如何使用 node-http-proxy 作为多个安全服务器的代理服务器

Question

我目前有一个 HTTPS Web 服务器在我的主机上侦听端口 443。

我的目标是在同一台主机上设置另一个 HTTPS Web 服务器，更改两个 Web 服务器上的端口，然后使用 node-http-proxy 设置代理服务器，监听端口 443。然后，代理服务器根据自定义逻辑将请求委托给其他端口上的服务器。

以下是我在端口 80 上代理纯 HTTP 请求时成功使用的代理服务器。但是，当我尝试运行此代码时，浏览器显示消息“安全代理服务器此时无法处理您的请求。和控制台日志 '[Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE]' 它确实使它尝试将请求代理到侦听不同端口的服务器。

var sugar = require('sugar')
var url = require('url')
var https = require('https')
var httpProxy = require('http-proxy')
var fs = require('fs')

//configure proxy
var ssl proxy = httpProxy.createProxyServer({
  ssl: {
    key: fs.readFileSync('/cert/server.key', 'utf-8'),
    cert: fs.readFileSync('/cert/mydomain.crt', 'utf-8')
  }
})
sslproxy.on(
  'error',
  function(err, req, res) {
    console.log(err)
    res.end('Secure Proxy Server unable to handle your request at this time.')
  }
)

//configure and start server that uses proxy
var credentials = {
  key: fs.readFileSync('/cert/server.key','utf-8'),
  cert: fs.readFileSync('/cert/mydomain.crt', 'utf-8')
}
var sslserver = https.createServer(
  credentials,
  function(req, res) {
    console.log("Received request on secure proxy server")
    var target = url.parse(req.url)
    if(target.pathname.startsWith('/version1')) {
      console.log("Forwarding request to port 444")
      sslproxy.web(req, res, {target: 'https://localhost:444'})
    } else {
      console.log("Forwarding request to 445")
      sslproxy.web(req, res, {target: 'https://localhost:445'})
    }
  }
)
sslserver.listen(443)

几个想法：

1. 我尝试使用 node-ssl-root-cas，如另一个 question 的答案中所示，但似乎没有任何改变。我的 SSL 证书来自 Network Solutions。
2. 我的代理的目标是 localhost:444 和 localhost:445，因为这些端口没有对外开放，也不能对外开放。不确定主机名中的 localhost 是否影响 https 代理。

Answer 1

试试这个：process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0';

看看这个：

// AUTHENTICATION MODES
//
// There are several levels of authentication that TLS/SSL supports.
// Read more about this in "man SSL_set_verify".
//
// 1. The server sends a certificate to the client but does not request a
// cert from the client. This is common for most HTTPS servers. The browser
// can verify the identity of the server, but the server does not know who
// the client is. Authenticating the client is usually done over HTTP using
// login boxes and cookies and stuff.
//
// 2. The server sends a cert to the client and requests that the client
// also send it a cert. The client knows who the server is and the server is
// requesting the client also identify themselves. There are several
// outcomes:
//
//   A) verifyError returns null meaning the client's certificate is signed
//   by one of the server's CAs. The server know's the client idenity now
//   and the client is authorized.
//
//   B) For some reason the client's certificate is not acceptable -
//   verifyError returns a string indicating the problem. The server can
//   either (i) reject the client or (ii) allow the client to connect as an
//   unauthorized connection.
//
// The mode is controlled by two boolean variables.
//
// requestCert
//   If true the server requests a certificate from client connections. For
//   the common HTTPS case, users will want this to be false, which is what
//   it defaults to.
//
// rejectUnauthorized
//   If true clients whose certificates are invalid for any reason will not
//   be allowed to make connections. If false, they will simply be marked as
//   unauthorized but secure communication will continue. By default this is
//   false.
//

解决方案和其他信息都来自这里：Node.js HTTPS 400 Error - 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'