zed icon indicating copy to clipboard operation
zed copied to clipboard
verified publisher icon zed-industries

Can't sign in behind the HTTP(S) proxy

Open mlesin opened this issue 10 months ago • 10 comments

Summary

Sign in doesn't work behind the proxy server

Steps to trigger the problem:

  1. Running zed with the following command: RUST_LOG="debug" zed --foreground
  2. Press Sign in
  3. In browser, I have "Authentication Successful" message

Actual Behavior:

After a few seconds, error appears in zed, saying "Network is unreachable" Image

Logs in terminal

[2025-03-06T14:27:32+03:00 INFO client] set status on client 0: Authenticating [2025-03-06T14:27:32+03:00 INFO zbus::connection::handshake::client] perform; [2025-03-06T14:27:32+03:00 INFO zbus::connection::handshake::client] authenticate; [2025-03-06T14:27:32+03:00 INFO zbus::connection::handshake::common] write_command; command=Auth(Some(External), Some([49, 48, 48, 48, 48])) [2025-03-06T14:27:32+03:00 INFO zbus::connection::handshake::common] write_commands; commands=[Auth(Some(External), Some([49, 48, 48, 48, 48]))] extra_bytes=None [2025-03-06T14:27:32+03:00 INFO zbus::connection::handshake::common] read_command; [2025-03-06T14:27:32+03:00 INFO zbus::connection::handshake::common] read_commands; n_commands=1 [2025-03-06T14:27:32+03:00 INFO zbus::connection::handshake::client] send_secondary_commands; [2025-03-06T14:27:32+03:00 INFO zbus::connection::handshake::common] write_commands; commands=[NegotiateUnixFD, Begin] extra_bytes=Some([108, 1, 0, 1, 0, 0, 0, 0, 50, 0, 0, 0, 109, 0, 0, 0, 1, 1, 111, 0, 21, 0, 0, 0, 47, 111, 114, 103, 47, 102, 114, 101, 101, 100, 101, 115, 107, 116, 111, 112, 47, 68, 66, 117, 115, 0, 0, 0, 2, 1, 115, 0, 20, 0, 0, 0, 111, 114, 103, 46, 102, 114, 101, 101, 100, 101, 115, 107, 116, 111, 112, 46, 68, 66, 117, 115, 0, 0, 0, 0, 3, 1, 115, 0, 5, 0, 0, 0, 72, 101, 108, 108, 111, 0, 0, 0, 6, 1, 115, 0, 20, 0, 0, 0, 111, 114, 103, 46, 102, 114, 101, 101, 100, 101, 115, 107, 116, 111, 112, 46, 68, 66, 117, 115, 0, 0, 0, 0]) [2025-03-06T14:27:32+03:00 INFO zbus::connection::handshake::client] receive_secondary_responses; expected_n_responses=1 [2025-03-06T14:27:32+03:00 INFO zbus::connection::handshake::common] read_commands; n_commands=1 [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] socket reader; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 DEBUG tiny_http] Server listening on 127.0.0.1:46213 [2025-03-06T14:27:32+03:00 INFO zbus::proxy] new; [2025-03-06T14:27:32+03:00 INFO zbus::proxy] {}; task_name="org.freedesktop.portal.OpenURI proxy caching" [2025-03-06T14:27:32+03:00 DEBUG tiny_http] Running accept thread [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::proxy] keep_updated; [2025-03-06T14:27:32+03:00 INFO zbus::proxy] new; [2025-03-06T14:27:32+03:00 INFO zbus::proxy] {}; task_name="org.freedesktop.portal.Request proxy caching" [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:32+03:00 INFO zbus::connection::socket_reader] read_socket; [2025-03-06T14:27:35+03:00 DEBUG tiny_http] Terminating accept thread [2025-03-06T14:27:35+03:00 INFO gpui::platform::linux::platform] activate is not implemented on Linux, ignoring the call [2025-03-06T14:27:35+03:00 INFO client] set status on client 308328: Connecting [2025-03-06T14:27:35+03:00 DEBUG hyper_util::client::legacy::pool] reuse idle connection for ("https", zed.dev) [2025-03-06T14:27:35+03:00 DEBUG hyper_util::client::legacy::pool] pooling idle connection for ("https", zed.dev) [2025-03-06T14:27:35+03:00 DEBUG reqwest::async_impl::client] redirect policy disallowed redirection to 'https://collab.zed.dev/rpc' [2025-03-06T14:27:35+03:00 INFO client] set status on client 308328: ConnectionError [2025-03-06T14:27:35+03:00 ERROR workspace::notifications] Network is unreachable (os error 101)

Caused by: Network is unreachable (os error 101)

Expected Behavior:

Successful sign in

I have the following environment in shell before running zed:

> env | grep -i proxy
no_proxy=localhost,127.0.0.1/8,10.0.0.0/8,172.16.0.0/12
https_proxy=http://127.0.0.1:1080
http_proxy=http://127.0.0.1:1080

What is interesting, other network related operations are working inside zed with this configuration, for example, I can browse and install extensions without any problem

Zed Version and System Specs

Zed: v0.176.2 (Zed) OS: Linux X11 ubuntu 24.04 Memory: 125.6 GiB Architecture: x86_64 GPU: NVIDIA GeForce RTX 3080 Ti || NVIDIA || 550.120

mlesin avatar Mar 06 '25 11:03 mlesin

Finally I figured out cause of that behavior. I'm using http proxy, as it seen from "http://" prefix in my variables. After debugging what is happening in zed, during sign in process, it seems it only handles the cases for socks4 and socks5 protocols, ignoring http. (crates/client/src/socks.rs) It starts to connect with regular tcp, completely ignoring my proxy as a result, and of course, it fails.

Is there a way to add http proxy support for signing in procedure?

mlesin avatar Mar 06 '25 13:03 mlesin

Are there any restrictions that require the proxy to be a socks type in order to sign in?

mlesin avatar Mar 14 '25 06:03 mlesin

The proxy code has to do some weird things. I'll leave it at that :). Suffice it to say I'm not surprised there are bugs in it. Thanks for reporting! Good opportunity to clean things up a bit

probably-neb avatar Mar 25 '25 04:03 probably-neb

Do you have access to a SOCKS_PROXY you could try or do you only have an HTTPS_PROXY?

Note, we don't yet support no_proxy:

  • https://github.com/zed-industries/zed/issues/22991

notpeter avatar Apr 23 '25 22:04 notpeter

Do you have access to a SOCKS_PROXY you could try or do you only have an HTTPS_PROXY?

I confirm that the socks proxy works, but it's just a coincidence that I have access to it. I think there are a lot of people in companies sitting behind proxies without a way to choose their type.

Note, we don't yet support no_proxy:

This is also sad, because it stops using local ollama for those who use proxy, but that's another story for another issue.

mlesin avatar Apr 24 '25 07:04 mlesin

I believe I'm also having a similar issue. I'm also behind a corporate proxy. From the logs it looks like I'm able to login but maybe unable to connect to collab.zed.dev. I'd be fine without the collaboration features but I would love to be able to use the beta programs that I'm signed up for on my work machine.

2025-05-02T12:54:48-07:00 INFO  [client] set status on client 0: Authenticating
2025-05-02T12:54:48-07:00 DEBUG [project::environment] using project environment variables from CLI
2025-05-02T12:54:48-07:00 DEBUG [tiny_http] Server listening on 127.0.0.1:53185
2025-05-02T12:54:48-07:00 DEBUG [tiny_http] Running accept thread
2025-05-02T12:54:48-07:00 DEBUG [project::environment] using project environment variables from CLI
... more environment variables messages...
2025-05-02T12:54:52-07:00 DEBUG [tiny_http] Terminating accept thread
2025-05-02T12:54:52-07:00 INFO  [client] set status on client 298153: Connecting
2025-05-02T12:54:52-07:00 DEBUG [*unknown*] reuse idle connection for ("https", zed.dev)
2025-05-02T12:54:52-07:00 DEBUG [project::environment] using project environment variables from CLI
... more environment variables messages...
2025-05-02T12:54:52-07:00 DEBUG [*unknown*] pooling idle connection for ("https", zed.dev)
2025-05-02T12:54:52-07:00 DEBUG [reqwest::async_impl::client] redirect policy disallowed redirection to 'https://collab.zed.dev/rpc'
2025-05-02T12:54:52-07:00 DEBUG [project::environment] using project environment variables from CLI
2025-05-02T12:54:52-07:00 INFO  [client] connected to rpc endpoint https://collab.zed.dev/rpc
2025-05-02T12:54:52-07:00 DEBUG [rustls::client::hs] No cached session for DnsName("collab.zed.dev")
2025-05-02T12:54:52-07:00 DEBUG [rustls::client::hs] Not resuming any session
2025-05-02T12:54:53-07:00 DEBUG [project::environment] using project environment variables from CLI
... more environment variables messages...
2025-05-02T12:54:53-07:00 DEBUG [rustls::client::hs] Using ciphersuite TLS13_AES_256_GCM_SHA384
2025-05-02T12:54:53-07:00 DEBUG [rustls::client::tls13] Not resuming
2025-05-02T12:54:53-07:00 DEBUG [rustls::client::tls13] TLS1.3 encrypted extensions: []
2025-05-02T12:54:53-07:00 DEBUG [rustls::client::hs] ALPN protocol is None
2025-05-02T12:54:53-07:00 INFO  [client] set status on client 298153: ConnectionError
2025-05-02T12:54:53-07:00 ERROR [workspace::notifications] HTTP error: 403 Forbidden

Caused by:
    HTTP error: 403 Forbidden

bloveless avatar May 02 '25 19:05 bloveless

collab.zed.dev is what handles the login and hands out feature flags as required. If you can't reach collab.zed.dev you'll have to wait until the Agent launches (this wednesday) and use your own keys (since using LLMs via Zed.ai requires login to work).

I think what may be happening here is that your HTTPS proxy does not support websockets. Upon initial connection, my understanding is we upgrade the session to a websocket to support long-polling, bi-directional push, etc. Do you happen to know if your proxy allows websockets?

Can you try with something like:

  • https://ws-playground.netlify.app/

To see if websockets work elsewhere behind your proxy. Image

notpeter avatar May 05 '25 17:05 notpeter

Websockets seem to be working fine in my situation.

Image Image

Although this is interesting. I know that my proxy works differently in the browser than it does in the terminal. If I run an example from using websockets from a cli then I get the same 403.

➜ npm install -g wscat

added 9 packages in 3s
npm notice
npm notice New major version of npm available! 10.9.2 -> 11.3.0
npm notice Changelog: https://github.com/npm/cli/releases/tag/v11.3.0
npm notice To update run: npm install -g [email protected]
npm notice

➜ wscat -c wss://ws.ifelse.io
error: Unexpected server response: 403
> ⏎

bloveless avatar May 05 '25 20:05 bloveless

We also have an user who's seeing Parsing proxy url failed in their logs while trying to use a proxy with the following url (contents redacted): http://my.proxy.zed.com:8888. @probably-neb I'd love to pair on it this week, if you have the time.

osiewicz avatar May 27 '25 09:05 osiewicz

This issue should have been fixed by #31002. The fix is already included in the preview version, and it’ll be part of the stable release in v0.187.9.

JunkuiZhang avatar May 27 '25 09:05 JunkuiZhang