NodeJS http-proxy: DEPTH_ZERO_SELF_SIGNED_CERT error when proxying https

Question

NodeJS http-proxy: DEPTH_ZERO_SELF_SIGNED_CERT error when proxying https

I'm following online examples using the latest version of nodejs and http-proxy, but get the following error when my request is sent to the endpoint https server:

C:\Users\Me\node_modules\http-proxy\lib\http-proxy\index.js:114
throw err;       
Error: DEPTH_ZERO_SELF_SIGNED_CERT
at SecurePair.<anonymous> (tls.js:1370:32)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:982:10)
at CleartextStream.read [as _read] (tls.js:469:13)
at CleartextStream.Readable.read (_stream_readable.js:320:10)
at EncryptedStream.write [as _write] (tls.js:366:25)
at doWrite (_stream_writable.js:226:10)
at writeOrBuffer (_stream_writable.js:216:5)
at EncryptedStream.Writable.write (_stream_writable.js:183:11)
at write (_stream_readable.js:582:24)

My code is very simple:

var httpProxy = require('http-proxy');
var http = require('http');
var fs = require('fs');

var apimcert = fs.readFileSync('./mycert.pfx');
var proxy = httpProxy.createProxyServer({});

var options = {
  pfx: apimcert,
  passphrase : 'pAssw0rd',
  rejectUnauthorized : 'false',
  agent: false
};

var server = require('https').createServer(options, function(req, res) {
  console.log("Got a request " + req);
  proxy.web(req, res, {
      ssl: {
        pfx : apimcert,
        passphrase : 'pAssw0rd',
        rejectUnauthorized : 'false'

        //strictSSL: false
      },
      target: 'https://endpointhost:9443/postev',  
      secure: true       
  }

  );
});

console.log("listening on port 9442")
server.listen(9442);

If I set secure : false then the request does get forwarded to the endpoint, but obviously gets sent back with a 403 forbidden response. The certificate and passphrase I'm using are the ones from my endpoint server, and I've tested that they do work when sending the request directly. All I want my proxy to do is to examine the contents of the requests, log a message for each one, and then forward to the endpoint server.

I've googled this problem and tried fiddling around with agents and strictSSL, but to no avail.

node.js
https
http-proxy

Answer 1

Try passing {rejectUnauthorized: false} to httpProxy.createProxyServer()

Answer 2

I had the same issue - if you look at the http-node-proxy source you'll see it actually sets rejectUnauthorized based on your secure setting in the options:

if (options[forward || 'target'].protocol == 'https:') { outgoing.rejectUnauthorized = (typeof options.secure === "undefined") ? true : options.secure; }

So you can actually easily set rejectUnauthorized to false by just passing secure: false in your call to httpProxy.createProxyServer.

Answer 3

the easy way is just adding this in your code ,

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

that solved my problem