces/IPs and you want to ensure the proxy makes all requests to upstream services from a particular IP.- Default:
undefined
(OS default interface) - Example:
"eth0"
- Default:
-
HTTP_AGENT_PROXY_URL
- The url to an http, https, socks4, or socks5 proxy through which all outbound requests should be made. You can use this to send all prompts through another proxy, such as if you wish to hide the IP address of your origin server.- Default:
undefined
(no proxy) - Example:
"socks5://username:[email protected]:9876"
- Default:
Refactor
Also includes a big ass refactor of a bunch of the http-proxy middleware and HTTP handling of requests under the /proxy route. Removed a few shitty abstractions, probably added a new one, and removed a lot of the boilerplate involved in setting up new http-proxy-middleware routers. This was necessary because when a custom http.Agent
is supplied to http-proxy
(such as ProxyAgent
for the aforementioned SOCKS proxy feature), it causes a number of downstream issues around stream handling and proxying of request bodies, and makes onProxyReq
hooks unable to mutate the request.
The proxy's architecture has always been confusing and difficult to grok, partly because of a lot of workarounds accumulated for weird behavior in the http-proxy-middleware
/http-proxy
libraries, which perform well but are poorly maintained and prone to a number of issues and incompatibilities. These require deep dives into esoteric low-level nodejs stream/socket internals and are painful to debug.
To put a stop to all of that, I've gotten rid HPMProxyCallback
and abstracted away all of the fucked up http-proxy
setup and lifecycle management within createQueuedProxyMiddleware
, which now accepts some simpler configuration and provides a single type of hook for modifying requests before they're proxied, in the form of ProxyReqMutator
. Mutators accept a manager
param which provides an interface through which the proxied request can be modified, with the manager taking care of rolling back the request's state when it needs to be returned to the queue after a 429.
This means there are now two types of simpler hooks. Most things can just use the first type, which is a very simple (req: Request) => Promise<void>
function.
-
RequestPreprocesor
- runs once per request, before it's put into the queue. use for one-time validation and transformation. -
ProxyReqMutator
- runs every time the request is dequeued and about to be proxied. use to assign API keys and add signature headers.
Now none of the high level proxy code needs to deal with http-proxy
or http-proxy-middleware
, and if I ever need to completely rip those out in the future it should be pretty easy.
Todo
-
Fix issue with custom localAddress
requests-
Subsequent requests after the first one seem to just stall before onProxyReq, even though the request makes it upstream fine -
Streaming is a bit wonky and seems to be buffered
-
-
Test AWS/Azure signed requests when using SOCKS5 proxy -
Test vanilla config with no localAddress
/proxyUrl
set