A simple HTTP/HTTP(S) reverse proxy with NodeJS
Who is this write up for ?
Anyone who needs to make secure http(s) calls behind the scene easily. If you need to communicate with a SSL secured endpoint for some reason you might find this useful in your solution.
A sample use case
Let me share you my story in short why I appealed this use. The open source middleware we have been using in the corp has a commercial extension for submitting anything to http(s) endpoints. Even though I’ve forked the project and made it possible to use http(s) without that commercial extension, using a proxy was seen as an out of the box workaround to us.
See how simple it’s yourself.
var httpProxy = require(‘http-proxy’);
var fs = require(‘fs’);httpProxy.createProxyServer({
target: {
protocol: ‘https:’,
host: ‘ubersecure.bank.com.tr’,
port: 443,
pfx: fs.readFileSync(‘yourpfx.p12’),
passphrase: ‘your_uber_secure_password’,
},
changeOrigin: true,
}).listen(8000);
It’s that much simple !
This program listens on port 8000 and forward any request to the target destination you mentioned as a parameter. There are also more parameters provided by the project you will need in the production.
I recommend you to have a look at timeout, proxyTimeout , headers …parameters from the project page based on your possible needs.
You don’t need to be a nodejs expert to make this run.
— Just install nodejs into your environment.
— run >npm init (just to create package.json),and add http-proxy as a dependency.
— run >npm install to install node module dependencies and save above code as program.js
— run your program with > node program.js
Conclusion
These a few lines of code address a lot of concerns in deed. We can hide the actual target destination from the first client which is trying to access a top secure resource. The final SSL Secured server which allows requests coming from a specific IP/domain and our this little proxy program can reside there. We’re opening a door with this proxy, however we’re defining the rules of access and hiding the actual destination from the first requester.
We can also deploy many copies from this little service for load balancing and put it behind another proxy like nginx, or a gateway like Zuul, Spring Cloud Gateway.
More about Proxy
The most broad term proxy is an important topic to be understood by architects, developers and many other IT techies. There are terms like forward proxy, reverse proxy, Gateway , VPN . These are not all mutually exclusive things since gateway and VPN can be also considered as proxies. The naming convention in your org can cause people use their own dictionaries and this leads misconceptions among people. I prefer saying MIM within the team. Each of these things are actually a man-in-the-middle and solves different sort of concerns. There is of course a subtle but utmost important differences among these things.
In a nutshell,
A forward proxy is what we have in our organizations mosty, school or work organization proxies. To reach internet client goes through a proxy server. This usually impact performance badly. (I always hate this sort of proxies)
A reverse proxy is the one client reaches an interface server, actual origin server is accessed by this proxy server at server end and the response is delivered back to the requesting client. Since all these happen on server end, it’s mostly used for security and load balancing purposes. A Gateway is a specific form of this proxy. We usually hear API Gateway more often. In microservices architecture API’s are being forwarded to services based on API paths most of the time.
A VPN is a Virtual Private Network can be also counted as a proxy since any request we make go through an encrypted proxy call to a destination address. Destination knows the VPN proxy, not the original requester. It’s mostly preferred for hiding the identity of internet user and in order to access government blocked pages. People obtain anonymity and post their thoughts freely with less internet traceability. Paid VPNs are recommended for performance and privacy since they claim there is no activity log once you enroll.