如何将node-http-proxy用作多个安全服务器的代理服务器

Question

我目前有一台HTTPS网络服务器在我的主机上侦听端口443。

我的目标是在同一主机上设置另一个HTTPS Web服务器，更改两个Web服务器上的端口，然后使用node-http-proxy侦听端口443设置代理服务器。然后，代理服务器将基于自定义逻辑的请求委托给其他端口上的服务器。

下面是我在端口80上代理普通HTTP请求时成功使用的代理服务器。但是，当我尝试运行此代码时，浏览器显示消息“安全代理服务器无法处理您的请求”在这个时候。＆＃39;和控制台日志＆＃39; [错误：UNABLE_TO_VERIFY_LEAF_SIGNATURE]＆＃39;它确实使它试图将请求代理到在不同端口上侦听的服务器。

var sugar = require('sugar')
var url = require('url')
var https = require('https')
var httpProxy = require('http-proxy')
var fs = require('fs')

//configure proxy
var ssl proxy = httpProxy.createProxyServer({
  ssl: {
    key: fs.readFileSync('/cert/server.key', 'utf-8'),
    cert: fs.readFileSync('/cert/mydomain.crt', 'utf-8')
  }
})
sslproxy.on(
  'error',
  function(err, req, res) {
    console.log(err)
    res.end('Secure Proxy Server unable to handle your request at this time.')
  }
)

//configure and start server that uses proxy
var credentials = {
  key: fs.readFileSync('/cert/server.key','utf-8'),
  cert: fs.readFileSync('/cert/mydomain.crt', 'utf-8')
}
var sslserver = https.createServer(
  credentials,
  function(req, res) {
    console.log("Received request on secure proxy server")
    var target = url.parse(req.url)
    if(target.pathname.startsWith('/version1')) {
      console.log("Forwarding request to port 444")
      sslproxy.web(req, res, {target: 'https://localhost:444'})
    } else {
      console.log("Forwarding request to 445")
      sslproxy.web(req, res, {target: 'https://localhost:445'})
    }
  }
)
sslserver.listen(443)

几个想法：

1. 我尝试使用node-ssl-root-cas，如另一个question的答案所示，但似乎没有任何变化。我的SSL证书来自Network Solutions。
2. 我的代理的目标是localhost：444和localhost：445，因为这些端口不在外部打开而不能打开。不确定主机名中的localhost是否影响https代理。

Answer 1

试试这个：process.env [＆＃39; NODE_TLS_REJECT_UNAUTHORIZED＆＃39;] =＆＃39; 0＆＃39;;

看看这个：

// AUTHENTICATION MODES
//
// There are several levels of authentication that TLS/SSL supports.
// Read more about this in "man SSL_set_verify".
//
// 1. The server sends a certificate to the client but does not request a
// cert from the client. This is common for most HTTPS servers. The browser
// can verify the identity of the server, but the server does not know who
// the client is. Authenticating the client is usually done over HTTP using
// login boxes and cookies and stuff.
//
// 2. The server sends a cert to the client and requests that the client
// also send it a cert. The client knows who the server is and the server is
// requesting the client also identify themselves. There are several
// outcomes:
//
//   A) verifyError returns null meaning the client's certificate is signed
//   by one of the server's CAs. The server know's the client idenity now
//   and the client is authorized.
//
//   B) For some reason the client's certificate is not acceptable -
//   verifyError returns a string indicating the problem. The server can
//   either (i) reject the client or (ii) allow the client to connect as an
//   unauthorized connection.
//
// The mode is controlled by two boolean variables.
//
// requestCert
//   If true the server requests a certificate from client connections. For
//   the common HTTPS case, users will want this to be false, which is what
//   it defaults to.
//
// rejectUnauthorized
//   If true clients whose certificates are invalid for any reason will not
//   be allowed to make connections. If false, they will simply be marked as
//   unauthorized but secure communication will continue. By default this is
//   false.
//

解决方案和其他信息都来自：Node.js HTTPS 400 Error - 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'