Comments (21)
Hi @AbdelMat-CP
Did you tested with npm test
?
from proxywrap.
MacBook-Pro-de-JM:findhit-proxywrap josemoreira$ n 0.12.2
install : node-v0.12.2
mkdir : /usr/local/n/versions/node/0.12.2
fetch : https://nodejs.org/dist/v0.12.2/node-v0.12.2-darwin-x64.tar.gz
installed : v0.12.2
MacBook-Pro-de-JM:findhit-proxywrap josemoreira$ node -v
v0.12.2
MacBook-Pro-de-JM:findhit-proxywrap josemoreira$ npm test
> findhit-proxywrap@0.3.8 test /Users/josemoreira/GitHub/findhit/findhit-proxywrap
> node node_modules/mocha/bin/mocha --globals setImmediate,clearImmediate --check-leaks --colors -t 10000 --reporter spec $(find test/* -name '*.test.js')
PROXY Protocol regexp tests
UNKNOWN
✓ localhost
✓ ignore things uppon UNKNOWN
✓ should fail if anything is behind UNKNOWN
TCP4
✓ basic
✓ star.findhit.com example
TCP6
✓ localhost
✓ FE80:0000:0000:0000:0202:B3FF:FE1E:8329
PROXY Protocol v1
net
✓ Check socket is stablished correctly
✓ Check with another socket parameters
✓ Check with another socket parameters as a string
Should detect a malformed PROXY headers
✓ Header without IP's
✓ non-proxy connection when in non-strict mode should not be destroyed #7
✓ Restore emitted events after socket.destroy #5
13 passing (42ms)
Tests are passing trough 0.12.2
, can you show up how are you implementing it?
from proxywrap.
sure !
Here is an extract of our code :
//...
var express = require('express');
var https = require('https');
var proxywrap = require('proxywrap');
var proxiedHttps = proxywrap.proxy(https, { strict: false });
//...
var app = express();
//...
app.get('/call/:script/:method', function (req, res) {
var msg = { script : req.params.script, method : req.params.method };
// This gives only the elb private ip...
console.log('connection remote ip :' + req.connection.remoteAddress);
// This gives also only the elb private ip...
console.log('socket remote ip :' + req.socket.remoteAddress);
dummy.DoStuff(msg, function (output) {
res.json(output);
});
});
//...
var server = proxiedHttps.createServer(app).listen(443, function () {
console.log('Endpoint HTTPS listening on port 443...');
});
tested with express 3.x on both node 0.10.28 and 0.12.2, works fine with 0.10, but fails (no public ip retrieved) in 0.12.2...
Thank you.
from proxywrap.
And yes tested with npm test on both version of node, and tests passes OK... but tests does not cover the retrieving of the 'remoteAddress' prop behind connection or socket object no ?
from proxywrap.
but tests does not cover the retrieving of the 'remoteAddress' prop behind connection or socket object no ?
I doesn't cover remoteAddress
because it is optional, internally we use clientAddress
.
Could it be because you're using https
? Could you please test with http
instead?
We currently use ELB
ssl feature for providing https
support to our instances which are running on top of http
server (its more reliable because you don't have the ssl bottleneck on your instances CPUs, that allows faster responses from your app).
It would be great if you could create a test case where it fails so we can fix that together. :)
from proxywrap.
Just added tests for remoteAddress
checking and it seems fine on v0.12.2
.
from proxywrap.
Could it be because you're using https? Could you please test with http instead?
Yes it seems to work on http with 0.12.2, it's very troubling... is it something with object socket when on http vs tlsSocket when on https in the lib ? can you confirm that it doesn't work with https ? unfortunately we cannot change the creation of the server over https to use http...
Thank you.
from proxywrap.
So just to be clear enough, the 'req.connection.remoteAddress' (i.e. socket.remoteAddress or in this case tlsSocket.remoteAddress ?) does not seem to be overridden when used on https and node 0.12.2...
from proxywrap.
But you still got access to socket.clientAddress
?
from proxywrap.
As my last commit states, i've added some room for providing https
and spdy
tests in the future.
If you could spend some time playing around tests and make minor changes so it can provide a fully functional test suite for https
, it would be great!!1
I had in mind that this was also testing http
, but i was wrong, now tests are covering http
as also.
from proxywrap.
@AbdelMat-CP did you got any results?
from proxywrap.
Sorry, but i probably don't understand what you want me to do ? is it doing some tests with https ? as i already said, we are trying to use your module with an https interface, and it seems to be not compatible with it on node 0.12.2 but works fine on 0.10.28.
to reproduce the case, just take the previous given sample code, and run it on a vm/instance/machine with node 0.12.2 behind a proxy protocol enabled lb... you will immediately see that the caller public ip is not retrieved (lb private ip instead...)
Thank you.
from proxywrap.
Sorry, but i probably don't understand what you want me to do ?
I've added support for http, but since i didn't had enough time, so I'm asking you if you would mind to spend some of yours trying to figure out how to support https
testing.
That effort would allow us to dig on why https
is failing on 0.12.2
, actually we avoid to work on things that aren't being tested.
to reproduce the case, just take the previous given sample code, and run it on a vm/instance/machine with node 0.12.2 behind a proxy protocol enabled lb
I could reproduce that case but it would be easier if tests were already supporting https
.
Due to my lack of time, and this isn't an emergency for our team, I will try to support https
if you couldn't get into it, thats my last case scenario. 😞
Thank you for helping! Hope you can contribute to findhit-proxywrap. 😄
from proxywrap.
Hello,
Just to share with all users of this module, in case the same problem happens, we found a solution without modifying the lib, but in fact it seems to be a bad hack.
In HTTPS just do somethig like this to retrieve the overridden 'remoteAddress' :
var socket = req.socket._parent || req.socket;
ipAddress = socket.remoteAddress;
My knowledge of Javascript/node can't help anymore to explain why this works, but it works !
Thanks.
from proxywrap.
In HTTPS just do somethig like this to retrieve the overridden 'remoteAddress' :
Hi @AbdelMat-CP ,
you have an option on this lib to avoid remoteAddress
override:
var http = require( 'findhit-proxywrap' ).proxy( require( 'http' ), { overrideRemote: false });
Thanks! :)
from proxywrap.
Hi,
Yes i know, but in fact 'clientAddress' and 'proxyAddress' are also available only via req.socket._parent and not via req.socket on HTTPS mode.
from proxywrap.
Hmm, makes sense, since socket is wrapped on a tls stream.
I will let this issue opened so i can study this case as soon as i have some free time.
from proxywrap.
We use the https module as well (node is our SSL terminator).
Following on with what @AbdelMat-CP already mentioned, we were not getting the proper remoteAddress in 0.12.0, but it was solved under 0.12.5 using his/her code:
var socket = req.socket._parent || req.socket;
var ipAddress = socket.remoteAddress;
Something obviously changed, but req.socket._parent
seems to contain the proxywrap modified remoteAddress. Note we did try this fix under 0.12.0, but it didn't work.
Maybe this isn't really something proxywrap can fix (without a lot of hacks), but the behavior could definitely be documented as a special case for dealing with the https module, and making sure to use a node version >= 0.12.2 ?
from proxywrap.
@EyePulp could you please provide a test case?
from proxywrap.
Hi,
I started using proxywrap recently but encountered the same issue with Node 6.3.1 trying to wrap the https module. In order to get the correct remoteAddress I indeed had to access the parent socket at req.socket._parent
.
However I also needed to use proxywrap together with spdy (https://github.com/indutny/node-spdy) configured to use SSL. Same problem here as well, but I couldn't apply the same solution since req.socket._parent
was undefined with spdy.
Digging into the req.socket
object, I found a way to get the initial socket on which proxywrap has set the correct remoteAddress, though it's quite hacky:
var socket = req.socket._spdyState.parent._parent;
var ip = socket.remoteAddress;
I think this should definitely be documented somewhere, or fixed in a different way so that req.socket.remoteAddress
contains the correct ip when doing SSL termination in Node and not at the ELB.
This can certainly help people trying to use proxywrap with https or spdy :)
from proxywrap.
spdy support added at v0.3.12
Please re-open in case you find this issue again. Thanks.
from proxywrap.
Related Issues (20)
- Socket.Io running HTTPS behind AWS ELB HOT 14
- Catching the PROXY protocol error HOT 23
- TCP port are from 1 to 65535 and not from 1 to 65335 HOT 3
- Under stress, some connections keep open HOT 5
- Coding policy suggestions HOT 2
- Unable to mix proxied and unproxied services? HOT 2
- Proxy protocol version 2 HOT 4
- Can't detect Socket.io 'disconnet' event when using via Amazon ELB HOT 4
- Is proxywrap working properly with https module? HOT 5
- proxy protcol v1 or v2
- TypeScript support
- Does this work with Node v12 LTS and HTTP/2? HOT 3
- Thank you HOT 1
- Elaborate and explain why it poses a security risk in README HOT 3
- Error when starting HOT 1
- BSD license with dependency on GPL-3.0 findhit-util HOT 2
- is it support outgoing proxy ?
- Sockets are leaking HOT 3
- Check for Header consistency HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from proxywrap.