container: Implement setEgressHttp for containers #5985

gabivlj · 2026-01-28T19:22:36Z

Continuation of: #5939
The main implementation of container-client.c++ has been mostly navigated through Claude Opus 4.5.

We are implementing a HTTP CONNECT service in Workerd that intercepts all TCP traffic off the container thanks to https://hub.docker.com/r/cloudflare/proxy-everything.

We then check configured mappings of the container, if the targetted host exists in the mappings, we redirect to that subrequest channel. If not, we check if enabledInternet is set to true, which then we just connect directly to the internet. If set to false, we just close the connection.

images/container-client-test/app.js

src/workerd/server/server.c++

gabivlj · 2026-01-28T19:34:52Z

builds are failing because proxy-everything is not being pulled by default, I will check if we can pull it when we try to start it

codspeed-hq · 2026-01-28T19:39:51Z

Merging this PR will not alter performance

✅ 70 untouched benchmarks
⏩ 129 skipped benchmarks¹

_{Comparing gv/set-egress-binding-pr (1cad4a3) with main (fc6ae8f)}

129 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

codecov-commenter · 2026-01-28T19:50:48Z

Codecov Report

❌ Patch coverage is 2.75862% with 282 lines in your changes missing coverage. Please review.
✅ Project coverage is 69.99%. Comparing base (fc6ae8f) to head (1cad4a3).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
src/workerd/server/container-client.c++	0.00%	249 Missing ⚠️
src/workerd/api/container.c++	0.00%	22 Missing ⚠️
src/workerd/server/server.c++	42.10%	10 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5985      +/-   ##
==========================================
- Coverage   70.17%   69.99%   -0.18%     
==========================================
  Files         407      407              
  Lines      107238   107518     +280     
  Branches    17985    18025      +40     
==========================================
+ Hits        75251    75254       +3     
- Misses      21196    21472     +276     
- Partials    10791    10792       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

src/workerd/server/container-client.c++

src/workerd/api/container.c++

src/workerd/server/docker-api.capnp

src/workerd/server/tests/container-client/test.js

src/workerd/server/server.c++

src/workerd/server/container-client.c++

src/workerd/server/tests/container-client/test.js

src/workerd/server/container-client.c++

kentonv

I've only looked at the interfaces so far. Happy to trust Dan's review of implementation details.

src/workerd/io/container.capnp

src/workerd/server/workerd.capnp

…r interface Add new Cap'n Proto schema definitions for container egress routing: - setEgressTcp: configures TCP egress routing to Workers runtime - setEgressHttp: configures HTTP egress routing to Workers runtime Also add Docker API schema additions to support the networking features we will need to introduce proxy-everything.

Refactor BUILD.bazel to split channel-token.c++ and channel-token.h. This allows container-client to depend on channel-token.

Expose setEgressHttp() to JavaScript, allowing Workers to register WorkerEntrypoint bindings for container egress routing. The method is gated behind the workerdExperimental flag.

Implement the workerd handling for container egress HTTP routing: - EgressHttpService: HTTP service that handles CONNECT requests from proxy-everything (https://hub.docker.com/r/cloudflare/proxy-everything), it parses tunneled HTTP requests, and forwards them to the appropriate SubrequestChannel based on registered mappings - We need to do proxy-everything container management: we create and monitor a sidecar container (proxy-everything) that shares network namespace with the main container and intercepts outbound traffic via iptables/TPROXY. - Egress listener: HTTP server listening on the Docker bridge gateway that receives proxied requests from proxy-everything. - setEgressHttp RPC implementation that registers address to SubrequestChannel mappings. WebSocket is currently unimplemented. It's a TODO.

Add containerEgressInterceptorImage field to DockerConfiguration in workerd.capnp with default value 'cloudflare/proxy-everything:main' Pass ChannelTokenHandler and containerEgressInterceptorImage through WorkerService -> ActorNamespace -> ContainerClient chain Update ContainerClient instantiation to include the new parameters

Add a new /intercept HTTP endpoint to the test container that makes an outbound fetch request to a configurable host (via x-host header, defaults to 11.0.0.1). This enables testing of egress HTTP routing where container traffic is intercepted and routed back to Workers bindings.

Add test coverage for the setEgressHttp functionality. Also adds enable_ctx_exports compatibility flag to test config and updates TypeScript type definitions with setEgressHttp signature.

for tests in bazel

github-actions · 2026-02-03T01:05:25Z

The generated output of @cloudflare/workers-types has been changed by this PR. If this is intentional, run just generate-types to update the snapshot. Alternatively, you can download the full generated types:

Full Type Diff

diff -r types/generated-snapshot/experimental/index.d.ts bazel-bin/types/definitions/experimental/index.d.ts
3844c3844,3845
<   setEgressHttp(addr: string, binding: Fetcher): void;
---
>   interceptOutboundHttp(addr: string, binding: Fetcher): Promise<void>;
>   interceptAllOutboundHttp(binding: Fetcher): Promise<void>;
diff -r types/generated-snapshot/experimental/index.ts bazel-bin/types/definitions/experimental/index.ts
3853c3853,3854
<   setEgressHttp(addr: string, binding: Fetcher): void;
---
>   interceptOutboundHttp(addr: string, binding: Fetcher): Promise<void>;
>   interceptAllOutboundHttp(binding: Fetcher): Promise<void>;

github-advanced-security bot found potential problems Jan 28, 2026

View reviewed changes

images/container-client-test/app.js Dismissed Show dismissed Hide dismissed

gabivlj mentioned this pull request Jan 28, 2026

containers: Be able to send channel tokens to a container service #5939

Closed

gabivlj commented Jan 28, 2026

View reviewed changes

src/workerd/server/server.c++ Outdated Show resolved Hide resolved

gabivlj force-pushed the gv/set-egress-binding-pr branch from 2cf6f25 to 28029df Compare January 28, 2026 20:50

gabivlj marked this pull request as ready for review January 28, 2026 21:08

gabivlj requested review from a team as code owners January 28, 2026 21:08

gpanders reviewed Jan 28, 2026

View reviewed changes

src/workerd/server/container-client.c++ Outdated Show resolved Hide resolved

gabivlj force-pushed the gv/set-egress-binding-pr branch 3 times, most recently from 3cff408 to aae56c4 Compare January 28, 2026 22:53