feat: add host network support for V1 DockerSandboxService#12445
Merged
tofarr merged 13 commits intoOpenHands:mainfrom Jan 28, 2026
Merged
feat: add host network support for V1 DockerSandboxService#12445tofarr merged 13 commits intoOpenHands:mainfrom
tofarr merged 13 commits intoOpenHands:mainfrom
Conversation
- Add use_host_network field to DockerSandboxService and DockerSandboxServiceInjector - When enabled, containers use host network mode (network_mode='host') - Container ports are directly accessible on the host without port mapping - Update _container_to_sandbox_info to handle host network mode - Configurable via OH_SANDBOX_USE_HOST_NETWORK environment variable This allows reverse proxy setups (nginx/CloudFront) to work correctly with user-launched applications on any port, not just the 4 hardcoded ports. Fixes OpenHands#12403
- Fix port_mappings type by initializing as None and setting to {} only in bridge mode
- Rename exposed_port to matching_port in bridge mode to avoid variable shadowing
Contributor
Author
hieptl
reviewed
Jan 26, 2026
- Fix type inconsistency: convert host_port to int in bridge mode (line 174) - Add warning for port collision risk when use_host_network=True with max_num_sandboxes > 1 - Add logging when starting sandbox with host network mode
Contributor
Author
|
@hieptl just fixed the issues, can you please review it again? |
hieptl
reviewed
Jan 27, 2026
…path Address PR review comment: The Field description mentioned configuring via environment variable, but config.py didn't parse SANDBOX_USE_HOST_NETWORK in the legacy fallback path like other sandbox env vars.
…k default - Test warning log when use_host_network=True and max_num_sandboxes > 1 - Test no warning when max_num_sandboxes=1 - Test DockerSandboxServiceInjector use_host_network defaults to False - Test DockerSandboxServiceInjector use_host_network can be enabled
tofarr
reviewed
Jan 28, 2026
tofarr
requested changes
Jan 28, 2026
Collaborator
tofarr
left a comment
There was a problem hiding this comment.
Great work overall. My only suggestion is to keep the docker specific config inside the docker_sandbox_service.
Thank you for taking the time to fix this issue.
Move the SANDBOX_USE_HOST_NETWORK environment variable handling from config.py to the DockerSandboxServiceInjector field default, as suggested in PR review. This ensures the legacy env var fallback is handled at the field definition level.
Contributor
Author
|
@tofarr thanks for your feedback! please review the changes again |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary of PR
This PR adds host network support to V1's
DockerSandboxService, addressing the issue where user-launched applications on non-standard ports (e.g., Flask on port 5000) are inaccessible via reverse proxy setups.Changes:
use_host_networkfield toDockerSandboxServiceandDockerSandboxServiceInjectornetwork_mode='host')_container_to_sandbox_infoto handle host network mode properlyOH_SANDBOX_USE_HOST_NETWORKenvironment variableHow it works:
This allows reverse proxy setups (nginx/CloudFront) using patterns like
/runtime/{port}/→localhost:{port}to work correctly with any port, not just the 4 hardcoded ports (8000, 8001, 8011, 8012).Demo Screenshots/Videos
N/A - Backend infrastructure change, no UI changes.
Change Type
Checklist
Fixes
Resolves #12403
Release Notes
V1 DockerSandboxService now supports host networking mode via
OH_SANDBOX_USE_HOST_NETWORK=true. This enables reverse proxy setups to access user-launched applications on any port, not just the predefined worker ports.