nodejs bigquery client fails for ssl error, if run behind corporate proxy

[hyginous29]

It seems bigquery client uses axios, which has issues connecting via corporate proxy. Is there a fix for this ?

I am using "@google-cloud/bigquery": "^1.2.0",

Below is the error log.

[0] ERROR: { Error: write EPROTO 140736266007488:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:827:
[0]
[0] at _errnoException (util.js:1022:11)
[0] at WriteWrap.afterWrite [as oncomplete] (net.js:880:14)
[0] code: 'EPROTO',
[0] errno: 'EPROTO',
[0] syscall: 'write',
[0] config:
[0] { adapter: [Function: httpAdapter],
[0] transformRequest: { '0': [Function: transformRequest] },
[0] transformResponse: { '0': [Function: transformResponse] },
[0] timeout: 0,
[0] xsrfCookieName: 'XSRF-TOKEN',
[0] xsrfHeaderName: 'X-XSRF-TOKEN',
[0] maxContentLength: -1,
[0] validateStatus: [Function: validateStatus],
[0] headers:
[0] { Accept: 'application/json, text/plain, /',
[0] 'Content-Type': 'application/x-www-form-urlencoded',
[0] 'User-Agent': 'axios/0.18.0',
[0] 'Content-Length': 709,
[0] host: 'www.googleapis.com' },
[0] method: 'post',
[0] url: 'https://www.googleapis.com/oauth2/v4/token',
[0] data: 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJzdmMtYXhwLWdjcC1iaWdxdWVyeUBheHAtbXdlLXJ1bS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsInNjb3BlIjoiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vYXV0aC9iaWdxdWVyeSIsImF1ZCI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92NC90b2tlbiIsImV4cCI6MTUyNTM2Mjg0OSwiaWF0IjoxNTI1MzU5MjQ5fQ.HnJ6xssGIr7-VIYL6SPiwfwDBttAfa_pkqdUldiH4ljzfseg-CcQcW1fhqIX_f8z9xWfO8Q8HbeIMkQK0xpNm7JWCJK0KiYLH0ph1-eoVsyMbQZRHhIvaCxTYUqtdIym3ol9gScz3p_hYT4sGtbLOX60wEnZEAB-pE0yOU99VyGxzhHpZ5WZB7wlDKr7i0TwOKzkWGxiHtNDoykd-6as1iqOWjlgGDQvilbxsOED34kFIb1Sjrs3n9lFKWP6h6lqRQFm5DjNtWpYV2_CGsLgm3oIPfw_hSIS7DUQMthWSB3RWb_YwXAxT3MAf9qErE2gpyNsUlietUs6PNB0_91MSg' },
[0] request:
[0] Writable {
[0] _writableState:
[0] WritableState {
[0] objectMode: false,
[0] highWaterMark: 16384,
[0] finalCalled: false,
[0] needDrain: false,
[0] ending: false,
[0] ended: false,
[0] finished: false,
[0] destroyed: false,
[0] decodeStrings: true,
[0] defaultEncoding: 'utf8',
[0] length: 0,
[0] writing: false,
[0] corked: 0,
[0] sync: true,
[0] bufferProcessing: false,
[0] onwrite: [Function: bound onwrite],
[0] writecb: null,
[0] writelen: 0,
[0] bufferedRequest: null,
[0] lastBufferedRequest: null,
[0] pendingcb: 0,
[0] prefinished: false,
[0] errorEmitted: false,
[0] bufferedRequestCount: 0,
[0] corkedRequestsFree: [Object] },
[0] writable: true,
[0] domain: null,
[0] _events:
[0] { response: [Function: handleResponse],
[0] error: [Function: handleRequestError] },
[0] _eventsCount: 2,
[0] _maxListeners: undefined,
[0] _options:
[0] { protocol: 'https:',
[0] maxRedirects: 21,
[0] maxBodyLength: 10485760,
[0] path: 'https://www.googleapis.com/oauth2/v4/token',
[0] method: 'post',
[0] headers: [Object],
[0] agent: undefined,
[0] auth: undefined,
[0] hostname: 'proxy..com',
[0] port: '8080',
[0] host: 'proxy..com',
[0] nativeProtocols: [Object],
[0] pathname: 'https://www.googleapis.com/oauth2/v4/token' },
[0] _redirectCount: 0,
[0] _requestBodyLength: 709,
[0] _requestBodyBuffers: [ [Object] ],
[0] _onNativeResponse: [Function],
[0] _currentRequest:
[0] ClientRequest {
[0] domain: null,
[0] _events: [Object],
[0] _eventsCount: 6,
[0] _maxListeners: undefined,
[0] output: [],
[0] outputEncodings: [],
[0] outputCallbacks: [],
[0] outputSize: 0,
[0] writable: true,
[0] _last: true,
[0] upgrading: false,
[0] chunkedEncoding: false,
[0] shouldKeepAlive: false,
[0] useChunkedEncodingByDefault: true,
[0] sendDate: false,
[0] _removedConnection: false,
[0] _removedContLen: false,
[0] _removedTE: false,
[0] _contentLength: null,
[0] _hasBody: true,
[0] _trailer: '',
[0] finished: true,
[0] _headerSent: true,
[0] socket: [Object],
[0] connection: [Object],
[0] _header: 'POST https://www.googleapis.com/oauth2/v4/token HTTP/1.1\r\nAccept: application/json, text/plain, /\r\nContent-Type: application/x-www-form-urlencoded\r\nUser-Agent: axios/0.18.0\r\nContent-Length: 709\r\nhost: www.googleapis.com\r\nConnection: close\r\n\r\n',
[0] _onPendingData: [Function: noopPendingOutput],
[0] agent: [Object],
[0] socketPath: undefined,
[0] timeout: undefined,
[0] method: 'POST',
[0] path: 'https://www.googleapis.com/oauth2/v4/token',
[0] _ended: false,
[0] res: null,
[0] aborted: undefined,
[0] timeoutCb: null,
[0] upgradeOrConnect: false,
[0] parser: null,
[0] maxHeadersCount: null,
[0] _redirectable: [Circular],
[0] [Symbol(outHeadersKey)]: [Object] },
[0] _currentUrl: 'https://proxy.***.com/https://www.googleapis.com/oauth2/v4/token' },

[eduardotrova]

+1 Same problem here

[Mark-McCracken]

Did anyone manage to get a solution for this? I'm having the same problem

[stephenplusplus]

This seems like a possible duplicate of googleapis/nodejs-storage#277, in that proxy problems all lead to an issue in one dependency. Please follow along there for some discussion that might be useful.

[JustinBeckwith]

FYI @fhinkel

[fzondlo]

The corporate proxy that we use requires an HTTP tunnel. Here's the code we used to get things working:

// this is a nodejs lib, to install do `npm install tunnel`
const tunnel = require('tunnel');

// This tunnel is the secret sauce and will need to be used
// with both axios and https
firewallTunnel = tunnel.httpsOverHttp({
  proxy: {
    host: 'some-firewall-url.com',
    port: '4153'
  }
});

// BigQuery javascript lib uses this whenever a call is made to pull or
// push data to and from BigQuery. This code include the firewall tunnel 
// on every request. You may want to add some kind of if statement
// if you only need the tunnel for certain URLs
const httpsPrepend = (httpModule) => {
  const original = httpModule.request;

  httpModule.request = function(options, callback) {
    return original({...options, agent: firewallTunnel}, callback);
  };
};

httpsPrepend(require("https")); // we include https and apply the fix above

// Axios library is used by BigQuery to authenticate so we'll need to patch
// that too.
const axiosPrependConfig = {
  baseURL: 'https://www.googleapis.com',
  httpsAgent: firewallTunnel,
  proxy: false,
}

// Our application only uses axios for bigquery so we are good to 
// replace the url. If you use axios for other calls, you'll need to adjust.
// The important call out here is that the URL should have :443 at the end
// and have the tunnel object
const axiosPrepend = (axios) => {
  const original = axios.post;
  axios.post = (url, data, config) => {
    const newUrl = "https://www.googleapis.com:443/oauth2/v4/token"
    const newConfig = {...config, ...axiosPrependConfig}
    if(process.env.AXIOS_LOGS)
      console.log( "axios-prepend: ", JSON.stringify({newUrl, data, newConfig}))
    return original(newUrl, data, newConfig)
  };
};

axiosPrepend(require("axios")); // we include https and apply the fix above

Hope this helps someone!

Better solution would be to make a PR, will do at some point when time allows.

[callmehiphop]

@stephenplusplus I know you were doing some work with proxies, did it resolve this issue?

[JustinBeckwith]

This really should be fixed with the upgrade to teeny-request in common.

[callmehiphop]

Haven't seen any activity here in a while, I'm going to assume that the move to teeny-request has resolved this. If anyone continues to experience similar issues, please let us know and we'll be happy to re-open. 😎