UNPKG

@cloud-cli/px

Version:

Reverse Proxy

github.com/cloud-cli/px

cloud-cli/px

96 lines (65 loc) 3.04 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# PX Reverse proxy to map local services and external http(s) domains ## Usage Use it with [Cloudy](https://github.com/cloud-cli/cli) ```ts // cloudy.conf.mjs import proxy from '@cloud-cli/px'; export default { proxy }; ``` ## API All proxies have the following properties: | Options | Description | | --------------- | ---------------------------------------------------------------------------------------------------- | | `domain` | Required. entrypoint for reverse proxy | | `target` | Required. Any target address, can be local or remote | | `cors` | handle CORS request on proxy level. See notes below! | | `redirect` | if request comes as http, redirect to https | | `redirectUrl` | if provided, issues a `Location` header and terminates with status 302 instead of proxying a request | | `headers` | comma separated headers to set in the outbound connection, e.g. authorisation headers | | `authorization` | matches incoming request headers against this value. If strings match, requests can continue. | **Add a proxy to a local service** ```bash cy proxy.add --domain "foo.example.com" --target "http://localhost:1234" ``` **Remove a proxy** ```bash cy proxy.remove --domain "foo.example.com" ``` **Get details of a proxy** ```bash cy proxy.get --domain "foo.example.com" ``` **List proxies** ```bash cy proxy.list ``` **List registered domains** ```bash cy proxy.domains ``` **Reload all configurations** ```bash cy proxy.reload ``` ## Certificate file resolution ```bash certificatesFolder = '/etc/letsencrypt/live' or process.env.PX_CERTS_FOLDER rootDomain = 'example.com' in 'xyz.example.com' cert = certificatesFolder + '/' + rootDomain + '/' + certificateFile key = certificatesFolder + '/' + rootDomain + '/' + keyFile ``` So xyz.example.com points to: ```bash /etc/letsencrypt/live/example.com/fullchain.pem for certificate /etc/letsencrypt/live/example.com/privkey.pem for private key ``` ## Notes CORS handling on proxy level is convenient, **but a security risk**. Beware: - All origins are allowed, all common methods and headers, and credentials are enabled. - In case of an `OPTIONS` request, if coming via CORS (a preflight), an empty response will be send and the request ends before calling the proxied target. Every request has additional headers: - x-forwarded-for: the host of the original request. If a proxy is from 'https://foo.example.com' to 'http://localhost:1234', the header will be 'foo.example.com' - x-forwarded-proto: 'http' or 'https', depends on the original request - forwarded: the standard header with the same information as the other two above