如何使用node-http-proxy作为多个安全服务器的代理服务器
我目前有一台HTTPS Web服务器在我的主机上的端口443上侦听。
我的目标是在同一主机上设置另一个HTTPS Web服务器,更改两个Web服务器上的端口,然后使用侦听端口443上的node-http-proxy来设置代理服务器。 代理服务器然后将基于自定义逻辑的请求委托给其他端口上的服务器。
下面是代理服务器,我从一个成功地使用代理端口80上的纯HTTP请求时使用。但是,当我尝试运行此代码浏览器显示消息“安全代理服务器无法处理您的请求在这个时候。 和控制台日志'[错误:UNABLE_TO_VERIFY_LEAF_SIGNATURE]它确实使它到了试图代理服务器侦听不同端口的请求。
var sugar = require('sugar') var url = require('url') var https = require('https') var httpProxy = require('http-proxy') var fs = require('fs') //configure proxy var ssl proxy = httpProxy.createProxyServer({ ssl: { key: fs.readFileSync('/cert/server.key', 'utf-8'), cert: fs.readFileSync('/cert/mydomain.crt', 'utf-8') } }) sslproxy.on( 'error', function(err, req, res) { console.log(err) res.end('Secure Proxy Server unable to handle your request at this time.') } ) //configure and start server that uses proxy var credentials = { key: fs.readFileSync('/cert/server.key','utf-8'), cert: fs.readFileSync('/cert/mydomain.crt', 'utf-8') } var sslserver = https.createServer( credentials, function(req, res) { console.log("Received request on secure proxy server") var target = url.parse(req.url) if(target.pathname.startsWith('/version1')) { console.log("Forwarding request to port 444") sslproxy.web(req, res, {target: 'https://localhost:444'}) } else { console.log("Forwarding request to 445") sslproxy.web(req, res, {target: 'https://localhost:445'}) } } ) sslserver.listen(443) 夫妇的想法:
- 我尝试使用node-ssl-root-cas,如另一个问题的答案中所示,但没有任何内容出现改变。 我的SSL证书来自Network Solutions。
- 我的代理的目标是localhost:444和localhost:445,因为这些端口不是外部打开的,不能。 不知道主机名称中的本地主机是否正在影响https代理。
试试这个:process.env ['NODE_TLS_REJECT_UNAUTHORIZED'] ='0';
看看这个:
// AUTHENTICATION MODES // // There are several levels of authentication that TLS/SSL supports. // Read more about this in "man SSL_set_verify". // // 1. The server sends a certificate to the client but does not request a // cert from the client. This is common for most HTTPS servers. The browser // can verify the identity of the server, but the server does not know who // the client is. Authenticating the client is usually done over HTTP using // login boxes and cookies and stuff. // // 2. The server sends a cert to the client and requests that the client // also send it a cert. The client knows who the server is and the server is // requesting the client also identify themselves. There are several // outcomes: // // A) verifyError returns null meaning the client's certificate is signed // by one of the server's CAs. The server know's the client idenity now // and the client is authorized. // // B) For some reason the client's certificate is not acceptable - // verifyError returns a string indicating the problem. The server can // either (i) reject the client or (ii) allow the client to connect as an // unauthorized connection. // // The mode is controlled by two boolean variables. // // requestCert // If true the server requests a certificate from client connections. For // the common HTTPS case, users will want this to be false, which is what // it defaults to. // // rejectUnauthorized // If true clients whose certificates are invalid for any reason will not // be allowed to make connections. If false, they will simply be marked as // unauthorized but secure communication will continue. By default this is // false. //
解决scheme和其他信息都来自这里: Node.js HTTPS 400错误 – 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'