Setting up a proxy to a Heroku app, whenever I set the target to an HTTPS URL, every connection fails with the classic write EPROTO errors:
Error: write EPROTO 139929235920768:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:../deps/openssl/openssl/ssl/s23_clnt.c:769:
This happens locally on my macOS Sierra computer and when running on Heroku.
I've tried setting the certificate authority, but same error occurs:
const proxy = httpProxy.createProxyServer({
ssl: {
// Heroku's CA location
ca: fs.readFileSync('/usr/lib/ssl/certs/ca-certificates.crt', 'utf8')
}
});
Solved this 馃寛
It seems that because the proxied host header no longer matches the target backend service, the SSL negotiation fails. The solution is to enabled changeOrigin which will rewrite the Host headers to match what the target expects!
const proxy = httpProxy.createProxyServer({
changeOrigin: true
});
Most helpful comment
Solved this 馃寛
It seems that because the proxied host header no longer matches the target backend service, the SSL negotiation fails. The solution is to enabled
changeOriginwhich will rewrite the Host headers to match what the target expects!