Nodejs Https Proxy
HTTPS Proxy Server in node.js – Stack Overflow
Solutions barely exist for this, and the documentation is poor at best for supporting both on one server. The trick here is to understand that client proxy configurations may send requests to an proxy server. This is true for Firefox if you specify an HTTP proxy and then check “same for all protocols”.
You can handle connections sent to an HTTP server by listening for the “connect” event. Note that you won’t have access to the response object on the connect event, only the socket and bodyhead. Data sent over this socket will remain encrypted to you as the proxy server.
In this solution, you don’t have to make your own certificates, and you won’t have certificate conflicts as a result. The traffic is simply proxied, not intercepted and rewritten with different certificates.
// Install npm dependencies first
// npm init
// npm install –save url@0. 10. 3
// npm install –save -proxy@1. 11. 1
var Proxy = require(“-proxy”);
var = require(“”);
var url = require(“url”);
var net = require(‘net’);
var server = eateServer(function (req, res) {
var urlObj = ();
var target = otocol + “//” +;
(“Proxy HTTP request for:”, target);
var proxy = eateProxyServer({});
(“error”, function (err, req, res) {
(“proxy error”, err);
();});
(req, res, {target: target});})(8080); //this is the port your clients will connect to
var regex_hostport = /^([^:]+)(:([0-9]+))? $/;
var getHostPortFromString = function (hostString, defaultPort) {
var host = hostString;
var port = defaultPort;
var result = (hostString);
if (result! = null) {
host = result[1];
if (result[2]! = null) {
port = result[3];}}
return ( [host, port]);};
dListener(‘connect’, function (req, socket, bodyhead) {
var hostPort = getHostPortFromString(, 443);
var hostDomain = hostPort[0];
var port = parseInt(hostPort[1]);
(“Proxying HTTPS request for:”, hostDomain, port);
var proxySocket = new ();
nnect(port, hostDomain, function () {
(bodyhead);
(“HTTP/” + tpVersion + ” 200 Connection established\r\n\r\n”);});
(‘data’, function (chunk) {
(chunk);});
(‘end’, function () {
(‘error’, function () {
(“HTTP/” + tpVersion + ” 500 Connection error\r\n\r\n”);
();});});
https-proxy-agent – npm
An HTTP(s) proxy implementation for HTTPS
This module provides an implementation that connects to a specified
HTTP or HTTPS proxy server, and can be used with the built-in module.
Specifically, this Agent implementation connects to an intermediary “proxy”
server and issues the CONNECT HTTP method, which tells the proxy to
open a direct TCP connection to the destination server.
Since this agent implements the CONNECT HTTP method, it also works with other
protocols that use this method when connecting over proxies (i. e. WebSockets).
See the “Examples” section below for more.
Installation
Install with npm:
$ npm install -proxy-agentExamples
module example
var url = require(‘url’);var = require(”);var HttpsProxyAgent = require(‘-proxy-agent’);var proxy = || ”;(‘using proxy server%j’, proxy);var endpoint = [2] || ”;(‘attempting to GET%j’, endpoint);var options = (endpoint);var agent = new HttpsProxyAgent(proxy); = agent;(options, function (res) { (‘”response” event! ‘, res. headers); ();});ws WebSocket connection example
var url = require(‘url’);var WebSocket = require(‘ws’);var HttpsProxyAgent = require(‘-proxy-agent’);var proxy = || ”;(‘using proxy server%j’, proxy);var endpoint = [2] || ‘ws’;var parsed = (endpoint);(‘attempting to connect to WebSocket%j’, endpoint);var options = (proxy);var agent = new HttpsProxyAgent(options);var socket = new WebSocket(endpoint, { agent: agent});(‘open’, function () { (‘”open” event! ‘); (‘hello world’);});(‘message’, function (data, flags) { (‘”message” event! %j%j’, data, flags); ();});API
new HttpsProxyAgent(Object options)
The HttpsProxyAgent class implements an subclass that connects
to the specified “HTTP(s) proxy server” in order to proxy HTTPS and/or WebSocket
requests. This is achieved by using the HTTP CONNECT method.
The options argument may either be a string URI of the proxy server to use, or an
“options” object with more specific properties:
host – String – Proxy host to connect to (may use hostname as well). Required.
port – Number – Proxy port to connect to. Required.
protocol – String – If:, then use TLS to connect to the proxy.
headers – Object – Additional HTTP headers to be sent on the HTTP CONNECT method.
Any other options given are passed to the nnect()/nnect() functions.
License
(The MIT License)
Copyright (c) 2013 Nathan Rajlich <>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
‘Software’), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED ‘AS IS’, WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
A full-featured http proxy for node.js – GitHub
node–proxy is an HTTP programmable proxying library that supports
websockets. It is suitable for implementing components such as reverse
proxies and load balancers.
Table of Contents
Installation
Upgrading from 0. 8. x?
Core Concept
Use Cases
Setup a basic stand-alone proxy server
Setup a stand-alone proxy server with custom server logic
Setup a stand-alone proxy server with proxy request header re-writing
Modify a response from a proxied server
Setup a stand-alone proxy server with latency
Using HTTPS
Proxying WebSockets
Options
Listening for proxy events
Shutdown
Miscellaneous
Test
ProxyTable API
Logo
Contributing and Issues
License
npm install -proxy –save
Back to top
Click here
A new proxy is created by calling createProxyServer and passing
an options object as argument (valid properties are available here)
var Proxy = require(‘-proxy’);
var proxy = eateProxyServer(options); // See (†)
†Unless listen(.. ) is invoked on the object, this does not create a webserver. See below.
An object will be returned with four methods:
web req, res, [options] (used for proxying regular HTTP(S) requests)
ws req, socket, head, [options] (used for proxying WS(S) requests)
listen port (a function that wraps the object in a webserver, for your convenience)
close [callback] (a function that closes the inner webserver and stops listening on given port)
It is then possible to proxy requests by calling these functions
eateServer(function(req, res) {
(req, res, { target: ”});});
Errors can be listened on either using the Event Emitter API
(‘error’, function(e) {… });
or using the callback API
(req, res, { target: ”}, function(e) {… });
When a request is proxied it follows two different pipelines (available here)
which apply transformations to both the req and res object.
The first pipeline (incoming) is responsible for the creation and manipulation of the stream that connects your client to the target.
The second pipeline (outgoing) is responsible for the creation and manipulation of the stream that, from your target, returns data
to the client.
var = require(”),
Proxy = require(‘-proxy’);
//
// Create your proxy server and set the target in the options.
eateProxyServer({target:’localhost:9000′})(8000); // See (†)
// Create your target server
eateServer(function (req, res) {
res. writeHead(200, { ‘Content-Type’: ‘text/plain’});
(‘request successfully proxied! ‘ + ‘\n’ + ringify(req. headers, true, 2));
();})(9000);
†Invoking listen(.. ) triggers the creation of a web server. Otherwise, just the proxy instance is created.
This example shows how you can proxy a request using your own HTTP server
and also you can put your own logic to handle the request.
// Create a proxy server with custom application logic
var proxy = eateProxyServer({});
// Create your custom server and just call `()` to proxy
// a web request to the target passed in the options
// also you can use `()` to proxy a websockets request
var server = eateServer(function(req, res) {
// You can define here your custom logic to handle the request
// and then proxy the request.
(“listening on port 5050″)
(5050);
This example shows how you can proxy a request using your own HTTP server that
modifies the outgoing proxy request by adding a special header.
// To modify the proxy connection before data is sent, you can listen
// for the ‘proxyReq’ event. When the event is fired, you will receive
// the following arguments:
// (ientRequest proxyReq, comingMessage req,
// rverResponse res, Object options). This mechanism is useful when
// you need to modify the proxy request before the proxy connection
// is made to the target.
(‘proxyReq’, function(proxyReq, req, res, options) {
tHeader(‘X-Special-Proxy-Header’, ‘foobar’);});
(req, res, {
target: ”});});
Sometimes when you have received a HTML/XML document from the server of origin you would like to modify it before forwarding it on.
Harmon allows you to do this in a streaming style so as to keep the pressure on the proxy to a minimum.
// Create a proxy server with latency
var proxy = eateProxyServer();
// Create your server that makes an operation that waits a while
// and then proxies the request
// This simulates an operation that takes 500ms to execute
setTimeout(function () {
target: ‘localhost:9008’});}, 500);})(8008);
(‘request successfully proxied to: ‘ + + ‘\n’ + ringify(req. headers, true, 2));
();})(9008);
You can activate the validation of a secure SSL certificate to the target connection (avoid self-signed certs), just set secure: true in the options.
HTTPS -> HTTP
// Create the HTTPS proxy server in front of a HTTP server
eateServer({
target: {
host: ‘localhost’,
port: 9009},
ssl: {
key: adFileSync(”, ‘utf8’),
cert: adFileSync(”, ‘utf8’)}})(8009);
HTTPS -> HTTPS
// Create the proxy server listening on port 443
cert: adFileSync(”, ‘utf8’)},
target: ‘localhost:9010’,
secure: true // Depends on your needs, could be false. })(443);
HTTP -> HTTPS (using a PKCS12 client certificate)
// Create an HTTP proxy server with an HTTPS target
eateProxyServer({
protocol: ‘:’,
host: ‘my-domain-name’,
port: 443,
pfx: adFileSync(‘path/to/certificate. p12’),
passphrase: ‘password’, },
changeOrigin: true, })(8000);
You can activate the websocket support for the proxy using ws:true in the options.
// Create a proxy server for websockets
target: ‘wslocalhost:9014’,
ws: true})(8014);
Also you can proxy the websocket requests just calling the ws(req, socket, head) method.
// Setup our server to proxy standard HTTP requests
var proxy = new eateProxyServer({
port: 9015}});
var proxyServer = eateServer(function (req, res) {
(req, res);});
// Listen to the `upgrade` event and proxy the
// WebSocket requests as well.
(‘upgrade’, function (req, socket, head) {
(req, socket, head);});
(8015);
eateProxyServer supports the following options:
target: url string to be parsed with the url module
forward: url string to be parsed with the url module
agent: object to be passed to (s). request (see Node’s agent and agent objects)
ssl: object to be passed to eateServer()
ws: true/false, if you want to proxy websockets
xfwd: true/false, adds x-forward headers
secure: true/false, if you want to verify the SSL Certs
toProxy: true/false, passes the absolute URL as the path (useful for proxying to proxies)
prependPath: true/false, Default: true – specify whether you want to prepend the target’s path to the proxy path
ignorePath: true/false, Default: false – specify whether you want to ignore the proxy path of the incoming request (note: you will have to append / manually if required).
localAddress: Local interface string to bind for outgoing connections
changeOrigin: true/false, Default: false – changes the origin of the host header to the target URL
preserveHeaderKeyCase: true/false, Default: false – specify whether you want to keep letter case of response header key
auth: Basic authentication i. e. ‘user:password’ to compute an Authorization header.
hostRewrite: rewrites the location hostname on (201/301/302/307/308) redirects.
autoRewrite: rewrites the location host/port on (201/301/302/307/308) redirects based on requested host/port. Default: false.
protocolRewrite: rewrites the location protocol on (201/301/302/307/308) redirects to ” or ”. Default: null.
cookieDomainRewrite: rewrites domain of set-cookie headers. Possible values:
false (default): disable cookie rewriting
String: new domain, for example cookieDomainRewrite: “”. To remove the domain, use cookieDomainRewrite: “”.
Object: mapping of domains to new domains, use “*” to match all domains.
For example keep one domain unchanged, rewrite one domain and remove other domains:
cookieDomainRewrite: {
“”: “”,
“*”: “”}
cookiePathRewrite: rewrites path of set-cookie headers. Possible values:
String: new path, for example cookiePathRewrite: “/newPath/”. To remove the path, use cookiePathRewrite: “”. To set path to root use cookiePathRewrite: “/”.
Object: mapping of paths to new paths, use “*” to match all paths.
For example, to keep one path unchanged, rewrite one path and remove other paths:
cookiePathRewrite: {
“/”: “/”,
headers: object with extra headers to be added to target requests.
proxyTimeout: timeout (in millis) for outgoing proxy requests
timeout: timeout (in millis) for incoming requests
followRedirects: true/false, Default: false – specify whether you want to follow redirects
selfHandleResponse true/false, if set to true, none of the webOutgoing passes are called and it’s your responsibility to appropriately return the response by listening and acting on the proxyRes event
buffer: stream of data to send as the request body. Maybe you have some middleware that consumes the request stream before proxying it on e. g. If you read the body of a request into a field called ‘req. rawbody’ you could restream this field in the buffer option:
‘use strict’;
const streamify = require(‘stream-array’);
const HttpProxy = require(‘-proxy’);
const proxy = new HttpProxy();
module. exports = (req, res, next) => {
target: ‘localhost:4003/’,
buffer: streamify(req. rawBody)}, next);};
NOTE:
and are optional.
and rward cannot both be missing
If you are using the method, the following options are also applicable:
error: The error event is emitted if the request to the target fail. We do not do any error handling of messages passed between client and proxy, and messages passed between proxy and target, so it is recommended that you listen on errors and handle them.
proxyReq: This event is emitted before the data is sent. It gives you a chance to alter the proxyReq request object. Applies to “web” connections
proxyReqWs: This event is emitted before the data is sent. Applies to “websocket” connections
proxyRes: This event is emitted if the request to the target got a response.
open: This event is emitted once the proxy websocket was created and piped into the target websocket.
close: This event is emitted once the proxy websocket was closed.
(DEPRECATED) proxySocket: Deprecated in favor of open.
// Error example
// Http Proxy Server with bad target
var proxy = eateServer({
target:’localhost:9005′});
(8005);
// Listen for the `error` event on `proxy`.
(‘error’, function (err, req, res) {
res. writeHead(500, {
‘Content-Type’: ‘text/plain’});
(‘Something went wrong. And we are reporting a custom error message. ‘);});
// Listen for the `proxyRes` event on `proxy`.
(‘proxyRes’, function (proxyRes, req, res) {
(‘RAW Response from the target’, ringify(proxyRes. headers, true, 2));});
// Listen for the `open` event on `proxy`.
(‘open’, function (proxySocket) {
// listen for messages coming FROM the target here
(‘data’, hybiParseAndLogMessage);});
// Listen for the `close` event on `proxy`.
(‘close’, function (res, socket, head) {
// view disconnected websocket connections
(‘Client disconnected’);});
When testing or running server within another program it may be necessary to close the proxy.
This will stop the proxy from accepting new connections.
port: 1337}});
();
If you want to handle your own response after receiving the proxyRes, you can do
so with selfHandleResponse. As you can see below, if you use this option, you
are able to intercept and read the proxyRes but you must also make sure to
reply to the res itself otherwise the original client will never receive any
data.
Modify response
var option = {
target: target,
selfHandleResponse: true};
var body = [];
(‘data’, function (chunk) {
(chunk);});
(‘end’, function () {
body = (body). toString();
(“res from proxied server:”, body);
(“my response to cli”);});});
(req, res, option);
A proxy table API is available through this add-on module, which lets you define a set of rules to translate matching routes to target routes that the reverse proxy will talk to.
Logo created by Diego Pasquali
Read carefully our Code Of Conduct
Search on Google/Github
If you can’t find anything, open an issue
If you feel comfortable about fixing the issue, fork the repo
Commit to your local branch (which must be different from master)
Submit your Pull Request (be sure to include tests and update documentation)
The MIT License (MIT)
Copyright (c) 2010 – 2016 Charlie Robbins, Jarrett Cruger & the Contributors.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the “Software”), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.