5

在 node.js 0.8 下,我在“路由器表”模式下使用 node-http-proxy,配置如下:

var httpProxy = require("http-proxy");
var config = require("./config");

proxyServer = httpProxy.createServer({
    hostnameOnly: true,
    router: {
        "one.example.com": "localhost:9000",
        "two.example.com": "localhost:9001"
    },
    https: {
        key: config.key,
        cert: config.cert,
        // mitigate BEAST: https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
        honorCipherOrder: true,
        ciphers: "ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH"
    }
})
proxyServer.listen(8000)

我想添加HSTS(HTTP 严格传输安全),以便兼容的浏览器被告知始终使用 SSL。为此,我需要获取 http-proxy 以添加标头:

Strict-Transport-Security: max-age=60000

(或其他最大年龄)。如何让 node-http-proxy 有效地附加此标头?

4

1 回答 1

4

对于您的示例,我不确定这个较旧的问题似乎正在使用http-proxy@0.8. 但是,这是我所做的http-proxy@1.0.0

var httpProxy = require('http-proxy');

// https server to decrypt TLS traffic and direct to a normal HTTP backend
var proxy = httpProxy.createProxyServer({
  target: {
    host: 'localhost',
    port: 9009 // or whatever port your local http proxy listens on
  },
  ssl: {
    key: fs.readFileSync('valid-ssl-key.pem', 'utf8'),
    cert: fs.readFileSync('valid-ssl-cert.pem', 'utf8')
  }
}).listen(443); // HTTPS listener for the real server

// http server that redirects all requests to their corresponding
// https urls, and allows standards-compliant HTTP clients to 
// prevent future insecure requests.
var server = http.createServer(function(req, res) {
  res.statusCode = 301;
  res.setHeader('Location', 'https://' + req.headers.host.split(':')[0] + req.url);
  res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
  return res.end();
});

server.listen(80); // HTTP listener for the old HTTP clients
于 2015-03-27T04:54:44.587 回答