Skip to content

sbx: document SOCKS5 upstream proxy and DOCKER_SANDBOXES_NO_PROXY#25537

Merged
craig-osterhout merged 1 commit into
docker:mainfrom
craig-osterhout:docs-sbx-socks5-proxy
Jul 10, 2026
Merged

sbx: document SOCKS5 upstream proxy and DOCKER_SANDBOXES_NO_PROXY#25537
craig-osterhout merged 1 commit into
docker:mainfrom
craig-osterhout:docs-sbx-socks5-proxy

Conversation

@craig-osterhout

Copy link
Copy Markdown
Contributor

Description

v0.35.0 adds SOCKS5 upstream proxy support and a companion exclusion variable.

Release notes: https://github.com/docker/sandboxes/releases/tag/v0.35.0

The sandbox proxy can chain upstream egress through a SOCKS5 proxy
(socks5:// / socks5h://, with optional auth) via DOCKER_SANDBOXES_PROXY.
Add DOCKER_SANDBOXES_NO_PROXY to exclude destinations from
DOCKER_SANDBOXES_PROXY.

Upstream changes: docker/sandboxes#4041 (SOCKS5 transport),
docker/sandboxes#4056 (DOCKER_SANDBOXES_NO_PROXY)

Updates the "Upstream proxy" section of architecture.md:

  • Documents socks5:// and socks5h:// scheme support, including the
    DNS resolution distinction between the two
  • Documents credential embedding in the URL (socks5://user:pass@host:port)
  • Adds DOCKER_SANDBOXES_NO_PROXY with a note clarifying it applies only
    to DOCKER_SANDBOXES_PROXY traffic, not HTTP_PROXY/HTTPS_PROXY
  • Removes the "only HTTP and HTTPS traffic can be forwarded" limitation
    bullet, which is no longer accurate with SOCKS5

Related issues or tickets

Reviews

  • Technical review
  • Editorial review
  • Product review

Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
@craig-osterhout craig-osterhout requested a review from dvdksn as a code owner July 10, 2026 17:12
@netlify

netlify Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit 4ad9163
🔍 Latest deploy log https://app.netlify.com/projects/docsdocker/deploys/6a5127eae25c1700087301cb
😎 Deploy Preview https://deploy-preview-25537--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟢 APPROVE

The documentation update is accurate, well-scoped, and clean. The SOCKS5 proxy support and variable are correctly documented, including the vs DNS resolution distinction, credential embedding syntax, and the relationship with /. No AI-isms, markdown issues, or bold misuse found.

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟢 APPROVE

The PR cleanly documents new SOCKS5 upstream proxy support and the companion DOCKER_SANDBOXES_NO_PROXY variable. The writing is clear, factual, and matches the existing document's tone and scope. No AI-isms, marketing language, or style violations were found. The removal of the HTTP/HTTPS-only limitation bullet is technically accurate — SOCKS5 operates at the transport layer and supports generic TCP proxying, so the limitation genuinely no longer applies.

@craig-osterhout craig-osterhout requested a review from a team July 10, 2026 17:18
@craig-osterhout craig-osterhout added the status/review Pull requests that are ready for review label Jul 10, 2026

@docker-agent docker-agent left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟢 APPROVE

The PR cleanly documents two new features in Sandboxes v0.35.0: SOCKS5 upstream proxy support and the DOCKER_SANDBOXES_NO_PROXY variable. The prose is concise, technically accurate, and free of AI-isms or marketing language. No structural or formatting issues found.

One minor suggestion is left as an inline comment.


Set `DOCKER_SANDBOXES_NO_PROXY` to exclude specific destinations from
`DOCKER_SANDBOXES_PROXY`, using standard comma-separated `NO_PROXY` matching
semantics. This only affects traffic routed through `DOCKER_SANDBOXES_PROXY`

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[LOW] Em dash joins two independent clauses (semicolon-equivalent usage)

The em dash on this line effectively joins two independent clauses the same way a semicolon would — which the style guide discourages (it advises writing two sentences instead). Consider splitting:

This only affects traffic routed through DOCKER_SANDBOXES_PROXY. Use NO_PROXY to exclude destinations from HTTP_PROXY/HTTPS_PROXY.

@usha-mandya usha-mandya left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@craig-osterhout craig-osterhout merged commit 9755520 into docker:main Jul 10, 2026
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/ai status/review Pull requests that are ready for review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants