mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-10 10:58:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
aa2ff1bbf74cd4e522ca8ebb7020cc8f87584313
bun.sh/test/docker/docker-compose.yml
Ciro Spaciari c90c0e69cb feat(websocket): add HTTP/HTTPS proxy support (#25614) 
## Summary

Add `proxy` option to WebSocket constructor for connecting through HTTP
CONNECT proxies.

### Features
- Support for `ws://` and `wss://` through HTTP proxies
- Support for `ws://` and `wss://` through HTTPS proxies (with
`rejectUnauthorized: false`)
- Proxy authentication via URL credentials (Basic auth)
- Custom proxy headers support
- Full TLS options (`ca`, `cert`, `key`, etc.) for target connections
using `SSLConfig.fromJS`

### API

```javascript
// String format
new WebSocket("wss://example.com", { proxy: "http://proxy:8080" })

// With credentials
new WebSocket("wss://example.com", { proxy: "http://user:pass@proxy:8080" })

// Object format with custom headers
new WebSocket("wss://example.com", {
  proxy: { url: "http://proxy:8080", headers: { "X-Custom": "value" } }
})

// HTTPS proxy
new WebSocket("ws://example.com", {
  proxy: "https://proxy:8443",
  tls: { rejectUnauthorized: false }
})
```

### Implementation

| File | Changes |
|------|---------|
| `WebSocketUpgradeClient.zig` | Proxy state machine and CONNECT
handling |
| `WebSocketProxyTunnel.zig` | **New** - TLS tunnel inside CONNECT for
wss:// through HTTP proxy |
| `JSWebSocket.cpp` | Parse proxy option and TLS options using
`SSLConfig.fromJS` |
| `WebSocket.cpp` | Pass proxy parameters to Zig, handle HTTPS proxy
socket selection |
| `bun.d.ts` | Add `proxy` and full TLS options to WebSocket types |

### Supported Scenarios

| Scenario | Status |
|----------|--------|
| ws:// through HTTP proxy |  Working |
| wss:// through HTTP proxy |  Working (TLS tunnel) |
| ws:// through HTTPS proxy |  Working (with `rejectUnauthorized:
false`) |
| wss:// through HTTPS proxy |  Working (with `rejectUnauthorized:
false`) |
| Proxy authentication (Basic) |  Working |
| Custom proxy headers |  Working |
| Custom CA for HTTPS proxy |   Working |

## Test plan

- [x] API tests verify proxy option is accepted in various formats
- [x] Functional tests with local HTTP CONNECT proxy server
- [x] Proxy authentication tests (Basic auth)
- [x] HTTPS proxy tests with `rejectUnauthorized: false`
- [x] Error handling tests (auth failures, wrong credentials)

Run tests: `bun test test/js/web/websocket/websocket-proxy.test.ts`

## Changelog

- Added `proxy` option to `WebSocket` constructor for HTTP/HTTPS proxy
support
- Added full TLS options (`ca`, `cert`, `key`, `passphrase`, etc.) to
`WebSocket` constructor

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-01-08 16:21:34 -08:00

236 lines
5.9 KiB
YAML
Raw Blame History

services:
# PostgreSQL Services
postgres_plain:
image: postgres:15
environment:
POSTGRES_HOST_AUTH_METHOD: trust
POSTGRES_USER: postgres
volumes:
- ./init-scripts/postgres:/docker-entrypoint-initdb.d:ro
ports:
- target: 5432
published: 0
protocol: tcp
tmpfs:
- /var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 1h # Effectively disable after startup
timeout: 5s
retries: 30
start_period: 5s
postgres_tls:
image: postgres:15
environment:
POSTGRES_HOST_AUTH_METHOD: trust
POSTGRES_USER: postgres
volumes:
- ./init-scripts/postgres:/docker-entrypoint-initdb.d:ro
- ../js/sql/docker-tls/server.crt:/etc/postgresql/ssl/server.crt:ro
- ../js/sql/docker-tls/server.key:/etc/postgresql/ssl/server.key:ro
ports:
- target: 5432
published: 0
protocol: tcp
command: >
postgres
-c ssl=on
-c ssl_cert_file=/etc/postgresql/ssl/server.crt
-c ssl_key_file=/etc/postgresql/ssl/server.key
-c max_prepared_transactions=1000
-c max_connections=2000
tmpfs:
- /var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 1h # Effectively disable after startup
timeout: 5s
retries: 30
start_period: 5s
postgres_auth:
image: postgres:15
environment:
POSTGRES_HOST_AUTH_METHOD: trust
POSTGRES_USER: postgres
volumes:
- ./init-scripts/postgres-auth:/docker-entrypoint-initdb.d:ro
- ./config/pg_hba_auth.conf:/etc/postgresql/pg_hba.conf:ro
ports:
- target: 5432
published: 0
protocol: tcp
command: >
postgres
-c hba_file=/etc/postgresql/pg_hba.conf
-c max_prepared_transactions=1000
-c max_connections=2000
tmpfs:
- /var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 1h # Effectively disable after startup
timeout: 5s
retries: 30
start_period: 5s
# MySQL Services
mysql_plain:
image: mysql:8.4
environment:
MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
MYSQL_DATABASE: bun_sql_test
ports:
- target: 3306
published: 0
protocol: tcp
tmpfs:
- /var/lib/mysql
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
interval: 1h # Effectively disable after startup
timeout: 5s
retries: 30
start_period: 10s
mysql_native_password:
image: mysql:8.0
environment:
MYSQL_ROOT_PASSWORD: bun
MYSQL_DATABASE: bun_sql_test
MYSQL_ROOT_HOST: "%"
command: --default-authentication-plugin=mysql_native_password
ports:
- target: 3306
published: 0
protocol: tcp
tmpfs:
- /var/lib/mysql
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-pbun"]
interval: 1h # Effectively disable after startup
timeout: 5s
retries: 30
start_period: 10s
mysql_tls:
build:
context: ../js/sql/mysql-tls
dockerfile: Dockerfile
args:
MYSQL_VERSION: 8.4
image: bun-mysql-tls:local
environment:
MYSQL_ROOT_PASSWORD: bun
MYSQL_DATABASE: bun_sql_test
ports:
- target: 3306
published: 0
protocol: tcp
tmpfs:
- /var/lib/mysql
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-pbun"]
interval: 1h # Effectively disable after startup
timeout: 5s
retries: 30
start_period: 10s
# Redis/Valkey Services
redis_plain:
image: redis:7-alpine
command: redis-server --bind 0.0.0.0 --protected-mode no
ports:
- target: 6379
published: 0
protocol: tcp
tmpfs:
- /data
redis_unified:
build:
context: ../js/valkey/docker-unified
dockerfile: Dockerfile
image: bun-redis-unified:local
ports:
- target: 6379
published: 0
protocol: tcp
name: tcp
- target: 6380
published: 0
protocol: tcp
name: tls
volumes:
- redis-unix:/tmp/redis
- redis-data:/data
# MinIO (S3) Service
minio:
image: minio/minio:latest
environment:
MINIO_ROOT_USER: minioadmin
MINIO_ROOT_PASSWORD: minioadmin
MINIO_DOMAIN: localhost
command: server /data --console-address :9001
ports:
- target: 9000
published: 0
protocol: tcp
name: api
- target: 9001
published: 0
protocol: tcp
name: console
tmpfs:
- /data
healthcheck:
test: ["CMD", "mc", "ready", "local"]
interval: 1h # Effectively disable after startup
timeout: 5s
retries: 30
start_period: 5s
# WebSocket Autobahn Test Suite
# NOTE: Autobahn requires port 9002 to match both internal and external ports
# because it validates the Host header against its configured listening port.
# Dynamic port mapping causes "port X does not match server listening port 9002" errors.
autobahn:
image: crossbario/autobahn-testsuite
volumes:
- ./config/fuzzingserver.json:/config/fuzzingserver.json:ro
command: wstest -m fuzzingserver -s /config/fuzzingserver.json
ports:
- target: 9002
published: 0 # Dynamic port
protocol: tcp
# Squid proxy for WebSocket proxy testing
squid:
image: ubuntu/squid:5.2-22.04_beta
volumes:
- ./config/squid.conf:/etc/squid/squid.conf:ro
ports:
- target: 3128
published: 0
protocol: tcp
# Use extra_hosts to allow connections back to host services via bridge network
extra_hosts:
- "host.docker.internal:host-gateway"
healthcheck:
test: ["CMD-SHELL", "pgrep squid > /dev/null"]
interval: 1h
timeout: 5s
retries: 30
start_period: 10s
volumes:
redis-unix:
redis-data:
driver: local
networks:
default:
driver: bridge
Reference in New Issue View Git Blame Copy Permalink