Created
October 10, 2012 15:49
-
-
Save pleaseshutup/3866484 to your computer and use it in GitHub Desktop.
node.js certificate issues with https.createServer and nodejitsu's http-proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//Thanks to: | |
//http://www.benjiegillam.com/2012/06/node-dot-js-ssl-certificate-chain/ | |
//For the code to pass a CA bundle (multiple certs in one file) as an array | |
//which fixes certificate errors on some browsers when doing https.createServer(options | |
//This is how you can fix that with nodejitsu's http-proxy when using SNI | |
// to have a server listening and returning multiple ssl certs | |
//taken from benjiegillam.com turns a bundled certificate | |
//(multiple certs in one file) into an array exploded by the -END CERTIFICATE- line | |
function getCABundle(Bundle){ | |
var ca = []; | |
chain = fs.readFileSync(Bundle, 'utf8'); | |
chain = chain.split("\n"); | |
cert = []; | |
for(line in chain){ | |
if(line.length > 0 ){ | |
cert.push(chain[line]); | |
if(chain[line].match(/-END CERTIFICATE-/)){ | |
ca.push(cert.join("\n")); | |
cert = []; | |
} | |
} | |
} | |
return ca; | |
} | |
function getCredentialsContext (cer) { | |
return crypto.createCredentials({ | |
key: fs.readFileSync(cer.key), | |
cert: fs.readFileSync(cer.cert), | |
ca: getCABundle(cer.ca) | |
}).context; | |
} | |
var certs = {}; | |
certs['example-a.com'] = getCredentialsContext( | |
{key:'/path/to/example-a.com.key', | |
cert:'/path/to/example-a.com.crt', | |
ca:'/path/to/example-a.com.CAbundle' | |
}); | |
certs['example-b.com'] = getCredentialsContext( | |
{key:'/path/to/example-b.com.key', | |
cert:'/path/to/example-b.com.crt', | |
ca:'/path/to/example-b.com.CAbundle' | |
}); | |
var optionsSSL = { | |
https:{ | |
SNICallback:function(hostname){ | |
return certs[hostname]; | |
} | |
}, | |
hostnameOnly: true, | |
router:{ | |
"example-a.com":"localhost:10000", | |
"example-b.com":"localhost:10001" | |
}, | |
target:{ | |
https:true | |
} | |
}; | |
httpProxy.createServer(optionsSSL).listen('localhost','443'); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment