12

I'm following online examples using the latest version of nodejs and http-proxy, but get the following error when my request is sent to the endpoint https server:

C:\Users\Me\node_modules\http-proxy\lib\http-proxy\index.js:114
throw err;       
Error: DEPTH_ZERO_SELF_SIGNED_CERT
at SecurePair.<anonymous> (tls.js:1370:32)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:982:10)
at CleartextStream.read [as _read] (tls.js:469:13)
at CleartextStream.Readable.read (_stream_readable.js:320:10)
at EncryptedStream.write [as _write] (tls.js:366:25)
at doWrite (_stream_writable.js:226:10)
at writeOrBuffer (_stream_writable.js:216:5)
at EncryptedStream.Writable.write (_stream_writable.js:183:11)
at write (_stream_readable.js:582:24)

My code is very simple:

var httpProxy = require('http-proxy');
var http = require('http');
var fs = require('fs');

var apimcert = fs.readFileSync('./mycert.pfx');
var proxy = httpProxy.createProxyServer({});

var options = {
  pfx: apimcert,
  passphrase : 'pAssw0rd',
  rejectUnauthorized : 'false',
  agent: false
};

var server = require('https').createServer(options, function(req, res) {
  console.log("Got a request " + req);
  proxy.web(req, res, {
      ssl: {
        pfx : apimcert,
        passphrase : 'pAssw0rd',
        rejectUnauthorized : 'false'

        //strictSSL: false
      },
      target: 'https://endpointhost:9443/postev',  
      secure: true       
  }

  );
});

console.log("listening on port 9442")
server.listen(9442);

If I set secure : false then the request does get forwarded to the endpoint, but obviously gets sent back with a 403 forbidden response. The certificate and passphrase I'm using are the ones from my endpoint server, and I've tested that they do work when sending the request directly. All I want my proxy to do is to examine the contents of the requests, log a message for each one, and then forward to the endpoint server.

I've googled this problem and tried fiddling around with agents and strictSSL, but to no avail.

Shubham Bhave
  • 383
  • 6
  • 17
IainS
  • 139
  • 1
  • 4
  • 9

6 Answers6

14

I'm using Ant design prowith umi. just add this secure: false, to proxy.ts

proxy: {
  '/myapi': {
      target: 'https://localhost:8443',
      changeOrigin: true,
      secure: false, // 不进行证书验证
    },

umi will auto reload config, just fresh the browser and all good.

King.
  • 349
  • 3
  • 9
1

Try passing {rejectUnauthorized: false} to httpProxy.createProxyServer()

Nitzan Shaked
  • 13,460
  • 5
  • 45
  • 54
  • thanks, I gave it a try but it didn't help. I'm thinking there must be a bug in this node-http-proxy package, so looking for alternatives. – IainS Jul 23 '14 at 08:25
  • Didn't work in Angular's proxy.conf.js, but thanks. – Jeb50 Jun 29 '21 at 00:49
1

react create app

file package.json

``` "proxy": {

"/credit": {
  "target": "https://xxxx.com",
  "changeOrigin": true,
  "secure": false
}

} ```

李盛根
  • 31
  • 1
0

In Nuxt.js when connecting to an API with a self-signed cert, adding this entry to .env will fix the "DEPTH_ZERO_SELF_SIGNED_CERT" error.

NODE_TLS_REJECT_UNAUTHORIZED=0

Rhys
  • 29
  • 1
-1

I had the same issue - if you look at the http-node-proxy source you'll see it actually sets rejectUnauthorized based on your secure setting in the options:

if (options[forward || 'target'].protocol == 'https:') { outgoing.rejectUnauthorized = (typeof options.secure === "undefined") ? true : options.secure; }

So you can actually easily set rejectUnauthorized to false by just passing secure: false in your call to httpProxy.createProxyServer.

BlueMoon
  • 170
  • 6
  • The OP specifically mentions that it works when `secure: false` is set. But They probably want to make it work securely. – kvetis Mar 06 '19 at 13:29
-1

the easy way is just adding this in your code ,

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

that solved my problem

Luis
  • 1,242
  • 11
  • 18