Node-http-proxy: Can't proxy to an https server with a self sign cert.

Created on 1 Nov 2016  路  9Comments  路  Source: http-party/node-http-proxy

We have a development target API server which is using https and a self sign cert. We want to send the http request to our frontend server and then proxy to that https server. So our scenario is like http -> https

My code is like:

const httpProxy = require('http-proxy');
const express = require('express');
const logger = require('morgan');

const proxy = httpProxy.createProxyServer({
  // ssl: true,
  // secure: true
});

const app = express();

app.use(logger('dev'));

app.all('/mdm/*', (req, res) => {
  const options = {
    target: 'https://172.16.50.101:443/mdm'
  };
  proxy.web(req, res, options);
});

proxy.on('error', (err, req, res) => {
  console.log('Proxy server error: \n', err);
  res.status(500).json({ message: err.message });
});

app.use((err, req, res, next) => {
  console.log('App server error: \n', err);
  res.status(err.status || 500).json({ message: err.message });
});

app.listen(3000, () => {
  console.log("listening on port " + 3000);
});

Then I got an error:

{ Error: unable to verify the first certificate
    at TLSSocket.<anonymous> (_tls_wrap.js:1062:38)
    at emitNone (events.js:86:13)
    at TLSSocket.emit (events.js:185:7)
    at TLSSocket._finishInit (_tls_wrap.js:586:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }

I tried to add secure and ssl options to our proxy server. Then the error become to

TypeError: Cannot read property 'connection' of undefined

Is there any problem with my code? The http-proxy version I am using is 1.15.2.

Most helpful comment

I'm surprised on why no body ask why we need to set secure as 'false' as it's meaning go without cert check.

Is there a way to keep secure as 'true' and make it work?

All 9 comments

Just in case, have you tried secure: false?

secure: false Solves it for me..

The docs could be clearer. It seems to default to undefined.

Which, seems to mean in practice that it defaults to true.

@shaialon where I could set secure: false ?

@jimiatworking
const proxy = httpProxy.createProxyServer({
// ssl: true,
secure: false
});

I just lost 2 hours on this.

I'm surprised on why no body ask why we need to set secure as 'false' as it's meaning go without cert check.

Is there a way to keep secure as 'true' and make it work?

You could pass the SSL checking by putting the full chained certificate to the ca option under target.
You could obtain the full chained certificate by concatenating all the certificates in the certificate chains.

httpProxy.createProxyServer({ target: { ca: fs.readFileSync(caFile) } });

Was this page helpful?
0 / 5 - 0 ratings

Related issues

mohammad-goldast picture mohammad-goldast  路  3Comments

jsmylnycky picture jsmylnycky  路  3Comments

adi518 picture adi518  路  3Comments

robertjchristian picture robertjchristian  路  6Comments

WHK102 picture WHK102  路  5Comments