Add support for --host flag

Signed-off-by: Radoslav Dimitrov <[email protected]>

Author: rdimitrov

cmd/thv/app/proxy.go

@@ -11,6 +11,7 @@ import (
 	"github.com/stacklok/toolhive/pkg/auth"
 	"github.com/stacklok/toolhive/pkg/logger"
 	"github.com/stacklok/toolhive/pkg/networking"
+	"github.com/stacklok/toolhive/pkg/transport"
 	"github.com/stacklok/toolhive/pkg/transport/proxy/transparent"
 	"github.com/stacklok/toolhive/pkg/transport/types"
 )
@@ -25,11 +26,13 @@ This command creates a standalone proxy without starting a container.`,
 }
 
 var (
+	proxyHost      string
 	proxyPort      int
 	proxyTargetURI string
 )
 
 func init() {
+	proxyCmd.Flags().StringVar(&proxyHost, "host", transport.LocalhostName, "Host for the HTTP proxy to listen on (IP or hostname)")
 	proxyCmd.Flags().IntVar(&proxyPort, "port", 0, "Port for the HTTP proxy to listen on (host port)")
 	proxyCmd.Flags().StringVar(
 		&proxyTargetURI,
@@ -52,6 +55,13 @@ func proxyCmdFunc(cmd *cobra.Command, args []string) error {
 	// Get the server name
 	serverName := args[0]
 
+	// Validate the host flag and default resolving to IP in case hostname is provided
+	validatedHost, err := ValidateAndNormaliseHostFlag(proxyHost)
+	if err != nil {
+		return fmt.Errorf("invalid host: %s", proxyHost)
+	}
+	proxyHost = validatedHost
+
 	// Select a port for the HTTP proxy (host port)
 	port, err := networking.FindOrUsePort(proxyPort)
 	if err != nil {
@@ -94,7 +104,7 @@ func proxyCmdFunc(cmd *cobra.Command, args []string) error {
 		port, proxyTargetURI)
 
 	// Create the transparent proxy with middlewares
-	proxy := transparent.NewTransparentProxy(port, serverName, proxyTargetURI, middlewares...)
+	proxy := transparent.NewTransparentProxy(proxyHost, port, serverName, proxyTargetURI, middlewares...)
 	if err := proxy.Start(ctx); err != nil {
 		return fmt.Errorf("failed to start proxy: %v", err)
 	}

cmd/thv/app/run.go

@@ -3,6 +3,7 @@ package app
 import (
 	"context"
 	"fmt"
+	"net"
 	"os"
 	"strings"
 
@@ -17,6 +18,7 @@ import (
 	"github.com/stacklok/toolhive/pkg/permissions"
 	"github.com/stacklok/toolhive/pkg/registry"
 	"github.com/stacklok/toolhive/pkg/runner"
+	"github.com/stacklok/toolhive/pkg/transport"
 )
 
 var runCmd = &cobra.Command{
@@ -56,6 +58,7 @@ permission profile. Additional configuration can be provided via flags.`,
 var (
 	runTransport         string
 	runName              string
+	runHost              string
 	runPort              int
 	runTargetPort        int
 	runTargetHost        string
@@ -72,6 +75,7 @@ var (
 func init() {
 	runCmd.Flags().StringVar(&runTransport, "transport", "stdio", "Transport mode (sse or stdio)")
 	runCmd.Flags().StringVar(&runName, "name", "", "Name of the MCP server (auto-generated from image if not provided)")
+	runCmd.Flags().StringVar(&runHost, "host", transport.LocalhostName, "Host for the HTTP proxy to listen on (IP or hostname)")
 	runCmd.Flags().IntVar(&runPort, "port", 0, "Port for the HTTP proxy to listen on (host port)")
 	runCmd.Flags().IntVar(&runTargetPort, "target-port", 0, "Port for the container to expose (only applicable to SSE transport)")
 	runCmd.Flags().StringVar(
@@ -131,6 +135,14 @@ func init() {
 
 func runCmdFunc(cmd *cobra.Command, args []string) error {
 	ctx := cmd.Context()
+
+	// Validate the host flag and default resolving to IP in case hostname is provided
+	validatedHost, err := ValidateAndNormaliseHostFlag(runHost)
+	if err != nil {
+		return fmt.Errorf("invalid host: %s", runHost)
+	}
+	runHost = validatedHost
+
 	// Get the server name or image
 	serverOrImage := args[0]
 
@@ -173,6 +185,7 @@ func runCmdFunc(cmd *cobra.Command, args []string) error {
 		rt,
 		cmdArgs,
 		runName,
+		runHost,
 		debugMode,
 		runVolumes,
 		runSecrets,
@@ -437,3 +450,31 @@ func parseCommandArguments(args []string) []string {
 	}
 	return cmdArgs
 }
+
+// ValidateAndNormaliseHostFlag validates and normalizes the host flag resolving it to an IP address if hostname is provided
+func ValidateAndNormaliseHostFlag(host string) (string, error) {
+	// Check if the host is a valid IP address
+	ip := net.ParseIP(host)
+	if ip != nil {
+		if ip.To4() == nil {
+			return "", fmt.Errorf("IPv6 addresses are not supported: %s", host)
+		}
+		return host, nil
+	}
+
+	// If not an IP address, resolve the hostname to an IP address
+	addrs, err := net.LookupHost(host)
+	if err != nil {
+		return "", fmt.Errorf("invalid host: %s", host)
+	}
+
+	// Use the first IPv4 address found
+	for _, addr := range addrs {
+		ip := net.ParseIP(addr)
+		if ip != nil && ip.To4() != nil {
+			return ip.String(), nil
+		}
+	}
+
+	return "", fmt.Errorf("could not resolve host: %s", host)
+}

pkg/lifecycle/manager.go

@@ -197,9 +197,14 @@ func (*defaultManager) RunContainerDetached(runConfig *runner.RunConfig) error {
 		detachedArgs = append(detachedArgs, "--name", runConfig.Name)
 	}
 
+	if runConfig.Host != "" {
+		detachedArgs = append(detachedArgs, "--host", runConfig.Host)
+	}
+
 	if runConfig.Port != 0 {
 		detachedArgs = append(detachedArgs, "--port", fmt.Sprintf("%d", runConfig.Port))
 	}
+
 	if runConfig.TargetPort != 0 {
 		detachedArgs = append(detachedArgs, "--target-port", fmt.Sprintf("%d", runConfig.TargetPort))
 	}

pkg/runner/config.go

@@ -41,6 +41,9 @@ type RunConfig struct {
 	// Transport is the transport mode (sse or stdio)
 	Transport types.TransportType `json:"transport" yaml:"transport"`
 
+	// Host is the host for the HTTP proxy
+	Host string `json:"host" yaml:"host"`
+
 	// Port is the port for the HTTP proxy to listen on (host port)
 	Port int `json:"port" yaml:"port"`
 
@@ -120,6 +123,7 @@ func NewRunConfigFromFlags(
 	runtime rt.Runtime,
 	cmdArgs []string,
 	name string,
+	host string,
 	debug bool,
 	volumes []string,
 	secretsList []string,
@@ -143,6 +147,7 @@ func NewRunConfigFromFlags(
 		TargetHost:                  targetHost,
 		ContainerLabels:             make(map[string]string),
 		EnvVars:                     make(map[string]string),
+		Host:                        host,
 	}
 
 	// Set OIDC config if any values are provided

pkg/runner/config_test.go

@@ -804,6 +804,7 @@ func TestNewRunConfigFromFlags(t *testing.T) {
 	runtime := &mockRuntime{}
 	cmdArgs := []string{"arg1", "arg2"}
 	name := "test-server"
+	host := "localhost"
 	debug := true
 	volumes := []string{"/host:/container"}
 	secretsList := []string{"secret1,target=ENV_VAR1"}
@@ -819,6 +820,7 @@ func TestNewRunConfigFromFlags(t *testing.T) {
 		runtime,
 		cmdArgs,
 		name,
+		host,
 		debug,
 		volumes,
 		secretsList,

pkg/runner/runner.go

@@ -41,7 +41,7 @@ func (r *Runner) Run(ctx context.Context) error {
 		Type:       r.Config.Transport,
 		Port:       r.Config.Port,
 		TargetPort: r.Config.TargetPort,
-		Host:       "localhost",
+		Host:       r.Config.Host,
 		TargetHost: r.Config.TargetHost,
 		Runtime:    r.Config.Runtime,
 		Debug:      r.Config.Debug,

pkg/transport/factory.go

@@ -19,7 +19,7 @@ func NewFactory() *Factory {
 func (*Factory) Create(config types.Config) (types.Transport, error) {
 	switch config.Type {
 	case types.TransportTypeStdio:
-		return NewStdioTransport(config.Port, config.Runtime, config.Debug, config.Middlewares...), nil
+		return NewStdioTransport(config.Host, config.Port, config.Runtime, config.Debug, config.Middlewares...), nil
 	case types.TransportTypeSSE:
 		return NewSSETransport(
 			config.Host,

pkg/transport/proxy/httpsse/http_proxy.go

@@ -48,6 +48,7 @@ type Proxy interface {
 //nolint:revive // Intentionally named HTTPSSEProxy despite package name
 type HTTPSSEProxy struct {
 	// Basic configuration
+	host          string
 	port          int
 	containerName string
 	middlewares   []types.Middleware
@@ -69,9 +70,10 @@ type HTTPSSEProxy struct {
 }
 
 // NewHTTPSSEProxy creates a new HTTP SSE proxy for transports.
-func NewHTTPSSEProxy(port int, containerName string, middlewares ...types.Middleware) *HTTPSSEProxy {
+func NewHTTPSSEProxy(host string, port int, containerName string, middlewares ...types.Middleware) *HTTPSSEProxy {
 	return &HTTPSSEProxy{
 		middlewares:     middlewares,
+		host:            host,
 		port:            port,
 		containerName:   containerName,
 		shutdownCh:      make(chan struct{}),
@@ -109,16 +111,16 @@ func (p *HTTPSSEProxy) Start(_ context.Context) error {
 
 	// Create the server
 	p.server = &http.Server{
-		Addr:              fmt.Sprintf(":%d", p.port),
+		Addr:              fmt.Sprintf("%s:%d", p.host, p.port),
 		Handler:           mux,
 		ReadHeaderTimeout: 10 * time.Second, // Prevent Slowloris attacks
 	}
 
 	// Start the server in a goroutine
 	go func() {
 		logger.Infof("HTTP proxy started for container %s on port %d", p.containerName, p.port)
-		logger.Infof("SSE endpoint: http://localhost:%d%s", p.port, ssecommon.HTTPSSEEndpoint)
-		logger.Infof("JSON-RPC endpoint: http://localhost:%d%s", p.port, ssecommon.HTTPMessagesEndpoint)
+		logger.Infof("SSE endpoint: http://%s:%d%s", p.host, p.port, ssecommon.HTTPSSEEndpoint)
+		logger.Infof("JSON-RPC endpoint: http://%s:%d%s", p.host, p.port, ssecommon.HTTPMessagesEndpoint)
 
 		if err := p.server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
 			logger.Errorf("HTTP server error: %v", err)

pkg/transport/proxy/transparent/transparent_proxy.go

@@ -24,6 +24,7 @@ import (
 //nolint:revive // Intentionally named TransparentProxy despite package name
 type TransparentProxy struct {
 	// Basic configuration
+	host          string
 	port          int
 	containerName string
 	targetURI     string
@@ -43,12 +44,14 @@ type TransparentProxy struct {
 
 // NewTransparentProxy creates a new transparent proxy with optional middlewares.
 func NewTransparentProxy(
+	host string,
 	port int,
 	containerName string,
 	targetURI string,
 	middlewares ...types.Middleware,
 ) *TransparentProxy {
 	return &TransparentProxy{
+		host:          host,
 		port:          port,
 		containerName: containerName,
 		targetURI:     targetURI,
@@ -86,15 +89,15 @@ func (p *TransparentProxy) Start(_ context.Context) error {
 
 	// Create the server
 	p.server = &http.Server{
-		Addr:              fmt.Sprintf(":%d", p.port),
+		Addr:              fmt.Sprintf("%s:%d", p.host, p.port),
 		Handler:           finalHandler,
 		ReadHeaderTimeout: 10 * time.Second, // Prevent Slowloris attacks
 	}
 
 	// Start the server in a goroutine
 	go func() {
-		logger.Infof("Transparent proxy started for container %s on port %d -> %s",
-			p.containerName, p.port, p.targetURI)
+		logger.Infof("Transparent proxy started for container %s on %s:%d -> %s",
+			p.containerName, p.host, p.port, p.targetURI)
 
 		if err := p.server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
 			logger.Errorf("Transparent proxy error: %v", err)

pkg/transport/sse.go

@@ -8,7 +8,6 @@ import (
 	"github.com/stacklok/toolhive/pkg/container"
 	rt "github.com/stacklok/toolhive/pkg/container/runtime"
 	"github.com/stacklok/toolhive/pkg/logger"
-	"github.com/stacklok/toolhive/pkg/networking"
 	"github.com/stacklok/toolhive/pkg/permissions"
 	"github.com/stacklok/toolhive/pkg/transport/errors"
 	"github.com/stacklok/toolhive/pkg/transport/proxy/transparent"
@@ -112,21 +111,21 @@ func (t *SSETransport) Setup(ctx context.Context, runtime rt.Runtime, containerN
 	containerPortStr := fmt.Sprintf("%d/tcp", t.targetPort)
 	containerOptions.ExposedPorts[containerPortStr] = struct{}{}
 
-	// Create port bindings for localhost
+	// Create host port bindings (configurable through the --host flag)
 	portBindings := []rt.PortBinding{
 		{
-			HostIP:   "127.0.0.1", // IPv4 localhost
+			HostIP:   t.host,
 			HostPort: fmt.Sprintf("%d", t.targetPort),
 		},
 	}
 
-	// Check if IPv6 is available and add IPv6 localhost binding
-	if networking.IsIPv6Available() {
-		portBindings = append(portBindings, rt.PortBinding{
-			HostIP:   "::1", // IPv6 localhost
-			HostPort: fmt.Sprintf("%d", t.targetPort),
-		})
-	}
+	// Check if IPv6 is available and add IPv6 localhost binding (commented out for now)
+	//if networking.IsIPv6Available() {
+	//	portBindings = append(portBindings, rt.PortBinding{
+	//		HostIP:   "::1", // IPv6 localhost
+	//		HostPort: fmt.Sprintf("%d", t.targetPort),
+	//	})
+	//}
 
 	// Set the port bindings
 	containerOptions.PortBindings[containerPortStr] = portBindings
@@ -195,7 +194,7 @@ func (t *SSETransport) Start(ctx context.Context) error {
 		t.port, targetURI)
 
 	// Create the transparent proxy with middlewares
-	t.proxy = transparent.NewTransparentProxy(t.port, t.containerName, targetURI, t.middlewares...)
+	t.proxy = transparent.NewTransparentProxy(t.host, t.port, t.containerName, targetURI, t.middlewares...)
 	if err := t.proxy.Start(ctx); err != nil {
 		return err
 	}