Can the java High Level REST client use a socks5 proxy?

Jamshid · April 7, 2024, 2:43am

Can the (deprecated) java HLRC be made to use a socks5 proxy? I'm trying to make a java app talk to elasticsearch and other containers running in a private network via their internal, not published, ports. I'm running the ghcr.io/httptoolkit/docker-socks-tunnel image within the docker network and publishing its port.

My java app successfully makes all other connections, via http and even ldap, over socks5 simply by adding these properties on the java command line.
-DsocksProxyHost=127.0.0.1 -DsocksProxyPort=4208

I thought .useSystemProperties() would help but it does not. SDK initialization fails with:

Caused by: java.net.SocketException: Host is down
	at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method) ~[?:?]
	at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:777) ~[?:?]
	at org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor.processEvent(DefaultConnectingIOReactor.java:174) ~[httpcore-nio-4.4.12.jar:4.4.12]

RestClientBuilder builder = RestClient.builder(esHostArray).setRequestConfigCallback(
        new RestClientBuilder.RequestConfigCallback() {
            @Override
            public RequestConfig.Builder customizeRequestConfig(
                    RequestConfig.Builder requestConfigBuilder) {
                if(indexerConnectTimeout >= 0) {
                    requestConfigBuilder.setConnectTimeout(30*1000);
                }
                if(indexerSocketTimeout >= 0) {
                    requestConfigBuilder.setSocketTimeout(120 * 1000);
                }
                return requestConfigBuilder;
            }
        });
// from https://github.com/elastic/elasticsearch/issues/65213
logger.info("Configuring elasticsearch SDK to use TCP keep alives. Be sure sysctl net.ipv4.tcp_keepalive_time has been lowered to 300.");
builder.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
        // optionally perform some other configuration of httpClientBuilder here if needed
        .setDefaultIOReactorConfig(IOReactorConfig.custom()
                // optionally perform some other configuration of IOReactorConfig here if needed
                .setSoKeepAlive(true)
                .build())
        // This does NOT allow -DsocksProxyHost=127.0.0.1 -DsocksProxyPort=4208 to work even all the other connections this 
        // java app makes, to http and even ldap servers, go through the specified socks proxy.
        .useSystemProperties()
        // Also tried this but I don't think it works for socks5 proxies.
        //.setProxy(new HttpHost("127.0.0.1", 4288, "http"))
);
this.lowLevelClient = builder.build();
this.client = new RestHighLevelClientBuilder(this.lowLevelClient)
                .setApiCompatibilityMode(this.getVersion().after(Version.V_7_11_0)) // ES 7.5 requires false
                .build();

PS: I think my question is the same one this person had:
How to set a socks5 proxy for ElasticsearchTemplate (Java Client) - Elastic Stack / Elasticsearch - Discuss the Elastic Stack

DavidTurner · April 7, 2024, 10:48am

It's not something we test or support AFAIK. That said, I believe this should be possible using org.elasticsearch.client.RestClientBuilder#setHttpClientConfigCallback, within which you can call org.apache.http.impl.nio.client.HttpAsyncClientBuilder#setConnectionManager, passing in a connection manager that knows how to set up connections via a SOCKS5 proxy. I don't have any detailed instructions for how to create such a connection manager tho, if it's not clear to you then I suggest you ask for help from the Apache HTTP client folks (i.e. not in this forum).