Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Failure to handle HTTPS requests

See original GitHub issue

Expected behavior

Expect successful SSL connection and response from the api server. Even though ssl object is being set in the options, it doesn’t appear that the configuration is taking that into account. If ssl object is set, http requests are successfully proxied, but https requests are not. The same certificates and client configuration do work using http-proxy, rather than http-proxy-middleware.

Using http-proxy:

var fs = require('fs'),
    httpProxy = require('http-proxy');

httpProxy.createServer({
  ssl: {
    key: fs.readFileSync('./ssl.key'),
    cert: fs.readFileSync('./ssl.crt')
  },
  target: 'http://localhost:9000',
  secure: false
}).listen(3000);

$ curl -k https://localhost:3000/api -v

  • Trying 127.0.0.1…
  • Connected to localhost (127.0.0.1) port 3000 (#0)
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • error setting certificate verify locations, continuing anyway:
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Server hello (2):
  • NPN, negotiated HTTP1.1
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
  • TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  • TLSv1.2 (IN), TLS handshake, Server finished (14):
  • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  • TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.2 (OUT), TLS handshake, Unknown (67):
  • TLSv1.2 (OUT), TLS handshake, Finished (20):
  • TLSv1.2 (IN), TLS change cipher, Client hello (1):
  • TLSv1.2 (IN), TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
  • ALPN, server did not agree to a protocol
  • Server certificate:
  • subject: C=US; ST=VA; O=Internet Widgits Pty Ltd; CN=PWL
  • start date: Oct 29 15:47:22 2016 GMT
  • expire date: Oct 27 15:47:22 2026 GMT
  • issuer: C=US; ST=VA; O=Internet Widgits Pty Ltd; CN=PWL
  • SSL certificate verify result: self signed certificate (18), continuing anyway.

GET /api HTTP/1.1 Host: localhost:3000 User-Agent: curl/7.45.0 Accept: /

< HTTP/1.1 200 OK < content-type: text/plain < date: Fri, 09 Dec 2016 12:42:57 GMT < connection: close < transfer-encoding: chunked < request successfully proxied!

  • Closing connection 0
  • TLSv1.2 (OUT), TLS alert, Client hello (1):

Using http-proxy-middleware:

Actual behavior

$ curl -k https://localhost:3000/api -v

  • Trying 127.0.0.1…
  • Connected to localhost (127.0.0.1) port 3000 (#0)
  • ALPN, offering http/1.1
  • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  • error setting certificate verify locations, continuing anyway:
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none
  • TLSv1.2 (OUT), TLS header, Certificate Status (22):
  • TLSv1.2 (OUT), TLS handshake, Client hello (1):
  • Unknown SSL protocol error in connection to localhost:3000
  • Closing connection 0 curl: (35) Unknown SSL protocol error in connection to localhost:3000

Setup

var fs      = require('fs');
var express = require('express');
var proxy   = require('http-proxy-middleware');

var apiProxy = proxy('/api', {
	ssl: {
		cert: fs.readFileSync('./ssl.crt'),
		key: fs.readFileSync('./ssl.key')
	},
	target: 'http://localhost:9000',
        changeOrigin: true,
        logLevel: 'info'
});

var app = express();
app.use(apiProxy);
app.listen(3000);

Issue Analytics

  • State:open
  • Created 7 years ago
  • Reactions:4
  • Comments:9 (2 by maintainers)

github_iconTop GitHub Comments

2reactions
antonymarioncommented, Aug 13, 2021

Please try this: https://github.com/antonymarion/node-http-proxy/blob/master/examples/http/proxy-https-to-https-chimurai.js

you were missing the express https server init.

https.createServer(httpsOpts, app) httpServer.listen(8010); // 8010 port in my test case

instead

const server = express() server.listen(443)

2reactions
ernitishkumarcommented, Aug 31, 2017

Not working with secure : false also ! Here is my config

const fs      = require('fs');
const express = require('express');
const proxy = require('http-proxy-middleware');

const app = express();
//running the app by serving the static files
//from dist folder
app.use(express.static(__dirname + '/dist'));

// Add middleware for http proxying 
const PRODUCTION_BACKEND_SERVER = 'http://10.98.4.122:8080';

const LOCAL_BACKEND_SERVER = 'http://localhost:8080';

//app.use('/mppkvvcl/nextgenbilling/', proxy({target: '', changeOrigin: true}));
app.use('/mppkvvcl/nextgenbilling/', proxy({
  ssl: {
		cert: fs.readFileSync('./ssl/ngbmpwincoin.jks'),
		key: fs.readFileSync('./ssl/KEY.txt')
	},
  target: PRODUCTION_BACKEND_SERVER,
  secure : false, 
  changeOrigin: true,
  logLevel: 'info'
}));

//for local testing
//app.use('/mppkvvcl/nextgenbilling/', proxy({target: LOCAL_BACKEND_SERVER, changeOrigin: true}));

const path = require('path');
// For all GET requests, send back index.html
// so that PathLocationStrategy can be used
app.get('/*', function(req, res) {
  res.sendFile(path.join(__dirname + '/dist/index.html'));
});

//starting app on default port or on heroku port
console.log("Starting Node Server with ngb frontend application");
let port = process.env.PORT || 443;
app.listen(port, () => {
    console.log("Started Server at port " + port);
});
Read more comments on GitHub >

github_iconTop Results From Across the Web

HTTPS web request failing - Stack Overflow
When I run the program contained below the first HTTPS request succeeds, but the second request fails. Both url's are valid and both...
Read more >
Outgoing request failures may occur when HTTPS Inspection ...
FIX: Outgoing request failures may occur when HTTPS Inspection is enabled and web server connection timeouts occur in a Forefront Threat Management Gateway ......
Read more >
SSL Error from HTTPS Request/Response
1. Try to remove the current certificate by going to Preference -> Find the Certificate -> Click on Action button -> Delete ·...
Read more >
How to Fix the HTTPS Not Secure Error - Seer Interactive
In Chrome, you can tell that a webpage is non-secure when there is a “Not secure” label instead of a padlock to the...
Read more >
How to Find and Fix Mixed Content Warnings on HTTPS Sites
Hackers can intercept HTTP requests to load an image and swap your ... opens up hackers to take complete control over your entire...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

TypeError: Cannot read property 'on' of null at catchUpgradeRequest

Next page

websocket proxy cannot upgrade websocket connection