Proxy to an HTTPS server with client cert validation isn't working?

[atalis]

I'm trying to create a proxy to an https server that is setup for client certificate authentication. I'm passing the certificate and the key to the proxy via the ssl object, but the connection is not being established. Here's my code:

var pcert = fs.readFileSync('./client_cert.pem');
var pkey = fs.readFileSync('./private_key.pem');

proxy = httpProxy.createProxyServer({
target: 'https://my.backend.server',
json: true,
ssl: {
key: pkey,
cert: pcert
}
}.listen(8000);

The following code (written by someone else) creates a stand-alone server that passes client requests to the same backend server, with the same certificate/key, and it's working:

http.createServer(onRequest).listen(3030);

function onRequest(client_req, client_res) {
var pcert = fs.readFileSync('./portal_client_cert.pem');
var pkey = fs.readFileSync('./private_key.pem');

var options = {
key: pkey,
cert: pcert,
agent: false,
host: 'my.backend.server',
method: client_req.method,
path: client_req.url,
json: true,
headers:{
Host: 'my.backend.server'
}
};

var proxy = https.get(options, function(res) {
res.pipe(client_res, {
end: true
});
}

I'd like to create a proxy server instead of a standalone server, so that I could pass it to the Gulp server we're using. I tried passing the cert and the key as part of the target object instead, but that doesn't work either:

target: {
host: 'my.backend.server',
port: 443,
protocol: 'https:',
key: pkey,
cert: pcert,
}

What am I missing?

[JoA-MoS]

Did you find any resolution to this I am having a similar problem and the target server keeps telling me that the cert is missing when I set the options in an object and pass the object to createProxyServer

[JoA-MoS]

Or when specifying the options like this:

var proxy = httpProxy.createProxyServer({ target: 'https://targetserver/', ssl: { key: privateKey, cert: certificate, ca: [ caChain ], }, secure: false }).listen(3002, function(){ console.log('proxy server listening on port 3002'); });

I get:

{ [Error: read ECONNRESET] code: 'ECONNRESET', errno: 'ECONNRESET', syscall: 'read' }

[atalis]

Actually, I don't quite remember. I left the project several months ago, and some requirements changed before then, so the code was rehashed. I think I ended up doing something like this (but don't quote me on this):

var httpProxy = require('http-proxy');
...
var app = express();
// Initialize backend server proxy
var proxyOptions =
    {
        target: {
            host: backendServer,
            port: 443,
            protocol: 'https:',
            cert: fs.readFileSync('./certs/client_cert.pem', 'utf8'),
            key: fs.readFileSync('./certs/client_key.pem', 'utf8'),
            path: '/backend server URI prefix to redirect requests to/'
        },
        changeOrigin: true
    };
var backendProxy = httpProxy.createServer(proxyOptions);
backendProxy.on('error', function(e) {
    console.log(e);
});
app.use('/URI prefix to be redirected to the backend server/', function(req, res) {
        console.log('redirecting to backend server: ' + req.url);
        backendProxy.web(req, res);
    }
);
...
https.createServer(, app).listen(443, function(){
    console.log('Express server listening on port ' + 443);
});

[JoA-MoS]

Yes, moving the client certs to the target (which makes sense) works. I got my solution working.

[outsideofbox]

I'm facing ECONNRESET even after setting client certificate correctly.
Also I see we need use ssl: {key : key , cert: cert}. Also don't see option to specify CA cert in node-http-proxy documentation