Skip to content

fix: set NO_PROXY for host gateway to bypass Squid for MCP #554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Mossaka merged 1 commit into from
Feb 6, 2026
+12 −0
Merged

fix: set NO_PROXY for host gateway to bypass Squid for MCP #554

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions src/docker-manager.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -332,6 +332,18 @@ export function generateDockerCompose(
PATH: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
};

// When host access is enabled, bypass the proxy for the host gateway IPs.
// MCP Streamable HTTP (SSE) traffic through Squid crashes it (comm.cc:1583),
// so MCP gateway traffic must go directly to the host, not through Squid.
if (config.enableHostAccess) {
// Compute the network gateway IP (first usable IP in the subnet)
const subnetBase = networkConfig.subnet.split('/')[0]; // e.g. "172.30.0.0"
const parts = subnetBase.split('.');
const networkGatewayIp = `${parts[0]}.${parts[1]}.${parts[2]}.1`;
environment.NO_PROXY = `localhost,127.0.0.1,${networkConfig.squidIp},host.docker.internal,${networkGatewayIp}`;
environment.no_proxy = environment.NO_PROXY;
}
Comment on lines +338 to +345
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new NO_PROXY environment variable configuration lacks test coverage. Consider adding a test case in the 'enableHostAccess option' describe block in docker-manager.test.ts to verify that both NO_PROXY and no_proxy are set correctly when enableHostAccess is true, and that they include all the expected hosts (localhost, 127.0.0.1, squid IP, host.docker.internal, and the computed network gateway IP).

Copilot uses AI. Check for mistakes.

// For chroot mode, pass the host's actual PATH and tool directories so the entrypoint can use them
// This ensures toolcache paths (Python, Node, Go, Rust, Java) are correctly resolved
if (config.enableChroot) {
Expand Down
Loading