Allow setting proxy variables via global / user configuration #16918
Conversation
|
For reference on this one, see #9461 (comment) which I believe will need to be addressed first before we can commit to a design for this issue. |
|
I think |
|
Would that work for your use-case? |
Yup this still works for my use case! |
I'll fix this up to do that! Will ping when it's ready! |
|
Okay should be updated now errors should look like: 
Also added a test case to validate this in show_settings.rs |
333c2f1 to
0daef69
Compare
|
Rebased this to fix the merge conflicts! |
crates/uv-client/src/base_client.rs
Outdated
| } | ||
|
|
||
| if let Some(http_proxy) = &self.http_proxy { | ||
| let mut proxy = Proxy::http(http_proxy).expect("Invalid HTTP proxy URL"); |
There was a problem hiding this comment.
We can't panic on user-facing input here. We should validate these values much earlier and raise errors instead.
There was a problem hiding this comment.
Okay! Added a ProxyUrl type to handle this, this should surface errors a lot better.
Errors (from user POV) should look like:
invalid proxy URL scheme `ftp` in `ftp://proxy.example.com`: expected http, https, socks5, or socks5h
invalid proxy URL: relative URL without a base
docs/reference/settings.md
Outdated
| === "pyproject.toml" | ||
|
|
||
| ```toml | ||
| [tool.uv] | ||
| http-proxy = "http://proxy.example.com" | ||
| ``` |
There was a problem hiding this comment.
It seems problematic to show these pyproject.toml examples in the settings reference if we're not going to allow it, we might need to invest in infrastructure to omit that before this can land.
| http_proxy, | ||
| https_proxy, | ||
| no_proxy, |
There was a problem hiding this comment.
I started looking at this and I feel like we might need a validate_pyproject_toml function like validate_uv_toml? We won't hard deny any of these options in the pyproject.toml toda.
I'm surprised that we allow allow_insecure_host in the pyproject.toml today, which might mean my and @samypr100's points aren't really in scope for this work.
There was a problem hiding this comment.
There was a problem hiding this comment.
I think my understanding of what we weren't allowing today is wrong and it probably doesn't make sense to block this on fixing that.
There was a problem hiding this comment.
I'm surprised that we allow allow_insecure_host in the pyproject.toml today
Gasp 😓
There was a problem hiding this comment.
It's fine, I added a utility that should be able to allow us to do this, I can also submit a follow-up PR to not include the other ones (like insecure_host) as well if we want.
d2bc450 to
aa29a79
Compare
crates/uv-client/src/base_client.rs
Outdated
| let mut proxy = Proxy::http(http_proxy.as_str()) | ||
| .expect("pre-validated HTTP proxy URL should be valid"); |
There was a problem hiding this comment.
Can you explain why we're not using the Proxy type directly for validation? Why do we add a wrapper type?
There was a problem hiding this comment.
The wrapper type includes a Deserialize implementation which reqwest::Proxy does not, as well the error messaging is a bit more informative than the generic error building client: builder error you might get from reqwest.
Happy to rework this though if we feel like it's overkill.
There was a problem hiding this comment.
Why does it wrap Url instead of Proxy?
I'm just trying to understand the pattern here as something feels a bit off.
There was a problem hiding this comment.
I think it mostly comes down to Proxy being a suitable type for the runtime http client while being an unsuitable type for expressing user configuration.
I think in general what we're expressing with http_proxy and https_proxy are URLs that have routing rules expressed through their variable names.
We also get the benefits of inheriting some of the things from Url like PartialEq, Serialize, etc. which Proxy doesn't have.
There was a problem hiding this comment.
I do think that perhaps this would be something that should be upstreamed to reqwest since it might also be generally useful for other people too.
|
I'm out sick today but my next step is to futz with this locally and propose some tweaks based on that. |
Sounds good! I hope you feel better! |
This allows users to set the HTTP, HTTPS, and no proxy variables via the configuration files like uv.toml. This adds ProxyUrl type to surface errors earlier to users for invalid ProxyUrls. Also adds a uv_toml_only variable that allows us to specify specific options that are only intended for the uv.toml file and disinclude them from the generated docs for pyproject.toml examples. It also adds a new integration test for the proxy support in `uv-client`. Signed-off-by: Eli Uriegas <eliuriegas@meta.com>
aa29a79 to
46b0c96
Compare
|
Alright sorry for the delay from the holiday time off :) I've pushed a commit that does a few things
and I've resolved the conflict with Please give it a look over and let me know if you have any questions or concerns. |
LGTM! |
|
This is live in v0.9.23. |
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.9.22` → `0.9.24` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>astral-sh/uv (astral-sh/uv)</summary> ### [`v0.9.24`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0924) [Compare Source](astral-sh/uv@0.9.23...0.9.24) Released on 2026-01-09. ##### Bug fixes - Fix handling of `UV_NO_SYNC=1 uv run ...` ([#​17391](astral-sh/uv#17391)) - Rebuild dynamic distribution when version changes with `--no-cache` ([#​17387](astral-sh/uv#17387)) ##### Documentation - Add Rust language classifier ([#​17389](astral-sh/uv#17389)) ### [`v0.9.23`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0923) [Compare Source](astral-sh/uv@0.9.22...0.9.23) Released on 2026-01-09. ##### Enhancements - Only write portable paths in `RECORD` files ([#​17339](astral-sh/uv#17339)) - Support relative paths in `UV_PYTHON_BIN_DIR` and `UV_TOOL_BIN_DIR` ([#​17367](astral-sh/uv#17367)) ##### Preview features - Enable uploads to S3 via pre-signed URLs ([#​17349](astral-sh/uv#17349)) ##### Configuration - Allow setting proxy variables via global / user configuration ([#​16918](astral-sh/uv#16918)) - Manually parse and reconcile Boolean environment variables ([#​17321](astral-sh/uv#17321)) ##### Bug fixes - Avoid broken build artifacts on build failure ([#​17276](astral-sh/uv#17276)) - Fix missing dependencies on synthetic root in SBOM export ([#​17363](astral-sh/uv#17363)) - Recognize `armv8l` as an alias for `armv7l` in platform tag parsing ([#​17384](astral-sh/uv#17384)) - Fix redaction of a URL in a middleware trace log ([#​17346](astral-sh/uv#17346)) ##### Documentation - Add `index.md` suggestion to `llms.txt` ([#​17362](astral-sh/uv#17362)) - Clarify that `uv run` uses inexact syncing by default ([#​17366](astral-sh/uv#17366)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NS4xIiwidXBkYXRlZEluVmVyIjoiNDIuNzUuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6OnBhdGNoIl19-->
Following astral-sh#16918, mark additional system-level settings as `uv_toml_only` so they don't appear in the `pyproject.toml` documentation examples: - `native-tls`: System-level TLS configuration that depends on the OS certificate store - `cache-dir`: Machine-specific filesystem paths - `python-install-mirror`: Organization-specific mirror URLs - `pypy-install-mirror`: Organization-specific mirror URLs - `python-downloads-json-url`: Organization-specific URLs These settings are machine/user/organization-specific and shouldn't be committed to VCS via `pyproject.toml`.
…ngs (#17462) Following #16918, mark additional system-level settings as `uv_toml_only` so they don't appear in the `pyproject.toml` documentation examples: - `native-tls` - `cache-dir` - `python-install-mirror` - `pypy-install-mirror` - `python-downloads-json-url` Eventually, we'll want to ban these in the `pyproject.toml` without some opt-in. Co-authored-by: Claude <noreply@anthropic.com>
Summary
This allows users to set the HTTP, HTTPS, and no proxy variables via the configuration files like
pyproject.tomland uv.toml.Users can set like so:
uv.tomlResolves #9472
Test Plan
It also adds a new integration test for the proxy support in
uv-client.This was tested on some of our developer machines with our proxy setup using
~/.config/uv/uv.tomlwith values like: