went back to using `http-proxy` for non-websockets
We need to be able to insert `X-Forwarded` header for all the requests on a TCP keep-alive connection
This commit is contained in:
parent
d5dee498f5
commit
231e54d808
|
@ -6,13 +6,6 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
|
||||||
var domainMatches = require('../domain-utils').match;
|
var domainMatches = require('../domain-utils').match;
|
||||||
var separatePort = require('../domain-utils').separatePort;
|
var separatePort = require('../domain-utils').separatePort;
|
||||||
|
|
||||||
var adminDomains = [
|
|
||||||
/\blocalhost\.admin\./
|
|
||||||
, /\blocalhost\.alpha\./
|
|
||||||
, /\badmin\.localhost\./
|
|
||||||
, /\balpha\.localhost\./
|
|
||||||
];
|
|
||||||
|
|
||||||
function parseHeaders(conn, opts) {
|
function parseHeaders(conn, opts) {
|
||||||
// There should already be a `firstChunk` on the opts, but because we might sometimes
|
// There should already be a `firstChunk` on the opts, but because we might sometimes
|
||||||
// need more than that to get all the headers it's easier to always read the data off
|
// need more than that to get all the headers it's easier to always read the data off
|
||||||
|
@ -200,7 +193,50 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
function checkProxy(mod, conn, opts, headers) {
|
var proxyServer;
|
||||||
|
function createProxyServer() {
|
||||||
|
var http = require('http');
|
||||||
|
var agent = new http.Agent();
|
||||||
|
agent.createConnection = deps.net.createConnection;
|
||||||
|
|
||||||
|
var proxy = require('http-proxy').createProxyServer({
|
||||||
|
agent: agent,
|
||||||
|
toProxy: true
|
||||||
|
});
|
||||||
|
|
||||||
|
proxyServer = http.createServer(function (req, res) {
|
||||||
|
proxy.web(req, res, req.connection.proxyOpts);
|
||||||
|
});
|
||||||
|
proxyServer.on('upgrade', function (req, socket, head) {
|
||||||
|
proxy.ws(req, socket, head, socket.proxyOpts);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
function proxyRequest(mod, conn, opts, headers) {
|
||||||
|
if (!proxyServer) {
|
||||||
|
createProxyServer();
|
||||||
|
}
|
||||||
|
|
||||||
|
var xHeaders = {};
|
||||||
|
// Then add our own `X-Forwarded` headers at the end.
|
||||||
|
if (conf.http.trustProxy && headers['x-forwarded-proto']) {
|
||||||
|
xHeaders['X-Forwarded-Proto'] = headers['x-forwarded-proto'];
|
||||||
|
} else {
|
||||||
|
xHeaders['X-Forwarded-Proto'] = conn.encrypted ? 'https' : 'http';
|
||||||
|
}
|
||||||
|
var proxyChain = (headers['x-forwarded-for'] || '').split(/ *, */).filter(Boolean);
|
||||||
|
proxyChain.push(opts.remoteAddress || opts.address || conn.remoteAddress);
|
||||||
|
xHeaders['X-Forwarded-For'] = proxyChain.join(', ');
|
||||||
|
xHeaders['X-Forwarded-Host'] = headers.host;
|
||||||
|
|
||||||
|
conn.proxyOpts = {
|
||||||
|
target: 'http://'+(mod.address || (mod.host || 'localhost')+':'+mod.port),
|
||||||
|
headers: xHeaders
|
||||||
|
};
|
||||||
|
proxyServer.emit('connection', conn);
|
||||||
|
conn.unshift(opts.firstChunk);
|
||||||
|
}
|
||||||
|
|
||||||
|
function proxyWebsocket(mod, conn, opts, headers) {
|
||||||
var index = opts.firstChunk.indexOf('\r\n\r\n');
|
var index = opts.firstChunk.indexOf('\r\n\r\n');
|
||||||
var body = opts.firstChunk.slice(index);
|
var body = opts.firstChunk.slice(index);
|
||||||
|
|
||||||
|
@ -236,6 +272,14 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
|
||||||
newConnOpts.remotePort = opts.port || conn.remotePort;
|
newConnOpts.remotePort = opts.port || conn.remotePort;
|
||||||
|
|
||||||
deps.proxy(conn, newConnOpts, opts.firstChunk);
|
deps.proxy(conn, newConnOpts, opts.firstChunk);
|
||||||
|
}
|
||||||
|
|
||||||
|
function checkProxy(mod, conn, opts, headers) {
|
||||||
|
if ((headers.connection || '').toLowerCase() === 'upgrade') {
|
||||||
|
proxyWebsocket(mod, conn, opts, headers);
|
||||||
|
} else {
|
||||||
|
proxyRequest(mod, conn, opts, headers);
|
||||||
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -45,6 +45,7 @@
|
||||||
"express": "git+https://github.com/expressjs/express.git#4.x",
|
"express": "git+https://github.com/expressjs/express.git#4.x",
|
||||||
"finalhandler": "^0.4.0",
|
"finalhandler": "^0.4.0",
|
||||||
"greenlock": "git+https://git.daplie.com/Daplie/node-greenlock.git#master",
|
"greenlock": "git+https://git.daplie.com/Daplie/node-greenlock.git#master",
|
||||||
|
"http-proxy": "^1.16.2",
|
||||||
"ipaddr.js": "git+https://github.com/whitequark/ipaddr.js.git#v1.3.0",
|
"ipaddr.js": "git+https://github.com/whitequark/ipaddr.js.git#v1.3.0",
|
||||||
"ipify": "^1.1.0",
|
"ipify": "^1.1.0",
|
||||||
"js-yaml": "^3.8.3",
|
"js-yaml": "^3.8.3",
|
||||||
|
|
Loading…
Reference in New Issue