From d799e07f6629a715be5edbc486220efe51b36ca3 Mon Sep 17 00:00:00 2001 From: "Jiaxiao (mossaka) Zhou" Date: Fri, 6 Feb 2026 08:55:05 +0000 Subject: [PATCH] fix: set NO_PROXY for host gateway to bypass Squid for MCP The iptables NAT bypass from v0.13.10 prevents DNAT redirection, but HTTP_PROXY env var still causes HTTP clients (like Codex's reqwest) to send MCP traffic through Squid as a forward proxy. Concurrent SSE connections through Squid crash it (comm.cc:1583). Set NO_PROXY with host.docker.internal and the network gateway IP when --enable-host-access is enabled, so MCP gateway traffic bypasses both DNAT and the forward proxy. Co-Authored-By: Claude Opus 4.6 (1M context) --- src/docker-manager.ts | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/docker-manager.ts b/src/docker-manager.ts index 410ab789..965714fd 100644 --- a/src/docker-manager.ts +++ b/src/docker-manager.ts @@ -332,6 +332,18 @@ export function generateDockerCompose( PATH: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', }; + // When host access is enabled, bypass the proxy for the host gateway IPs. + // MCP Streamable HTTP (SSE) traffic through Squid crashes it (comm.cc:1583), + // so MCP gateway traffic must go directly to the host, not through Squid. + if (config.enableHostAccess) { + // Compute the network gateway IP (first usable IP in the subnet) + const subnetBase = networkConfig.subnet.split('/')[0]; // e.g. "172.30.0.0" + const parts = subnetBase.split('.'); + const networkGatewayIp = `${parts[0]}.${parts[1]}.${parts[2]}.1`; + environment.NO_PROXY = `localhost,127.0.0.1,${networkConfig.squidIp},host.docker.internal,${networkGatewayIp}`; + environment.no_proxy = environment.NO_PROXY; + } + // For chroot mode, pass the host's actual PATH and tool directories so the entrypoint can use them // This ensures toolcache paths (Python, Node, Go, Rust, Java) are correctly resolved if (config.enableChroot) {