feat: add proxy configuration support for STDIO servers on Linux and macOS (#537)

2026-01-08 15:48:14 -05:00 · 2026-01-01 12:45:50 +08:00
parent 8ae542bdab
commit 7f2fca9636
7 changed files with 318 additions and 4 deletions
--- a/src/dao/ServerDaoDbImpl.ts
+++ b/src/dao/ServerDaoDbImpl.ts
@@ -38,6 +38,7 @@ export class ServerDaoDbImpl implements ServerDao {
      prompts: entity.prompts,
      options: entity.options,
      oauth: entity.oauth,
+      proxy: entity.proxy,
      openapi: entity.openapi,
    });
    return this.mapToServerConfig(server);
@@ -62,6 +63,7 @@ export class ServerDaoDbImpl implements ServerDao {
      prompts: entity.prompts,
      options: entity.options,
      oauth: entity.oauth,
+      proxy: entity.proxy,
      openapi: entity.openapi,
    });
    return server ? this.mapToServerConfig(server) : null;
@@ -140,6 +142,7 @@ export class ServerDaoDbImpl implements ServerDao {
    prompts?: Record<string, { enabled: boolean; description?: string }>;
    options?: Record<string, any>;
    oauth?: Record<string, any>;
+    proxy?: Record<string, any>;
    openapi?: Record<string, any>;
  }): ServerConfigWithName {
    return {
@@ -158,6 +161,7 @@ export class ServerDaoDbImpl implements ServerDao {
      prompts: server.prompts,
      options: server.options,
      oauth: server.oauth,
+      proxy: server.proxy,
      openapi: server.openapi,
    };
  }
--- a/src/db/entities/Server.ts
+++ b/src/db/entities/Server.ts
@@ -59,6 +59,9 @@ export class Server {
  @Column({ type: 'simple-json', nullable: true })
  oauth?: Record<string, any>;

+  @Column({ type: 'simple-json', nullable: true })
+  proxy?: Record<string, any>;
+
  @Column({ type: 'simple-json', nullable: true })
  openapi?: Record<string, any>;

--- a/src/services/mcpService.ts
+++ b/src/services/mcpService.ts
@@ -1,4 +1,6 @@
 import os from 'os';
+import path from 'path';
+import fs from 'fs';
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import {
  CallToolRequestSchema,
@@ -15,7 +17,7 @@ import {
  StreamableHTTPClientTransportOptions,
 } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
 import { createFetchWithProxy, getProxyConfigFromEnv } from './proxy.js';
-import { ServerInfo, ServerConfig, Tool } from '../types/index.js';
+import { ServerInfo, ServerConfig, Tool, ProxychainsConfig } from '../types/index.js';
 import { expandEnvVars, replaceEnvVars, getNameSeparator } from '../config/index.js';
 import config from '../config/index.js';
 import { getGroup } from './sseService.js';
@@ -32,6 +34,150 @@ const servers: { [sessionId: string]: Server } = {};

 import { setupClientKeepAlive } from './keepAliveService.js';

+/**
+ * Check if proxychains4 is available on the system (Linux/macOS only).
+ * Returns the path to proxychains4 if found, null otherwise.
+ */
+const findProxychains4 = (): string | null => {
+  // Windows is not supported
+  if (process.platform === 'win32') {
+    return null;
+  }
+
+  // Common proxychains4 binary paths
+  const possiblePaths = [
+    '/usr/bin/proxychains4',
+    '/usr/local/bin/proxychains4',
+    '/opt/homebrew/bin/proxychains4', // macOS Homebrew ARM
+    '/usr/local/Cellar/proxychains-ng/*/bin/proxychains4', // macOS Homebrew Intel
+  ];
+
+  for (const p of possiblePaths) {
+    if (fs.existsSync(p)) {
+      return p;
+    }
+  }
+
+  // Try to find in PATH
+  const pathEnv = process.env.PATH || '';
+  const pathDirs = pathEnv.split(path.delimiter);
+  for (const dir of pathDirs) {
+    const fullPath = path.join(dir, 'proxychains4');
+    if (fs.existsSync(fullPath)) {
+      return fullPath;
+    }
+  }
+
+  return null;
+};
+
+/**
+ * Generate a temporary proxychains4 configuration file.
+ * Returns the path to the generated config file.
+ */
+const generateProxychainsConfig = (
+  serverName: string,
+  proxyConfig: ProxychainsConfig,
+): string | null => {
+  // If a custom config path is provided, use it directly
+  if (proxyConfig.configPath) {
+    if (fs.existsSync(proxyConfig.configPath)) {
+      return proxyConfig.configPath;
+    }
+    console.warn(
+      `[${serverName}] Custom proxychains config not found: ${proxyConfig.configPath}`,
+    );
+    return null;
+  }
+
+  // Validate required fields
+  if (!proxyConfig.host || !proxyConfig.port) {
+    console.warn(`[${serverName}] Proxy host and port are required for proxychains4`);
+    return null;
+  }
+
+  const proxyType = proxyConfig.type || 'socks5';
+  const proxyLine = proxyConfig.username && proxyConfig.password
+    ? `${proxyType} ${proxyConfig.host} ${proxyConfig.port} ${proxyConfig.username} ${proxyConfig.password}`
+    : `${proxyType} ${proxyConfig.host} ${proxyConfig.port}`;
+
+  const configContent = `# Proxychains4 configuration for MCP server: ${serverName}
+# Generated by MCPHub
+
+strict_chain
+proxy_dns
+remote_dns_subnet 224
+tcp_read_time_out 15000
+tcp_connect_time_out 8000
+
+[ProxyList]
+${proxyLine}
+`;
+
+  // Create temp directory if needed
+  const tempDir = path.join(os.tmpdir(), 'mcphub-proxychains');
+  if (!fs.existsSync(tempDir)) {
+    fs.mkdirSync(tempDir, { recursive: true });
+  }
+
+  // Write config file
+  const configPath = path.join(tempDir, `${serverName.replace(/[^a-zA-Z0-9-_]/g, '_')}.conf`);
+  fs.writeFileSync(configPath, configContent, 'utf-8');
+  console.log(`[${serverName}] Generated proxychains4 config: ${configPath}`);
+
+  return configPath;
+};
+
+/**
+ * Wrap a command with proxychains4 if proxy is configured and available.
+ * Returns modified command and args if proxychains4 is used, original values otherwise.
+ */
+const wrapWithProxychains = (
+  serverName: string,
+  command: string,
+  args: string[],
+  proxyConfig?: ProxychainsConfig,
+): { command: string; args: string[] } => {
+  // Skip if proxy is not enabled or not configured
+  if (!proxyConfig?.enabled) {
+    return { command, args };
+  }
+
+  // Check platform - Windows is not supported
+  if (process.platform === 'win32') {
+    console.warn(
+      `[${serverName}] proxychains4 proxy is not supported on Windows, ignoring proxy configuration`,
+    );
+    return { command, args };
+  }
+
+  // Find proxychains4 binary
+  const proxychains4Path = findProxychains4();
+  if (!proxychains4Path) {
+    console.warn(
+      `[${serverName}] proxychains4 not found on system, install it with: apt install proxychains4 (Debian/Ubuntu) or brew install proxychains-ng (macOS)`,
+    );
+    return { command, args };
+  }
+
+  // Generate or get config file
+  const configPath = generateProxychainsConfig(serverName, proxyConfig);
+  if (!configPath) {
+    console.warn(`[${serverName}] Failed to setup proxychains4 configuration, skipping proxy`);
+    return { command, args };
+  }
+
+  // Wrap command with proxychains4
+  console.log(
+    `[${serverName}] Using proxychains4 proxy: ${proxyConfig.type || 'socks5'}://${proxyConfig.host}:${proxyConfig.port}`,
+  );
+
+  return {
+    command: proxychains4Path,
+    args: ['-f', configPath, command, ...args],
+  };
+};
+
 export const initUpstreamServers = async (): Promise<void> => {
  // Initialize OAuth clients for servers with dynamic registration
  await initializeAllOAuthClients();
@@ -209,11 +355,19 @@ export const createTransportFromConfig = async (name: string, conf: ServerConfig
      env['npm_config_registry'] = systemConfig.install.npmRegistry;
    }

-    // Expand environment variables in command
+    // Apply proxychains4 wrapper if proxy is configured (Linux/macOS only)
+    const { command: finalCommand, args: finalArgs } = wrapWithProxychains(
+      name,
+      conf.command,
+      replaceEnvVars(conf.args) as string[],
+      conf.proxy,
+    );
+
+    // Create STDIO transport with potentially wrapped command
    transport = new StdioClientTransport({
      cwd: os.homedir(),
-      command: conf.command,
-      args: replaceEnvVars(conf.args) as string[],
+      command: finalCommand,
+      args: finalArgs,
      env: env,
      stderr: 'pipe',
    });
--- a/src/types/index.ts
+++ b/src/types/index.ts
@@ -270,6 +270,17 @@ export interface McpSettings {
  bearerKeys?: BearerKey[]; // Bearer authentication keys (multi-key configuration)
 }

+// Proxychains4 configuration for STDIO servers (Linux/macOS only)
+export interface ProxychainsConfig {
+  enabled?: boolean; // Enable/disable proxychains4 proxy routing
+  type?: 'socks4' | 'socks5' | 'http'; // Proxy protocol type
+  host?: string; // Proxy server hostname or IP address
+  port?: number; // Proxy server port
+  username?: string; // Proxy authentication username (optional)
+  password?: string; // Proxy authentication password (optional)
+  configPath?: string; // Path to custom proxychains4 configuration file (optional, overrides above settings)
+}
+
 // Configuration details for an individual server
 export interface ServerConfig {
  type?: 'stdio' | 'sse' | 'streamable-http' | 'openapi'; // Type of server
@@ -285,6 +296,8 @@ export interface ServerConfig {
  tools?: Record<string, { enabled: boolean; description?: string }>; // Tool-specific configurations with enable/disable state and custom descriptions
  prompts?: Record<string, { enabled: boolean; description?: string }>; // Prompt-specific configurations with enable/disable state and custom descriptions
  options?: Partial<Pick<RequestOptions, 'timeout' | 'resetTimeoutOnProgress' | 'maxTotalTimeout'>>; // MCP request options configuration
+  // Proxychains4 proxy configuration for STDIO servers (Linux/macOS only, Windows not supported)
+  proxy?: ProxychainsConfig;
  // OAuth authentication for upstream MCP servers
  oauth?: {
    // Static client configuration (traditional OAuth flow)