From 70313b7f00406f0dfecad7c138e90d3aa0c724ff Mon Sep 17 00:00:00 2001 From: snomiao Date: Fri, 27 Mar 2026 08:51:00 +0900 Subject: [PATCH 1/4] feat: add HTTP/HTTPS proxy configuration via CLI args and settings Add --http-proxy, --https-proxy, and --no-proxy CLI arguments that set the standard HTTP_PROXY/HTTPS_PROXY/NO_PROXY environment variables early in startup, before any heavy imports. This ensures all outbound traffic (aiohttp, requests, urllib, subprocesses) is routed through the proxy. Also reads proxy settings from comfy.settings.json as fallback when CLI args are not provided, enabling the frontend settings UI to configure proxy without requiring command-line usage. Ref: Comfy-Org/desktop#1105 --- comfy/cli_args.py | 7 +++++++ main.py | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) diff --git a/comfy/cli_args.py b/comfy/cli_args.py index 13612175e..4f2483c24 100644 --- a/comfy/cli_args.py +++ b/comfy/cli_args.py @@ -231,6 +231,13 @@ parser.add_argument( help="Set the base URL for the ComfyUI API. (default: https://api.comfy.org)", ) +parser.add_argument("--http-proxy", type=str, default=None, metavar="URL", + help="HTTP/HTTPS proxy URL (e.g. http://127.0.0.1:7890). Sets HTTP_PROXY and HTTPS_PROXY environment variables so all outbound traffic is routed through the proxy.") +parser.add_argument("--https-proxy", type=str, default=None, metavar="URL", + help="HTTPS proxy URL. If not set, --http-proxy is used for both HTTP and HTTPS traffic.") +parser.add_argument("--no-proxy", type=str, default=None, metavar="HOSTS", + help="Comma-separated list of hosts that should bypass the proxy (e.g. localhost,127.0.0.1,*.local).") + database_default_path = os.path.abspath( os.path.join(os.path.dirname(__file__), "..", "user", "comfyui.db") ) diff --git a/main.py b/main.py index 058e8e2de..740ace82b 100644 --- a/main.py +++ b/main.py @@ -22,11 +22,58 @@ from comfy_execution.utils import get_executing_context from comfy_api import feature_flags from app.database.db import init_db, dependencies_available +def _apply_proxy_env_vars(): + """Set proxy environment variables early so all HTTP libraries (aiohttp, requests, + urllib) and subprocesses (git, pip) automatically route through the proxy. + + Priority: CLI args > settings file > existing environment variables. + """ + import json as _json + + http_proxy = args.http_proxy + https_proxy = args.https_proxy + no_proxy = args.no_proxy + + # Fall back to settings file if CLI args are not provided. + if not http_proxy and not https_proxy: + user_dir = args.user_directory or os.path.join( + args.base_directory or os.path.dirname(os.path.realpath(__file__)), "user" + ) + settings_path = os.path.join(user_dir, "default", "comfy.settings.json") + if os.path.isfile(settings_path): + try: + with open(settings_path, "r") as f: + settings = _json.load(f) + http_proxy = http_proxy or settings.get("Comfy.Network.Proxy.HttpUrl") or "" + https_proxy = https_proxy or settings.get("Comfy.Network.Proxy.HttpsUrl") or "" + no_proxy = no_proxy or settings.get("Comfy.Network.Proxy.NoProxy") or "" + except Exception: + pass + + if http_proxy: + os.environ.setdefault('HTTP_PROXY', http_proxy) + os.environ.setdefault('http_proxy', http_proxy) + # Use http_proxy for HTTPS too unless https_proxy is explicitly set + if not https_proxy: + os.environ.setdefault('HTTPS_PROXY', http_proxy) + os.environ.setdefault('https_proxy', http_proxy) + logging.info("HTTP proxy configured: %s", http_proxy) + if https_proxy: + os.environ.setdefault('HTTPS_PROXY', https_proxy) + os.environ.setdefault('https_proxy', https_proxy) + logging.info("HTTPS proxy configured: %s", https_proxy) + if no_proxy: + os.environ.setdefault('NO_PROXY', no_proxy) + os.environ.setdefault('no_proxy', no_proxy) + + if __name__ == "__main__": #NOTE: These do not do anything on core ComfyUI, they are for custom nodes. os.environ['HF_HUB_DISABLE_TELEMETRY'] = '1' os.environ['DO_NOT_TRACK'] = '1' + _apply_proxy_env_vars() + setup_logger(log_level=args.verbose, use_stdout=args.log_stdout) faulthandler.enable(file=sys.stderr, all_threads=False) From 15a932e655ddf60e80c30ca31c9cc8b6a36b7b48 Mon Sep 17 00:00:00 2001 From: snomiao Date: Sat, 28 Mar 2026 18:55:05 +0900 Subject: [PATCH 2/4] fix: override inherited env vars and merge partial CLI proxy args - Use direct assignment instead of setdefault so CLI/settings proxy values actually override inherited environment variables. - Always read settings file for unspecified fields, so partial CLI overrides (e.g. only --http-proxy) still pick up saved https/no-proxy. --- main.py | 49 ++++++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/main.py b/main.py index 740ace82b..3c3dab979 100644 --- a/main.py +++ b/main.py @@ -34,37 +34,40 @@ def _apply_proxy_env_vars(): https_proxy = args.https_proxy no_proxy = args.no_proxy - # Fall back to settings file if CLI args are not provided. - if not http_proxy and not https_proxy: - user_dir = args.user_directory or os.path.join( - args.base_directory or os.path.dirname(os.path.realpath(__file__)), "user" - ) - settings_path = os.path.join(user_dir, "default", "comfy.settings.json") - if os.path.isfile(settings_path): - try: - with open(settings_path, "r") as f: - settings = _json.load(f) - http_proxy = http_proxy or settings.get("Comfy.Network.Proxy.HttpUrl") or "" - https_proxy = https_proxy or settings.get("Comfy.Network.Proxy.HttpsUrl") or "" - no_proxy = no_proxy or settings.get("Comfy.Network.Proxy.NoProxy") or "" - except Exception: - pass + # Fall back to settings file for any field not provided via CLI. + user_dir = args.user_directory or os.path.join( + args.base_directory or os.path.dirname(os.path.realpath(__file__)), "user" + ) + settings_path = os.path.join(user_dir, "default", "comfy.settings.json") + if os.path.isfile(settings_path): + try: + with open(settings_path, "r") as f: + settings = _json.load(f) + http_proxy = http_proxy or settings.get("Comfy.Network.Proxy.HttpUrl") or "" + https_proxy = https_proxy or settings.get("Comfy.Network.Proxy.HttpsUrl") or "" + no_proxy = no_proxy or settings.get("Comfy.Network.Proxy.NoProxy") or "" + except Exception: + pass + + def _set_proxy_var(name, value): + """Set env var, overriding inherited values when explicitly configured.""" + os.environ[name] = value if http_proxy: - os.environ.setdefault('HTTP_PROXY', http_proxy) - os.environ.setdefault('http_proxy', http_proxy) + _set_proxy_var('HTTP_PROXY', http_proxy) + _set_proxy_var('http_proxy', http_proxy) # Use http_proxy for HTTPS too unless https_proxy is explicitly set if not https_proxy: - os.environ.setdefault('HTTPS_PROXY', http_proxy) - os.environ.setdefault('https_proxy', http_proxy) + _set_proxy_var('HTTPS_PROXY', http_proxy) + _set_proxy_var('https_proxy', http_proxy) logging.info("HTTP proxy configured: %s", http_proxy) if https_proxy: - os.environ.setdefault('HTTPS_PROXY', https_proxy) - os.environ.setdefault('https_proxy', https_proxy) + _set_proxy_var('HTTPS_PROXY', https_proxy) + _set_proxy_var('https_proxy', https_proxy) logging.info("HTTPS proxy configured: %s", https_proxy) if no_proxy: - os.environ.setdefault('NO_PROXY', no_proxy) - os.environ.setdefault('no_proxy', no_proxy) + _set_proxy_var('NO_PROXY', no_proxy) + _set_proxy_var('no_proxy', no_proxy) if __name__ == "__main__": From 59574250133dfc3d2637da65be0692c9a21be107 Mon Sep 17 00:00:00 2001 From: snomiao Date: Sun, 29 Mar 2026 03:06:11 +0900 Subject: [PATCH 3/4] fix: move proxy log messages after setup_logger to avoid double logging logging.info() before setup_logger() triggers basicConfig(), adding an extra handler that causes duplicate log lines and bypasses LogInterceptor. Move proxy log messages after setup_logger() and read from env vars directly since they've already been set. --- main.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index 3c3dab979..990fcf4c1 100644 --- a/main.py +++ b/main.py @@ -60,11 +60,9 @@ def _apply_proxy_env_vars(): if not https_proxy: _set_proxy_var('HTTPS_PROXY', http_proxy) _set_proxy_var('https_proxy', http_proxy) - logging.info("HTTP proxy configured: %s", http_proxy) if https_proxy: _set_proxy_var('HTTPS_PROXY', https_proxy) _set_proxy_var('https_proxy', https_proxy) - logging.info("HTTPS proxy configured: %s", https_proxy) if no_proxy: _set_proxy_var('NO_PROXY', no_proxy) _set_proxy_var('no_proxy', no_proxy) @@ -79,6 +77,11 @@ if __name__ == "__main__": setup_logger(log_level=args.verbose, use_stdout=args.log_stdout) +if os.environ.get('HTTP_PROXY'): + logging.info("HTTP proxy configured: %s", os.environ['HTTP_PROXY']) +if os.environ.get('HTTPS_PROXY'): + logging.info("HTTPS proxy configured: %s", os.environ['HTTPS_PROXY']) + faulthandler.enable(file=sys.stderr, all_threads=False) import comfy_aimdo.control From 96b34947474d8e68a1cf9bf651da3e8e63253dc0 Mon Sep 17 00:00:00 2001 From: snomiao Date: Sun, 29 Mar 2026 03:11:46 +0900 Subject: [PATCH 4/4] fix: redact proxy credentials in startup log messages Proxy URLs may contain userinfo (user:pass@host). Redact credentials before logging to prevent them from appearing in the log stream that is exposed via /internal/logs endpoints. --- main.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index 990fcf4c1..73e439035 100644 --- a/main.py +++ b/main.py @@ -77,10 +77,22 @@ if __name__ == "__main__": setup_logger(log_level=args.verbose, use_stdout=args.log_stdout) +def _redact_proxy_url(url): + """Redact userinfo from proxy URL to avoid leaking credentials in logs.""" + from urllib.parse import urlparse, urlunparse + try: + parsed = urlparse(url) + if parsed.username: + netloc = f"***:***@{parsed.hostname}" + (f":{parsed.port}" if parsed.port else "") + return urlunparse(parsed._replace(netloc=netloc)) + except Exception: + pass + return url + if os.environ.get('HTTP_PROXY'): - logging.info("HTTP proxy configured: %s", os.environ['HTTP_PROXY']) + logging.info("HTTP proxy configured: %s", _redact_proxy_url(os.environ['HTTP_PROXY'])) if os.environ.get('HTTPS_PROXY'): - logging.info("HTTPS proxy configured: %s", os.environ['HTTPS_PROXY']) + logging.info("HTTPS proxy configured: %s", _redact_proxy_url(os.environ['HTTPS_PROXY'])) faulthandler.enable(file=sys.stderr, all_threads=False)