Do not proxy traffic to sockets #59
Comments
tommyknows
added a commit
to snyk/snyk-docker-plugin
that referenced
this issue
Oct 12, 2022
CLIv2 sets up a global proxy where all traffic from the typescript modules / CLI parts are routed through a Go proxy. This is an issue for the Docker modem where we want to connect to Docker's socket directly, as the proxy alters the behaviour of the calls. Because traffic to a socket does not need a `host` or `port` to be set, the Go proxy that got that traffic re-routed it to `localhost:80`, which results in the CLI failing. I've opened an [upstream PR in the `global-agent`](gajus/global-agent#59) repo to not proxy traffic that should reach sockets in the first place. However, until this is fixed, we should simply use a custom agent for docker modem.
tommyknows
added a commit
to snyk/snyk-docker-plugin
that referenced
this issue
Oct 12, 2022
CLIv2 sets up a global proxy where all traffic from the typescript modules / CLI parts are routed through a Go proxy. This is an issue for the Docker modem where we want to connect to Docker's socket directly, as the proxy alters the behaviour of the calls. Because traffic to a socket does not need a `host` or `port` to be set, the Go proxy that got that traffic re-routed it to `localhost:80`, which results in the CLI failing. I've opened an [upstream PR in the `global-agent`](gajus/global-agent#59) repo to not proxy traffic that should reach sockets in the first place. However, until this is fixed, we should simply use a custom agent for docker modem.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
First off, thanks a lot for this library!
I am currently facing an issue where I have an application that has two different types of connections:
/var/run/...The first type of traffic works as expected, however for Socket traffic things get weird.
global-agentredirects / routes that traffic through the proxy, and because HTTP requests to sockets do not have a host or port set, something will setlocalhost:80as the destination. Now the proxy obviously does not know what to do with it, because the socket-info is lost.I'm opening this issue because I wanted to ask if it would be possible to add an exception for socket traffic. For example, the easiest solution would be to simply add the following code here:
This could also be made configurable through an option, I guess, though because traffic sent to the proxy is "useless" (no / wrong destination attached), I don't see why an option for this could be useful (YMMV 😉)
I'd be happy to open a PR for this, but wanted to get an opinion first.
Thanks!
The text was updated successfully, but these errors were encountered: