A NodeJS based proxy service for the British Columbia Health Gateway application.
- Proxy to target base URL
- Replays body and query parameters
- Adds HTTP Basic and Client Certificate Authentication
- Logs to console
- Utility to convert file like a PEM to base64 string
base64encode.jsfor use in configuration
- node@>=10.15.1
- npm@>=6.13.4
- GIT
All configuration is done via a user's shell environment variable and read in NodeJS via process.env
| Name | Description |
|---|---|
| TARGET_URL | Base URL to send HTTPS request |
| TARGET_USERNAME_PASSWORD | For HTTPS Basic the username:password, leave blank for no basic |
| USE_MUTUAL_TLS | Turns on and off Mutual TLS to target. Always true unless you are debugging |
| MUTUAL_TLS_PEM_KEY_BASE64 | A base64 encoded PEM key string |
| MUTUAL_TLS_PEM_KEY_PASSPHRASE | The passphrase for the above PEM key |
| MUTUAL_TLS_PEM_CERT | The client certificate for the above KEY in a base64 encoded PEM format |
| SECURE_MODE | Insecure mode allows untrusted targets. Always true unless you are debugging |
| USE_AUTH_TOKEN | Use Auth Token in all SSL. If true must configure AUTH_TOKEN_KEY |
| AUTH_TOKEN_KEY | Authentication Key used in all SSL |
| USE_SPLUNK | Turns on and off loggging to Splunk Forwarder, If true, must configure LOGGER_HOST, LOGGER_PORT and SPLUNK_AUTH_TOKEN |
| LOGGER_HOST | Host name for the Splunk Forwarder |
| LOGGER_PORT | Port for the Splunk Forwarder |
| SPLUNK_AUTH_TOKEN | Authorization token required to use the splunk server |
| LOG_LEVEL | optional - 'debug', 'info' |
| PATH_REWRITE | Rewrite target's url path, items are key:value, multiple items are sparated by comma (e.g. /odr/:/pgw/medhist/ or /odr/:/pgw/medhist/,/poc/:/pgw/) Note order matters |
Requires OpenSSL CLI installed on workstation
If you want to extract private key from a pfx file and write it to PEM file
openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem
If you want to extract the certificate file (the signed public key) from the pfx file
openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem
If you want to base64encode a file, i.e., like the PEMs above:
cd <Root of healthgateproxy>
node ./base64encode.js <filename>
Add these to the OpenShift env vars, do NOT save any certificates to GitHub.
To ensure the target's mutual SSL/TLS is configured correctly, try this command:
openssl s_client -showcerts -connect <servername>:<port> -servername <servername>
After cloning this repository on your local filesystem, log into the openshift console gui and navigate to the tools project. Import the build config (bc) from .../openshift/templates/healthgateproxy-build.json. Before importing, look for xx-tools namespace and change it to the name of your tools project. Now you can navigate to the builds, and build the healthgateproxy. Note that this will only build the image with the tag "latest".
For each of the runtime projects (ie. dev, test, prod): Navigate to the runtime project (say dev). Import the deploy config (dc) from .../openshift/templates/healthgateproxy-deploy.json. Before importing, look for xx-tool namespace and change it to the name of your tools project. Create the deployment. Make sure the permissions are setup for dev to see tools images. Tag the tools' image as dev, see below.
To promote a build to your runtime projects (ie. dev, test, prod):
oc tag <yourproject-tools>/healthgateproxy:latest <yourproject-dev>/healthgateproxy:dev
The above command will deploy the latest runtime image to dev env.