pkrumins / nodejs-proxy Goto Github PK
View Code? Open in Web Editor NEWA HTTP proxy server written in node.js
Home Page: http://www.catonmat.net/http-proxy-in-nodejs
A HTTP proxy server written in node.js
Home Page: http://www.catonmat.net/http-proxy-in-nodejs
Nodejs-proxy is a simple HTTP reverse proxy server written in node.js. It currently allows some mid-complexity to handle the reverse proxy magic take place. Nodejs-proxy was written by Peteris Krumins ([email protected]). His blog is at http://www.catonmat.net -- good coders code, great reuse. ------------------------------------------------------------------------------ You'll need node.js to run it. Get it at www.nodejs.org, then compile and install it: $ ./configure $ make $ make install Next, run proxy.js through node program: $ node proxy.js And that's it! I have also added ip-based access control. As long as no ip is explicitly denied, all will be allowed. If you need a specic access list just echo it to 'allow_ip_list' file: $ echo '1.2.3.4' >> config/allow_ip_list And you don't need to restart the server, it will see the changes and update itself. You can also block hosts based on a regex pattern, to do that, echo the hosts you don't wish the proxy to serve to 'black_list' file: $ echo 'facebook.com' >> config/black_list More features coming later! ------------------------------------------------------------------------------ Happy proxying! Sincerely, Peteris Krumins http://www.catonmat.net
the documentation of nodejs is wrong, binary is not the default encoding.
It's not clearly defined in RFC, but in wiki (http://en.wikipedia.org/wiki/X-Forwarded-For), squid (http://www.squid-cache.org/Doc/config/follow_x_forwarded_for/ btw - they're inventors of X-Forwarded-For thing) and varnish and many other proxies real-client IP is the left one.
Line 220:
headers['X-Forwarded-For'] = request.connection.remoteAddress + ", " + headers['X-Forwarded-For'];
Should be:
headers['X-Forwarded-For'] = headers['X-Forwarded-For'] + ", " + request.connection.remoteAddress;
p.s. however, some popular servers, like nginx, break this rule and define most recent address at the left (like in your current implementation).
Handy, but would be more handy if it worked with https too.
node proxy.js
29 Apr 13:13:05 - Starting the proxy server on port '8080
29 Apr 13:13:05 - File './config/black_list' was not found.
29 Apr 13:13:05 - Updating allowed ip list.
/home/user/Projects/pkrumins-nodejs-proxy-594ff34/proxy.js:26
.split('\n')
^
TypeError: Object xx.xx.xx.xx <<< this was an IP address in the allow_ip_list file.
has no method 'split'
at /home/user/Projects/pkrumins-nodejs-proxy-594ff34/proxy.js:26:21
in update_iplist():
should stop watch the file before access it, otherwise may cause a dead loop.
ps. tested on gentoo
Can you add a flag into config.js
to specify ssl ciphers, similar to nginx, so we can support perfect forward secrecy?
ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
where is /path/to/. file?(config.js)
listen_ssl:[{
ip:'0.0.0.0',//all secure ipv4 interfaces
port:1443,
key:fs.readFileSync('/path/to/ssl.key'),
cert:fs.readFileSync('/path/to/ssl.crt'),
ca:[fs.readFileSync('/path/to/ca.pem'),
fs.readFileSync('/path/to/sub-ca.pem')]
},{
ip:'::',//all secure ipv6 interfaces
port:1443,
key:fs.readFileSync('/path/to/ssl.key'),
cert:fs.readFileSync('/path/to/ssl.crt'),
ca:[fs.readFileSync('/path/to/ca.pem'),
fs.readFileSync('/path/to/sub-ca.pem')]
}
]
where ?
thanks
When using this proxy as transparent proxy host is stripped from logs. Any idea why this happens?
If browser sends "Accept-Encoding: gzip, deflate" it never gets the complete response.
This causes many broken pages because of JavaScript errors.
The only way to solve this (as far as I found it) is to strip the "Accept-Encoding" header from the request but there should be a better solution.
21 Feb 14:09:23 - Starting reverse proxy server on port ':::80
21 Feb 14:09:23 - Updating host black list.
21 Feb 14:09:23 - Updating allowed ip list.
21 Feb 14:09:23 - File './config/hostfilters.js' was not found.
$ touch ./config/hostfilters.js
$ node proxy.js
21 Feb 14:09:54 - Starting reverse proxy server on port '0.0.0.0:80
21 Feb 14:09:54 - Starting reverse proxy server on port ':::80
21 Feb 14:09:54 - Updating host black list.
21 Feb 14:09:54 - Updating allowed ip list.
21 Feb 14:09:54 - Updating host filter
node.js:201
throw e; // process.nextTick error, or 'error' event on first tick
^
Error: listen EACCES
at errnoException (net.js:642:11)
at Array.0 (net.js:728:28)
at EventEmitter._tickCallback (node.js:192:40)
bti-7101:~/node.js/proxy
$
27 Oct 17:28:44 - 221.237.179.232: GET http://img3.cache.netease.com/house/2010/10/27/20101027100318059a4.jpg
node.js:50
throw e; // process.nextTick error, or 'error' event on first tick
^
Error: ETIMEDOUT, Connection timed out
at IOWatcher.callback (net.js:877:22)
at node.js:634:9
in parsing the incoming request, there is a little glitch in the port handling
http://github.com/pkrumins/nodejs-proxy/blob/master/proxy.js#L86
here in fact the port may be in the header 'host'
for reference http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html Host = "Host" ":" host [ ":" port ] ; Section 3.2.2.
The proxy should still run without https (ssl) support if no ssl.key is available.
node proxy.js
node.js:201
throw e; // process.nextTick error, or 'error' event on first tick
^
Error: ENOENT, no such file or directory 'D:\path\to\ssl.key'
at Object.openSync (fs.js:230:18)
at Object.readFileSync (fs.js:120:15)
at Object.<anonymous> (D:\pkrumins-nodejs-proxy\config.js:21:22)
at Module._compile (module.js:441:26)
at Object..js (module.js:459:10)
at Module.load (module.js:348:31)
at Function._load (module.js:308:12)
at Module.require (module.js:354:17)
at require (module.js:370:17)
at Object.<anonymous> (D:\pkrumins-nodejs-proxy\proxy.js:13:14)
Could you make it possible to run without ssl,ca,etc?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.