search

ncr / rack-proxy

A request/response rewriting HTTP proxy. A Rack app.
MIT License
269 stars 94 forks source link

Add options for ssl/tls http connection #109

Closed lxnewayfarer closed 1 year ago

lxnewayfarer commented 1 year ago

This update allows you to use client TLS/SSL certificates with HTTP connection by just specifying Rack::Proxy SSL options and requests to this proxy will use TLS HTTP connection. Feature may be helpful, for example, when third-party API has authentication by client TLS certificates and you need to proxy your requests and sign them with certificate.

Example of use:

# config.ru
. . .

cert_raw = File.read('./certs/rootCA.crt')
key_raw = File.read('./certs/key.pem')

cert = OpenSSL::X509::Certificate.new(cert_raw)
key = OpenSSL::PKey.read(key_raw)

use TLSProxy, cert: cert, key: key, use_ssl: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, ssl_version: 'TLSv1_2'

And rewrite host for example:

# tls_proxy.rb
class TLSProxy < Rack::Proxy
  attr_accessor :original_request, :query_params

  def rewrite_env(env)
    env["HTTP_HOST"] = "client-tls-auth-api.com:443"
    env
  end
end
ncr commented 1 year ago

@lxnewayfarer thank you for the PR!