pkrumins / nodejs-proxy Goto Github PK

A HTTP proxy server written in node.js

Home Page: http://www.catonmat.net/http-proxy-in-nodejs

JavaScript 100.00%

nodejs-proxy's Introduction

Nodejs-proxy is a simple HTTP reverse proxy server written in node.js. It currently
allows some mid-complexity to handle the reverse proxy magic take place.

Nodejs-proxy was written by Peteris Krumins ([email protected]).
His blog is at http://www.catonmat.net  --  good coders code, great reuse.

------------------------------------------------------------------------------

You'll need node.js to run it. Get it at www.nodejs.org, then compile and
install it:

    $ ./configure
    $ make
    $ make install

Next, run proxy.js through node program:

    $ node proxy.js

And that's it!

I have also added ip-based access control. As long as no ip is explicitly denied,
all will be allowed. If you need a specic access list just echo it to
'allow_ip_list' file:

    $ echo '1.2.3.4' >> config/allow_ip_list

And you don't need to restart the server, it will see the changes and update
itself.

You can also block hosts based on a regex pattern, to do that, echo the hosts
you don't wish the proxy to serve to 'black_list' file:

    $ echo 'facebook.com' >> config/black_list


More features coming later!


------------------------------------------------------------------------------

Happy proxying!

Sincerely,
Peteris Krumins
http://www.catonmat.net

nodejs-proxy's People

Contributors

Stargazers

Watchers

Forkers

nborwankar twleung igorclark jacter justinrainbow guilhermebarile trutch andrijac chetansastry bradenpowers yadutaf gigonaut swbiggart itguy51 johnhoulder netconstructor cncolder zach-klippenstein dineshkummarc nhq gb96 shendongming tleach sumonsm ravenac95 kthguru nukedss elppac netcon-source open-source-gis san-diego-web-design brackets erlevorganization ikawka ramurc geoffos vaibhavguptaiitd justfathi felippenardi pxiq rdancer cobybrynte webshow chevett keif iimos johnmarkg luanferrari binarytemple dwijen jeffhigham x-panda fuctor wilsonhe marcocarnevale rbecher dig1234 liuyuqiang sbcd90 huangdehui2013 tapin13 pheart zinto fth-ship magicdice rjturek stephen-james whyjsee kevin-wang-cy alibam oliliango saberhaha oceanjack weaver-viii debraj1990 metax liufang mm3 gogaman7 varmamahesh mnjstwins fyunos ruby666 neoqmin git-host samdoitnow 200gautam schaulet rdsolink huoxudong125 denmerc terrason pitapun nodejsdevelopment crazyguitar dsahin jasoncmcg arlendotcn grixis-death-shadow guan001

nodejs-proxy's Issues

Process breaked on error

27 Oct 17:28:44 - 221.237.179.232: GET http://img3.cache.netease.com/house/2010/10/27/20101027100318059a4.jpg

node.js:50
    throw e; // process.nextTick error, or 'error' event on first tick
    ^
Error: ETIMEDOUT, Connection timed out
    at IOWatcher.callback (net.js:877:22)
    at node.js:634:9

Add support for https

Handy, but would be more handy if it worked with https too.

Incomplete response on gzipped requests

If browser sends "Accept-Encoding: gzip, deflate" it never gets the complete response.
This causes many broken pages because of JavaScript errors.
The only way to solve this (as far as I found it) is to strip the "Accept-Encoding" header from the request but there should be a better solution.

X-Forwarded-For IPs ordering issue

It's not clearly defined in RFC, but in wiki (http://en.wikipedia.org/wiki/X-Forwarded-For), squid (http://www.squid-cache.org/Doc/config/follow_x_forwarded_for/ btw - they're inventors of X-Forwarded-For thing) and varnish and many other proxies real-client IP is the left one.

Line 220:
headers['X-Forwarded-For'] = request.connection.remoteAddress + ", " + headers['X-Forwarded-For'];

Should be:
headers['X-Forwarded-For'] = headers['X-Forwarded-For'] + ", " + request.connection.remoteAddress;

p.s. however, some popular servers, like nginx, break this rule and define most recent address at the left (like in your current implementation).

encoding of proxy response should be set to 'binary"

the documentation of nodejs is wrong, binary is not the default encoding.

stop watch file before accessing to it

in update_iplist():

should stop watch the file before access it, otherwise may cause a dead loop.

ps. tested on gentoo

Unusable without SSL

Could you make it possible to run without ssl,ca,etc?

where is /path/to/. file?(config.js)

listen_ssl:[{
ip:'0.0.0.0',//all secure ipv4 interfaces
port:1443,
key:fs.readFileSync('/path/to/ssl.key'),
cert:fs.readFileSync('/path/to/ssl.crt'),
ca:[fs.readFileSync('/path/to/ca.pem'),
fs.readFileSync('/path/to/sub-ca.pem')]
},{
ip:'::',//all secure ipv6 interfaces
port:1443,
key:fs.readFileSync('/path/to/ssl.key'),
cert:fs.readFileSync('/path/to/ssl.crt'),
ca:[fs.readFileSync('/path/to/ca.pem'),
fs.readFileSync('/path/to/sub-ca.pem')]

        }   
       ]

where ?
thanks

fails to run if no ssl keys and certificates

The proxy should still run without https (ssl) support if no ssl.key is available.

node proxy.js

node.js:201
        throw e; // process.nextTick error, or 'error' event on first tick
              ^
Error: ENOENT, no such file or directory 'D:\path\to\ssl.key'
    at Object.openSync (fs.js:230:18)
    at Object.readFileSync (fs.js:120:15)
    at Object.<anonymous> (D:\pkrumins-nodejs-proxy\config.js:21:22)
    at Module._compile (module.js:441:26)
    at Object..js (module.js:459:10)
    at Module.load (module.js:348:31)
    at Function._load (module.js:308:12)
    at Module.require (module.js:354:17)
    at require (module.js:370:17)
    at Object.<anonymous> (D:\pkrumins-nodejs-proxy\proxy.js:13:14)

Fails to run if no host filters created

21 Feb 14:09:23 - Starting reverse proxy server on port ':::80
21 Feb 14:09:23 - Updating host black list.
21 Feb 14:09:23 - Updating allowed ip list.
21 Feb 14:09:23 - File './config/hostfilters.js' was not found.

$ touch ./config/hostfilters.js

$ node proxy.js
21 Feb 14:09:54 - Starting reverse proxy server on port '0.0.0.0:80
21 Feb 14:09:54 - Starting reverse proxy server on port ':::80
21 Feb 14:09:54 - Updating host black list.
21 Feb 14:09:54 - Updating allowed ip list.
21 Feb 14:09:54 - Updating host filter

node.js:201
throw e; // process.nextTick error, or 'error' event on first tick
^
Error: listen EACCES
at errnoException (net.js:642:11)
at Array.0 (net.js:728:28)
at EventEmitter._tickCallback (node.js:192:40)
bti-7101:~/node.js/proxy
$

Strange issue with hostname (transparent proxy)

When using this proxy as transparent proxy host is stripped from logs. Any idea why this happens?

Support configuring ssl ciphers

Can you add a flag into config.js to specify ssl ciphers, similar to nginx, so we can support perfect forward secrecy?

ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

port handling in incoming request

in parsing the incoming request, there is a little glitch in the port handling

http://github.com/pkrumins/nodejs-proxy/blob/master/proxy.js#L86

here in fact the port may be in the header 'host'

for reference http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html Host = "Host" ":" host [ ":" port ] ; Section 3.2.2.

error relating to split command on ubuntu 10.10 node.js 0.5.0 pre

node proxy.js
29 Apr 13:13:05 - Starting the proxy server on port '8080
29 Apr 13:13:05 - File './config/black_list' was not found.
29 Apr 13:13:05 - Updating allowed ip list.

/home/user/Projects/pkrumins-nodejs-proxy-594ff34/proxy.js:26
.split('\n')
^
TypeError: Object xx.xx.xx.xx <<< this was an IP address in the allow_ip_list file.
has no method 'split'
at /home/user/Projects/pkrumins-nodejs-proxy-594ff34/proxy.js:26:21