Proxy chain with SSL (connect)

[earroyoron]

Despite the awesome module, I can't get a proxy chain when using SSL, and I have try everything, so maybe here someone can help me:

• A proxy chain where a client sends to an HTTP proxy, and this to another HTTP proxy is not a problem and runs perfect with nodejistu proxy module, great!
• But in my case the client request for a HTTP final target (https://somewhere.com) so the client use a CONNECT against the proxy, and the proxy will not connect to somewhere; my problem is that I need to forward to another proxy that finally has to connect to somewhere.com
  In any case I can get the client connected and using the proxy-chain and I do not found how to resolve this.

The main idea is that the first proxy is somehow like a balancer that gets the better 2nd proxy for each request.

Not sure if this post is appropiate as an issue but didnt find a better place :o(

[jcrugzz]

@earroyoron could you give some code and maybe be more specific on the issue? If there is another proxy in the mix that is being tunneled through, you probably want to pass in something like tunnel as an agent. This is common for corporate proxies. Otherwise I'm not quite sure what you are trying to do so more info would help :)

[earroyoron]

@jcrugzz Trying to be more specific:

I have the below code working; in that scenario:
CLIENT --> PROXY --> TARGET (https://somewhere.com)
But I need that proxy do not connect to target. My proxy has a list of operative proxies and I have to use a different one for each client request so:
CLIENT --> PROXY --> PROXY2 --> TARGET
Here I cannot manage that proxy will forward the client, I think due to the connect (proxies are http but final target is ssl)

This is my code working for the first scenario:

// Create an HTTP tunneling proxy
var proxy = http.createServer(function (req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('okay');
});

proxy.on('connect', function(req, cltSocket, head) {
// connect to an origin server
var srvUrl = url.parse('https://' + req.url);
console.log(JSON.stringify(srvUrl) + ";"+srvUrl.port + 'host'+srvUrl.hostname
);
var srvSocket = net.connect({'port': srvUrl.port, 'host':srvUrl.hostname}, function() {
cltSocket.write('HTTP/1.1 200\r\n' +'Proxy-agent: Node-Proxy\r\n' + '\r\n');
srvSocket.write(head);
srvSocket.pipe(cltSocket);
cltSocket.pipe(srvSocket);
});
});

[gm112]

Have the proxy forward the request data to an http.request() method, and then in the callback function, pipe the response back to the proxy and that'll allow you to use node-http-proxy in the manner you're describing.

Also keep in mind that tunneling SSL is somewhat difficult. So, I suggest referring to the pem module for help in resigning the certificate for when the proxy communicates back to the client, it still shows as a trusted connection.

[odmarkj]

@gm112 I tried to email you, but it looks like your domain is down.

Can you give an example of what that would look like? A forwarded request using http.request?

[gm112]

http://nodejs.org/api/http.html#http_http_request_options_callback

This is the method you would use. So, add a listener on your HTTPS server, "connect", (http://nodejs.org/api/http.html#http_event_connect) and within this body, use the http.request method to call out to where ever you're going.

Mind you, if you're trying to tunnel SSL to any site, you're going to have to generate SSL certs on your SNI callback method. Otherwise, you're fine just using whatever cert you provide the https.createServer() method. If I wasn't mobile I'd give you sample code but I tried my best to point you in the direction atm. ;)

[odmarkj]

I am still not 100% sure how to accomplish this. I looked at the http.request method, but it doesn't look like you can set a proxy on that. I am trying to do the same thing described above:

CLIENT --> PROXY --> PROXY2 --> TARGET
CLIENT --> PROXY --> PROXY3 --> TARGET
CLIENT --> PROXY --> PROXY4 --> TARGET

Etc.

[gm112]

http.request(); itself doesn't proxy.

Here, take this really rough code for example. And it sounds like what you're doing can be accomplished by using node-cluster in conjunction with node-http-proxy and the http/https/url libraries.

Cluster would act as the main "Proxy" or "load-balancer", then Proxies 0 - 4 would be your worker processes, which would then forward the request to the target and finaly back around to the client.

// Setup HTTP server
self.httpsServer = https.createServer(self.onRequest);
...
then you add a listener...

self.httpServer.addListener('connect', function (request, socket, head) {
...
...
use node-http-proxy here and pass on the request,socket,and head.
}

var onRequest = function (request, response) {
var tunnelRequest = (request.url.protocol === 'https:' ? https : http).request(request.options, function (proxyResponse) {
...
add event listeners here. Refer to http://nodejs.org/api/http.html#http_http_request_options_callback

..

}

tunnelRequest.on('end', function () {
console.log('closing tunnel');
});

tunnelRequest.on('error', function(error) {
console.log('Oh noz' + error.message);
});

}

[odmarkj]

I think my problem is here: use node-http-proxy here and pass on the request,socket,and head.

I can catch the connect event, but no matter what code I put in there, I cannot get a successful response to the client. Even if I forget the PROXY2 or PROXY3 value.

proxy_server.ws(req, socket, head);

Would you be willing to consult for a quick period of time? I really want to get past this bug.

[regevbr]

Working gist - https://gist.github.com/regevbr/de3f5e0475aedd9081608663241bee10