went back to using `http-proxy` for non-websockets

We need to be able to insert `X-Forwarded` header for all the requests on
a TCP keep-alive connection
This commit is contained in:
tigerbot 2017-06-02 18:10:16 -06:00
parent d5dee498f5
commit 231e54d808
3 changed files with 1287 additions and 8 deletions

View File

@ -6,13 +6,6 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
var domainMatches = require('../domain-utils').match; var domainMatches = require('../domain-utils').match;
var separatePort = require('../domain-utils').separatePort; var separatePort = require('../domain-utils').separatePort;
var adminDomains = [
/\blocalhost\.admin\./
, /\blocalhost\.alpha\./
, /\badmin\.localhost\./
, /\balpha\.localhost\./
];
function parseHeaders(conn, opts) { function parseHeaders(conn, opts) {
// There should already be a `firstChunk` on the opts, but because we might sometimes // There should already be a `firstChunk` on the opts, but because we might sometimes
// need more than that to get all the headers it's easier to always read the data off // need more than that to get all the headers it's easier to always read the data off
@ -200,7 +193,50 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
return false; return false;
} }
function checkProxy(mod, conn, opts, headers) { var proxyServer;
function createProxyServer() {
var http = require('http');
var agent = new http.Agent();
agent.createConnection = deps.net.createConnection;
var proxy = require('http-proxy').createProxyServer({
agent: agent,
toProxy: true
});
proxyServer = http.createServer(function (req, res) {
proxy.web(req, res, req.connection.proxyOpts);
});
proxyServer.on('upgrade', function (req, socket, head) {
proxy.ws(req, socket, head, socket.proxyOpts);
});
}
function proxyRequest(mod, conn, opts, headers) {
if (!proxyServer) {
createProxyServer();
}
var xHeaders = {};
// Then add our own `X-Forwarded` headers at the end.
if (conf.http.trustProxy && headers['x-forwarded-proto']) {
xHeaders['X-Forwarded-Proto'] = headers['x-forwarded-proto'];
} else {
xHeaders['X-Forwarded-Proto'] = conn.encrypted ? 'https' : 'http';
}
var proxyChain = (headers['x-forwarded-for'] || '').split(/ *, */).filter(Boolean);
proxyChain.push(opts.remoteAddress || opts.address || conn.remoteAddress);
xHeaders['X-Forwarded-For'] = proxyChain.join(', ');
xHeaders['X-Forwarded-Host'] = headers.host;
conn.proxyOpts = {
target: 'http://'+(mod.address || (mod.host || 'localhost')+':'+mod.port),
headers: xHeaders
};
proxyServer.emit('connection', conn);
conn.unshift(opts.firstChunk);
}
function proxyWebsocket(mod, conn, opts, headers) {
var index = opts.firstChunk.indexOf('\r\n\r\n'); var index = opts.firstChunk.indexOf('\r\n\r\n');
var body = opts.firstChunk.slice(index); var body = opts.firstChunk.slice(index);
@ -236,6 +272,14 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
newConnOpts.remotePort = opts.port || conn.remotePort; newConnOpts.remotePort = opts.port || conn.remotePort;
deps.proxy(conn, newConnOpts, opts.firstChunk); deps.proxy(conn, newConnOpts, opts.firstChunk);
}
function checkProxy(mod, conn, opts, headers) {
if ((headers.connection || '').toLowerCase() === 'upgrade') {
proxyWebsocket(mod, conn, opts, headers);
} else {
proxyRequest(mod, conn, opts, headers);
}
return true; return true;
} }

1234
package-lock.json generated Normal file

File diff suppressed because it is too large Load Diff

View File

@ -45,6 +45,7 @@
"express": "git+https://github.com/expressjs/express.git#4.x", "express": "git+https://github.com/expressjs/express.git#4.x",
"finalhandler": "^0.4.0", "finalhandler": "^0.4.0",
"greenlock": "git+https://git.daplie.com/Daplie/node-greenlock.git#master", "greenlock": "git+https://git.daplie.com/Daplie/node-greenlock.git#master",
"http-proxy": "^1.16.2",
"ipaddr.js": "git+https://github.com/whitequark/ipaddr.js.git#v1.3.0", "ipaddr.js": "git+https://github.com/whitequark/ipaddr.js.git#v1.3.0",
"ipify": "^1.1.0", "ipify": "^1.1.0",
"js-yaml": "^3.8.3", "js-yaml": "^3.8.3",