App Engine和其他一些云平台正在使用各种IP地址,这对那些有防火墙限制的人来说非常棘手。
我们的客户想要使用我们的服务,但他们只能向已知的IP地址发送请求。
如何为http / https转发到云服务设置固定的IP地址代理?
答案 0 :(得分:0)
以下是有关如何为云服务编写入站代理的简单方法。
要求:访问具有固定IP且安装了Node.js的计算机。
以下节点脚本是您所需要的
1)剪切并粘贴到文件中并执行
2)改变" my.server.com"
3)更改SSL证书路径,有关如何在
下创建它们的说明var
fs = require('fs'),
url = require('url'),
http = require('http'),
https = require('https');
var https_options = {
key: fs.readFileSync('/path/ssl_certificate/key.pem'),
cert: fs.readFileSync('/path/ssl_certificate/cert.pem')
};
function http_forward(request, response) {
'use strict';
var
target_host_options = {},
target_url_obj = url.parse('https://my.server.com' + request.url),
target_host_obj = https,
target_host_request;
target_host_options.hostname = target_url_obj.hostname;
target_host_options.path = target_url_obj.path || '/';
if (target_url_obj.auth) {
target_host_options.path = target_url_obj.auth;
}
target_host_options.agent = false; //Disable socket pooling
target_host_options.method = request.method;
target_host_options.headers = request.headers;
delete target_host_options.headers.host; //Necessary
target_host_options.headers['X-Proxy-Client-Ip'] = request.connection.remoteAddress;
target_host_request = target_host_obj.request(target_host_options, function (target_host_response) {
target_host_response.resume();
response.writeHead(target_host_response.statusCode, target_host_response.headers);
target_host_response.pipe(response);
});
target_host_request.on('error', function (err) {
response.writeHead(400, {'Content-Type': 'text/plain'});
response.write('PROXY target_host_request error\n');
response.write(JSON.stringify(err));
response.end();
});
request.pipe(target_host_request);
}
http.createServer(http_forward).listen(8080);
https.createServer(https_options, http_forward).listen(8443);
console.log('Inbound_proxy ..starting...');
如果您没有SSL证书:下面是如何使用linux / ubuntu创建一个
$ openssl genrsa -out key.pem
$ openssl req -new -key key.pem -out csr.pem
$ openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
$ rm csr.pem