Create a Reverse Proxy in NodeJS that can handle multiple secure domains

8
votes

I'm trying to create a reverse proxy in NodeJS. But I keep running the issue that in that I can only serve one one set of cert/key pair on the same port(443), even though I want to serve multiple domains. I have done the research and keep running into teh same road block:

  • A node script that can serve multiple domains secure domain from non-secure local source (http local accessed and served https public)
  • Let me dynamically server SSL certificates via domain header
  • Example:
    • https ://www.someplace.com:443 will pull from http ://thisipaddress:8000 and use the cert and key files for www.someplace.com
    • https ://www.anotherplace.com:443 will pull from http ://thisipaddress:8080 and use the cert and key files for www.anotherplace.com
    • ect.
  • I have looked at using NodeJS's https.createServer(options, [requestListener])
    • But this method supports just one cert/key pair per port
    • I can't find a way to dynamically switch certs based on domain header
    • I can't ask my people to use custom https ports
    • And I'll run into browse SSL certificate error if I serve the same SSL certificate for multiple domain names, even if it is secure
  • I looked at node-http-proxy but as far as I can see it has the same limitations
  • I looked into Apache mod-proxy and nginx but I would rather have something I have more direct control of

If anyone can show me an example of serving multiple secure domains each with their own certificate from the same port number (443) using NodeJS and either https.createServer or node-http-proxy I would be indebted to you.

6
node.jssslproxyreverse-proxy

6 Answers

5
votes

Redbird actually does this very gracefully and not too hard to configure either.

https://github.com/OptimalBits/redbird

3
votes

Let me dynamically server SSL certificates via domain header

There is no domain header so I guess you mean the Host header in the HTTP request. But, this will not work because

  • HTTPS is HTTP encapsulated inside SSL
  • therefore you first have to do your SSL layer (e.g. SSL handshake, which requires the certificates), then comes the HTTP layer
  • but the Host header is inside the HTTP layer :(

In former times you would need to have a single IP address for each SSL certificate. Current browsers do support SNI (server name indication), which sends the expected target host already inside the SSL layer. It looks like node.js does support this, look for SNICallback. But, beware that there are still enough libraries out there, which either don't support SNI on the client side at all or where one needs to use it explicitly. But, as long you only want to support browsers this should be ok.

2
votes

Bouncy is a good library to do this and has an example of what you are needing.

As Steffen Ullrich says it will depend on the browser support for it

2
votes

Here is the solution you might be looking at, I found it very useful for my implementation though you will need to do huge customization to handle domains

node-http-rev proxy: https://github.com/nodejitsu/node-http-proxy

1
votes

How about creating the SSL servers on different ports and using node-http-proxy as a server on 443 to relay the request based on domain.

-1
votes

You stated you don't want to use nginx for that, and I don't understand why. You can just setup multiple locations for your nginx. Have each of them listen to different hostnames and all on port 443. Give all of them a proxypass to your nodejs server. To my understanding, that serves all of your requirements and is state of the art.