我正在尝试创建一个能够处理HTTPS网站的转发代理。我正在尝试观察和修改不同站点的流量。这是我的代码,适用于http网站,但不适用于https网站。
httpProxy.createServer(function(req, res, next) {
//custom logic
next();
}, function(req, res) {
var proxy = new httpProxy.RoutingProxy();
var buffer = httpProxy.buffer(req);
var urlObj = url.parse(req.url);
req.headers.host = urlObj.host;
req.url = urlObj.path;
console.log(urlObj.protocol);
setTimeout(function() {
proxy.proxyRequest(req, res, {
host: urlObj.host,
port: 80,
buffer: buffer,
}
)}, 5000);
}).listen(9000, function() {
console.log("Waiting for requests...");
});
感谢您的帮助!
答案 0 :(得分:8)
处理https流量时必须指定https选项。以下是我在代理设置中所做的事情。
var fs = require('fs'),
httpProxy = require('http-proxy');
var proxyTable = {};
proxyTable['domain.com'] = 'localhost:3001';
proxyTable['domain.com/path'] = 'localhost:3002';
proxyTable['sub.domain.com'] = 'localhost:3003';
var httpOptions = {
router: proxyTable
};
var httpsOptions = {
router: proxyTable,
https: {
passphrase: 'xxxxxxx',
key: fs.readFileSync('/path/to/key'),
ca: fs.readFileSync('/path/to/ca'),
cert: fs.readFileSync('/path/to/crt')}
};
httpProxy.createServer(httpOptions).listen(80);
httpProxy.createServer(httpsOptions).listen(443);
https的文档也在他们的github页面上。
答案 1 :(得分:4)
如果您只是在进行转发代理,那么您需要考虑一些事项。
这是您需要处理的顺序流程。
srvSocket.pipe(socket); socket.pipe(srvSocket); 由于您尝试在本地欺骗请求的域名,因此您需要更多内容
答案 2 :(得分:1)
https://github.com/substack/bouncy
var bouncy = require('bouncy');
var server = bouncy(function (req, res, bounce) {
if (req.headers.host === 'beep.example.com') {
bounce(8001);
}
else if (req.headers.host === 'boop.example.com') {
bounce(8002);
}
else {
res.statusCode = 404;
res.end('no such host');
}
});
server.listen(8000);
如果指定opts.key和opts.cert,则使用tls将连接设置为安全模式。如果要创建https路由器,请执行此操作。
答案 3 :(得分:1)
我们可以使用以下中间件
request = require("request");
app.use(function (req, res, next) {
request('http://anotherurl.that.serves/the/request').pipe(res);
});
答案 4 :(得分:0)
基本上,在http-proxy npm下面是Node使用的一些网络库(特别是http://nodejs.org/api/https.html和TLS)。即使我的Apache能够通过在我的浏览器中访问它而无需代理的自签名证书上连接我:
https://localhost:8002
您需要建立一个证书颁发机构,以便通过"无法验证叶签名" Node中的错误(我使用了 SSLCACertificateFile 选项)。然后,您将被" self_signed_cert_in_chain"点击。这导致一些Google结果显示npm放弃了自签名证书,但我非常确定这不会影响Node。
您最终得到的结果是某些人表示您在https代理中使用 process.env.NODE_TLS_REJECT_UNAUTHORIZED 或 rejectUnauthorized 。如果您浏览http-proxy源,您会发现它接受代理选项。使用此:
/**
* Module dependencies
*/
// basic includes
express = require('express');
fs = require('fs');
http = require('http');
https = require('https');
httpProxy = require('http-proxy');
require('child_process').spawn(__dirname+'/../../../dependencies/apache/bin/httpd.exe',['-f',__dirname+'/../../../dependencies/apache/conf/httpd-payments.conf']);
var app = module.exports = express();
app.set('port', process.env.PORT || 8001); // we sometimes change the port
// creates an output object for this particular request
//app.use(express.cookieParser(''));
//app.use(express.bodyParser());
//app.use(express.methodOverride());
proxy = httpProxy.createProxyServer();
proxy.on('error', function (err, req, res) {
console.log(err);
res.send(500,err);
res.end();
});
app.all('*',function(req,res,next) {
var options = {
hostname: '127.0.0.1',
port: 8002,
rejectUnauthorized: false,
key: fs.readFileSync(__dirname+"/../../../deployment/server.key.pem"),
cert: fs.readFileSync(__dirname+"/../../../deployment/server.crt.pem")
};
agent = new https.Agent(options);
try {
proxy.web(req,res, {
target: "https://localhost:8002",
proxyTimeout: 30,
agent: agent
});
} catch(e) {
// 500 error
res.send(500,e);
}
})
/**
* Start Server
*/
var options = {
key: fs.readFileSync(__dirname+"/../../../deployment/server.key.pem"),
cert: fs.readFileSync(__dirname+"/../../../deployment/server.crt.pem")
};
server = https.createServer(options,app).listen(app.get('port'), function () {
console.log('Running payments server on port ' + app.get('port'));
});