在node.js 0.8下,我在“路由器表”模式下使用node-http-proxy,如下所示:
var httpProxy = require("http-proxy");
var config = require("./config");
proxyServer = httpProxy.createServer({
hostnameOnly: true,
router: {
"one.example.com": "localhost:9000",
"two.example.com": "localhost:9001"
},
https: {
key: config.key,
cert: config.cert,
// mitigate BEAST: https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
honorCipherOrder: true,
ciphers: "ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
}
})
proxyServer.listen(8000)
我想添加HSTS(HTTP严格传输安全性),以便让合规浏览器始终使用SSL。为此,我需要让http-proxy添加标题:
Strict-Transport-Security: max-age=60000
(或其他最大年龄)。我怎样才能让node-http-proxy有效地附加这个标题?
答案 0 :(得分:4)
对于您的示例,我不确定这个较旧的问题是否正在使用http-proxy@0.8
。但是,这是我用http-proxy@1.0.0
做的事情:
var httpProxy = require('http-proxy');
// https server to decrypt TLS traffic and direct to a normal HTTP backend
var proxy = httpProxy.createProxyServer({
target: {
host: 'localhost',
port: 9009 // or whatever port your local http proxy listens on
},
ssl: {
key: fs.readFileSync('valid-ssl-key.pem', 'utf8'),
cert: fs.readFileSync('valid-ssl-cert.pem', 'utf8')
}
}).listen(443); // HTTPS listener for the real server
// http server that redirects all requests to their corresponding
// https urls, and allows standards-compliant HTTP clients to
// prevent future insecure requests.
var server = http.createServer(function(req, res) {
res.statusCode = 301;
res.setHeader('Location', 'https://' + req.headers.host.split(':')[0] + req.url);
res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
return res.end();
});
server.listen(80); // HTTP listener for the old HTTP clients