search

icflorescu / iisexpress-proxy

A simple local proxy for accessing IIS Express from remote machines.
ISC License
741 stars 82 forks source link

Problematic dependency on OpenSSL #32

Closed justintoth closed 2 years ago

justintoth commented 2 years ago

I tried to run iisexpress-proxy, both using npx and installing it globally via npm. In both cases, it errored because it couldn't find the openssl command. This is confusing, because there is no mention of openssl in the README dependencies, and yet it seems like a must-have for this to work. In any case, I downloaded openssl and then added it to my PATH variable, then had to manually create a openssl.cnf file and add that to my environment variables as OPENSSL_CONF.

Finally then did the iisexpress-proxy command run, however now it's erroring about a key being too small.

PS C:\Users\justintoth> iisexpress-proxy https://localhost:44359 to https://auth-dev.mydomain:443
IIS Express Proxy 1.6.0
Proxying https://localhost:44359 to network interfaces:
node:internal/tls/secure-context:65
    context.setCert(cert);
            ^

Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
    at node:internal/tls/secure-context:65:13
    at Array.forEach (<anonymous>)
    at setCerts (node:internal/tls/secure-context:63:3)
    at configSecureContext (node:internal/tls/secure-context:152:5)
    at Object.createSecureContext (node:_tls_common:116:3)
    at Server.setSecureContext (node:_tls_wrap:1344:27)
    at Server (node:_tls_wrap:1203:8)
    at new Server (node:https:69:3)
    at Object.createServer (node:https:105:10)
    at ProxyServer.listen (C:\Users\justintoth\AppData\Roaming\npm\node_modules\iisexpress-proxy\node_modules\http-proxy\lib\http-proxy\index.js:129:11) {
  library: 'SSL routines',
  function: 'SSL_CTX_use_certificate',
  reason: 'ee key too small',
  code: 'ERR_SSL_EE_KEY_TOO_SMALL'
}

Does this tool still work and I'm just missing something obvious?

icflorescu commented 2 years ago

I believe the README does mention that if you want to use https, openssl must be in the PATH. Support for https was added in v1.6.x by @db81. Danny, could you please have a look at this issue?...

db81 commented 2 years ago

Sorry for the confusion @justintoth. iisexpress-proxy https://localhost:44359 to https://auth-dev.mydomain:443 isn't going to work, because the serving address (the part after "to") has to be an IPv4 address or '*' to serve on all network interfaces.

You can avoid openssl dependency by serving on HTTP (i.e. iisexpress-proxy https://localhost:44359 to http://*:PORT). I think we can clarify the error message to say that you can use HTTP if it fails to run openssl.

Previously iisexpress-proxy had no capability to serve on HTTPS, which I needed, so I went with a simple but hacky solution of running openssl to generate a self-signed cert. Works fine on Linux, but Windows doesn't have openssl. If you have git for windows installed, you can run iisexpress-proxy from "Git Bash" console, it comes with openssl. Otherwise I'd say HTTPS on Windows is not supported.

There's https://www.npmjs.com/package/openssl-wrapper that could likely be used for a cross-platform solution.

The script is dead simple by the way, so if you want to use a specific cert you can just change this line https://github.com/icflorescu/iisexpress-proxy/blob/master/index.js#L73 into something like

ssl = {
    cert: fs.readFileSync('public-cert.pem'),
    key: fs.readFileSync('private-key.pem')
}