Node-http-proxy: HTTPS target throws `write EPROTO`

Created on 5 May 2017  路  1Comment  路  Source: http-party/node-http-proxy

Setting up a proxy to a Heroku app, whenever I set the target to an HTTPS URL, every connection fails with the classic write EPROTO errors:

Error: write EPROTO 139929235920768:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:../deps/openssl/openssl/ssl/s23_clnt.c:769:

This happens locally on my macOS Sierra computer and when running on Heroku.

I've tried setting the certificate authority, but same error occurs:

const proxy = httpProxy.createProxyServer({
  ssl: {
    // Heroku's CA location
    ca: fs.readFileSync('/usr/lib/ssl/certs/ca-certificates.crt', 'utf8')
  }
});

Most helpful comment

Solved this 馃寛

It seems that because the proxied host header no longer matches the target backend service, the SSL negotiation fails. The solution is to enabled changeOrigin which will rewrite the Host headers to match what the target expects!

const proxy = httpProxy.createProxyServer({
  changeOrigin: true
});

>All comments

Solved this 馃寛

It seems that because the proxied host header no longer matches the target backend service, the SSL negotiation fails. The solution is to enabled changeOrigin which will rewrite the Host headers to match what the target expects!

const proxy = httpProxy.createProxyServer({
  changeOrigin: true
});
Was this page helpful?
0 / 5 - 0 ratings

Related issues

guillaume-at-palo picture guillaume-at-palo  路  4Comments

sisyphsu picture sisyphsu  路  3Comments

damianchojna picture damianchojna  路  5Comments

karthikus picture karthikus  路  3Comments

WHK102 picture WHK102  路  5Comments