feat: add configuration 'no-sys-proxy' to bypass the system proxy.

Trunk.toml

@@ -94,6 +94,14 @@ backend = "http://localhost:9000/api/v2/"
 backend = "https://localhost:9000/api/v3/"
 insecure = true
 
+[[proxy]]
+# This proxy example has the no_system_proxy field. In this example,
+# connections to https://172.16.0.1:9000/api/v3/ will bypass the system proxy.
+# This may be useful in cases where a local system has a proxy configured which cannot be reconfigured, but the
+# proxy target (of trunk serve) is not know/accessible by the system's proxy.
+backend = "https://172.16.0.1:9000/api/v3/"
+no_system_prox = true
+
 ## hooks
 # Hooks are optional, and default to `None`.
 # Hooks are executed as part of Trunk's main build pipeline, no matter how it is run.

site/content/configuration.md

@@ -29,6 +29,8 @@ The `trunk serve` command accepts two proxy related flags.
 
 `--proxy-insecure` allows the `--proxy-backend` url to use a self signed certificate for https (or any officially [invalid](https://docs.rs/reqwest/latest/reqwest/struct.ClientBuilder.html#method.danger_accept_invalid_certs) certs, including expired). This would be used when proxying to https such as `trunk serve --proxy-backend=https://localhost:3001/ --proxy-insecure` where the ssl cert was self signed, such as with [mkcert](https://github.com/FiloSottile/mkcert), and routed through an https reverse proxy for the backend, such as [local-ssl-proxy](https://github.com/cameronhunter/local-ssl-proxy) or [caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy).
 
+`--proxy-no-sytem-proxy` bypasses the system proxy when contacting the proxy backend.
+
 `--proxy-ws` specifies that the proxy is for a WebSocket endpoint.
 
 ## Config File

src/config/models/mod.rs

@@ -247,6 +247,10 @@ pub struct ConfigOptsServe {
     #[arg(long = "proxy-insecure")]
     #[serde(default)]
     pub proxy_insecure: bool,
+    /// Configure the proxy to bypass system proxy [default: false]
+    #[arg(long = "proxy-no-system-proxy")]
+    #[serde(default)]
+    pub proxy_no_system_proxy: bool,
     /// Disable auto-reload of the web app [default: false]
     #[arg(long = "no-autoreload")]
     #[serde(default)]
@@ -322,6 +326,10 @@ pub struct ConfigOptsProxy {
     /// Configure the proxy to accept insecure certificates.
     #[serde(default)]
     pub insecure: bool,
+    /// Configure the proxy to bypass the system proxy. Defaults to `false`.
+    #[serde(rename = "no-system-proxy")]
+    #[serde(default)]
+    pub no_system_proxy: bool,
 }
 
 /// Config options for build system hooks.
@@ -505,6 +513,7 @@ impl ConfigOpts {
             ws_protocol: cli.ws_protocol,
             tls_key_path: cli.tls_key_path,
             tls_cert_path: cli.tls_cert_path,
+            proxy_no_system_proxy: cli.proxy_no_system_proxy,
         };
         let cfg = ConfigOpts {
             build: None,

src/config/rt.rs

@@ -302,6 +302,8 @@ pub struct RtcServe {
     pub proxy_ws: bool,
     /// Configure the proxy to accept insecure connections.
     pub proxy_insecure: bool,
+    /// Configure the proxy to bypass system proxy.
+    pub proxy_no_sys_proxy: bool,
     /// Any proxies configured to run along with the server.
     pub proxies: Option<Vec<ConfigOptsProxy>>,
     /// Whether to disable auto-reload of the web page when a build completes.
@@ -346,6 +348,7 @@ impl RtcServe {
             proxy_backend: opts.proxy_backend,
             proxy_rewrite: opts.proxy_rewrite,
             proxy_insecure: opts.proxy_insecure,
+            proxy_no_sys_proxy: opts.proxy_no_system_proxy,
             proxy_ws: opts.proxy_ws,
             proxies,
             no_autoreload: opts.no_autoreload,

src/serve.rs

@@ -7,14 +7,15 @@ use anyhow::{Context, Result};
 use axum::body::{self, Body, Bytes};
 use axum::extract::ws::WebSocketUpgrade;
 use axum::http::header::{HeaderName, CONTENT_LENGTH, CONTENT_TYPE, HOST};
-use axum::http::{HeaderValue, Request, StatusCode};
+use axum::http::{HeaderValue, Request, StatusCode, Uri};
 use axum::middleware::Next;
 use axum::response::{IntoResponse, Response};
 use axum::routing::{get, get_service, Router};
 use axum_server::tls_rustls::RustlsConfig;
 use axum_server::Handle;
 use futures_util::FutureExt;
-use std::collections::{BTreeSet, HashMap};
+use reqwest::Client;
+use std::collections::{hash_map::Entry, BTreeSet, HashMap};
 use std::net::{IpAddr, Ipv4Addr, SocketAddr};
 use std::path::PathBuf;
 use std::sync::Arc;
@@ -102,24 +103,10 @@ impl ServeSystem {
         shutdown_rx: broadcast::Receiver<()>,
         ws_state: watch::Receiver<ws::State>,
     ) -> Result<JoinHandle<()>> {
-        // Build the proxy client.
-        let client = reqwest::ClientBuilder::new()
-            .http1_only()
-            .build()
-            .context("error building proxy client")?;
-
-        let insecure_client = reqwest::ClientBuilder::new()
-            .http1_only()
-            .danger_accept_invalid_certs(true)
-            .build()
-            .context("error building insecure proxy client")?;
-
         // Build the server.
         let state = Arc::new(State::new(
             cfg.watch.build.final_dist.clone(),
             cfg.watch.build.public_url.clone(),
-            client,
-            insecure_client,
             &cfg,
             ws_state,
         ));
@@ -246,10 +233,6 @@ async fn run_server(
 
 /// Server state.
 pub struct State {
-    /// A client instance used by proxies.
-    pub client: reqwest::Client,
-    /// A client instance used by proxies to make insecure requests.
-    pub insecure_client: reqwest::Client,
     /// The location of the dist dir.
     pub dist_dir: PathBuf,
     /// The public URL from which assets are being served.
@@ -267,14 +250,10 @@ impl State {
     pub fn new(
         dist_dir: PathBuf,
         public_url: String,
-        client: reqwest::Client,
-        insecure_client: reqwest::Client,
         cfg: &RtcServe,
         ws_state: watch::Receiver<ws::State>,
     ) -> Self {
         Self {
-            client,
-            insecure_client,
             dist_dir,
             public_url,
             ws_state,
@@ -314,7 +293,7 @@ fn router(state: Arc<State>, cfg: Arc<RtcServe>) -> Result<Router> {
         serve_dir = serve_dir.layer(SetResponseHeaderLayer::overriding(name, value))
     }
 
-    let mut router = Router::new()
+    let router = Router::new()
         .fallback_service(
             Router::new().nest_service(
                 public_route,
@@ -343,61 +322,134 @@ fn router(state: Arc<State>, cfg: Arc<RtcServe>) -> Result<Router> {
         state.public_url.as_str()
     );
 
+    let mut builder = ProxyBuilder::new(router);
+
     // Build proxies.
     if let Some(backend) = &cfg.proxy_backend {
-        if cfg.proxy_ws {
-            let handler = ProxyHandlerWebSocket::new(backend.clone(), cfg.proxy_rewrite.clone());
-            router = handler.clone().register(router);
+        builder = builder.register_proxy(
+            cfg.proxy_ws,
+            backend,
+            cfg.proxy_rewrite.clone(),
+            ProxyClientOptions {
+                insecure: cfg.proxy_insecure,
+                no_system_proxy: cfg.proxy_no_sys_proxy,
+            },
+        )?;
+    } else if let Some(proxies) = &cfg.proxies {
+        for proxy in proxies.iter() {
+            builder = builder.register_proxy(
+                proxy.ws,
+                &proxy.backend,
+                proxy.rewrite.clone(),
+                ProxyClientOptions {
+                    insecure: proxy.insecure,
+                    no_system_proxy: proxy.no_system_proxy,
+                },
+            )?;
+        }
+    }
+
+    Ok(builder.build())
+}
+
+/// A builder for the proxy router
+pub(crate) struct ProxyBuilder {
+    router: Router,
+    clients: ProxyClients,
+}
+
+impl ProxyBuilder {
+    /// Create a new builder
+    pub fn new(router: Router) -> Self {
+        Self {
+            router,
+            clients: Default::default(),
+        }
+    }
+
+    /// Register a new proxy config
+    pub fn register_proxy(
+        mut self,
+        ws: bool,
+        backend: &Uri,
+        rewrite: Option<String>,
+        opts: ProxyClientOptions,
+    ) -> Result<Self> {
+        if ws {
+            let handler = ProxyHandlerWebSocket::new(backend.clone(), rewrite);
             tracing::info!(
                 "{}proxying websocket {} -> {}",
                 SERVER,
                 handler.path(),
                 &backend
             );
+            self.router = handler.register(self.router);
+            Ok(self)
         } else {
-            let client = if cfg.proxy_insecure {
-                state.insecure_client.clone()
-            } else {
-                state.client.clone()
-            };
-
-            let handler = ProxyHandlerHttp::new(client, backend.clone(), cfg.proxy_rewrite.clone());
-            router = handler.clone().register(router);
-            tracing::info!("{}proxying {} -> {}", SERVER, handler.path(), &backend);
-        }
-    } else if let Some(proxies) = &cfg.proxies {
-        for proxy in proxies.iter() {
-            if proxy.ws {
-                let handler =
-                    ProxyHandlerWebSocket::new(proxy.backend.clone(), proxy.rewrite.clone());
-                router = handler.clone().register(router);
-                tracing::info!(
-                    "{}proxying websocket {} -> {}",
-                    SERVER,
-                    handler.path(),
-                    &proxy.backend
-                );
-            } else {
-                let client = if proxy.insecure {
-                    state.insecure_client.clone()
+            let no_sys_proxy = opts.no_system_proxy;
+            let insecure = opts.insecure;
+            let client = self.clients.get_client(opts)?;
+            let handler = ProxyHandlerHttp::new(client, backend.clone(), rewrite);
+            tracing::info!(
+                "{}proxying {} -> {}{}{}",
+                SERVER,
+                handler.path(),
+                &backend,
+                if no_sys_proxy {
+                    "; ignoring system proxy"
                 } else {
-                    state.client.clone()
-                };
-
-                let handler =
-                    ProxyHandlerHttp::new(client, proxy.backend.clone(), proxy.rewrite.clone());
-                router = handler.clone().register(router);
-                tracing::info!(
-                    "{}proxying {} -> {}",
-                    SERVER,
-                    handler.path(),
-                    &proxy.backend
-                );
-            };
+                    ""
+                },
+                if insecure {
+                    "; ⚠️ insecure TLS"
+                } else {
+                    ""
+                }
+            );
+            self.router = handler.register(self.router);
+            Ok(self)
         }
     }
 
-    Ok(router)
+    pub fn build(self) -> Router {
+        self.router
+    }
+}
+
+#[derive(Clone, Eq, PartialEq, Hash)]
+pub(crate) struct ProxyClientOptions {
+    pub insecure: bool,
+    pub no_system_proxy: bool,
+}
+
+#[derive(Default)]
+pub(crate) struct ProxyClients {
+    clients: HashMap<ProxyClientOptions, Client>,
+}
+
+impl ProxyClients {
+    pub fn get_client(&mut self, opts: ProxyClientOptions) -> Result<Client> {
+        match self.clients.entry(opts.clone()) {
+            Entry::Occupied(entry) => Ok(entry.get().clone()),
+            Entry::Vacant(entry) => {
+                let client = Self::create_client(opts)?;
+                entry.insert(client.clone());
+                Ok(client)
+            }
+        }
+    }
+
+    /// Create a new client for proxying
+    fn create_client(opts: ProxyClientOptions) -> Result<Client> {
+        let mut builder = reqwest::ClientBuilder::new().http1_only();
+        if opts.insecure {
+            builder = builder.danger_accept_invalid_certs(true);
+        }
+        if opts.no_system_proxy {
+            builder = builder.no_proxy();
+        }
+        builder.build().context("error building proxy client")
+    }
 }
 
 async fn html_address_middleware<B: std::fmt::Debug>(