13

I'm following online examples using the latest version of nodejs and http-proxy, but get the following error when my request is sent to the endpoint https server:

C:\Users\Me\node_modules\http-proxy\lib\http-proxy\index.js:114
throw err;       
Error: DEPTH_ZERO_SELF_SIGNED_CERT
at SecurePair.<anonymous> (tls.js:1370:32)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:982:10)
at CleartextStream.read [as _read] (tls.js:469:13)
at CleartextStream.Readable.read (_stream_readable.js:320:10)
at EncryptedStream.write [as _write] (tls.js:366:25)
at doWrite (_stream_writable.js:226:10)
at writeOrBuffer (_stream_writable.js:216:5)
at EncryptedStream.Writable.write (_stream_writable.js:183:11)
at write (_stream_readable.js:582:24)

My code is very simple:

var httpProxy = require('http-proxy');
var http = require('http');
var fs = require('fs');

var apimcert = fs.readFileSync('./mycert.pfx');
var proxy = httpProxy.createProxyServer({});

var options = {
  pfx: apimcert,
  passphrase : 'pAssw0rd',
  rejectUnauthorized : 'false',
  agent: false
};

var server = require('https').createServer(options, function(req, res) {
  console.log("Got a request " + req);
  proxy.web(req, res, {
      ssl: {
        pfx : apimcert,
        passphrase : 'pAssw0rd',
        rejectUnauthorized : 'false'

        //strictSSL: false
      },
      target: 'https://endpointhost:9443/postev',  
      secure: true       
  }

  );
});

console.log("listening on port 9442")
server.listen(9442);

If I set secure : false then the request does get forwarded to the endpoint, but obviously gets sent back with a 403 forbidden response. The certificate and passphrase I'm using are the ones from my endpoint server, and I've tested that they do work when sending the request directly. All I want my proxy to do is to examine the contents of the requests, log a message for each one, and then forward to the endpoint server.

I've googled this problem and tried fiddling around with agents and strictSSL, but to no avail.

Improve this question

6 Answers 6

Reset to default
15

I'm using Ant design prowith umi. just add this secure: false, to proxy.ts

proxy: {
  '/myapi': {
      target: 'https://localhost:8443',
      changeOrigin: true,
      secure: false, // 不进行证书验证
    },

umi will auto reload config, just fresh the browser and all good.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Try passing {rejectUnauthorized: false} to httpProxy.createProxyServer()

Improve this answer

2 Comments

thanks, I gave it a try but it didn't help. I'm thinking there must be a bug in this node-http-proxy package, so looking for alternatives.
Didn't work in Angular's proxy.conf.js, but thanks.
1

react create app

file package.json

``` "proxy": {

"/credit": {
  "target": "https://xxxx.com",
  "changeOrigin": true,
  "secure": false
}

} ```

Improve this answer

1 Comment

Please see this first how-to-answer
1

In Nuxt.js when connecting to an API with a self-signed cert, adding this entry to .env will fix the "DEPTH_ZERO_SELF_SIGNED_CERT" error.

NODE_TLS_REJECT_UNAUTHORIZED=0

Improve this answer

Comments

-1

I had the same issue - if you look at the http-node-proxy source you'll see it actually sets rejectUnauthorized based on your secure setting in the options:

if (options[forward || 'target'].protocol == 'https:') { outgoing.rejectUnauthorized = (typeof options.secure === "undefined") ? true : options.secure; }

So you can actually easily set rejectUnauthorized to false by just passing secure: false in your call to httpProxy.createProxyServer.

Improve this answer

1 Comment

The OP specifically mentions that it works when secure: false is set. But They probably want to make it work securely.
-1

the easy way is just adding this in your code ,

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

that solved my problem

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.