[英]NodeJS Express reverse proxy TLS_CERT_ALTNAME_INVALID error
I have a reverse proxy on my endpoint like this:我的端点上有一个反向代理,如下所示:
var express = require('express');
var app = express();
var httpProxy = require('http-proxy');
var apiProxy = httpProxy.createProxyServer();
var serverOne = 'https://idena.navarra.es/ogc/wms?';
app.all('/idena', function (req, res) {
apiProxy.web(req, res, {target: serverOne});
});
app.listen(3000, function () {
console.log('Working!');
});
When a request to /idena
is received, the server throws an exception like this:当收到对
/idena
的请求时,服务器会抛出如下异常:
Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: localhost.
错误 [ERR_TLS_CERT_ALTNAME_INVALID]:主机名/IP 与证书的替代名称不匹配:主机:本地主机。 is not in the cert's altnames: DNS:idena.navarra.es, DNS: www.idena.navarra.es at Object.checkServerIdentity (tls.js:235:17) at TLSSocket.onConnectSecure (_tls_wrap.js:1061:27) at TLSSocket.emit (events.js:189:13) at TLSSocket._finishInit (_tls_wrap.js:633:8)
不在证书的 altnames: DNS:idena.navarra.es, DNS: www.idena.navarra.es at Object.checkServerIdentity (tls.js:235:17) at TLSSocket.onConnectSecure (_tls_wrap.js:1061:27)在 TLSSocket.emit (events.js:189:13) 在 TLSSocket._finishInit (_tls_wrap.js:633:8)
How can I solve this?我该如何解决这个问题? Guess is due to
https
but no idea of how to avoid that, thanks!猜测是由于
https
但不知道如何避免这种情况,谢谢!
Although the error is about mismatching SSL certificate and domain names, in http-proxy module, the error often manifests when your server is HTTP and the Target is HTTPS.虽然错误是关于 SSL 证书和域名不匹配,但在 http-proxy 模块中,当您的服务器是 HTTP 并且目标是 HTTPS 时,该错误通常会表现出来。
You can avoid this error through the change changeOrigin
flag.您可以通过更改
changeOrigin
标志来避免此错误。
const proxy = httpProxy.createProxyServer(); proxy.web(req, res, { changeOrigin: true, target: https://example.com:3000, });
In case your server is HTTPS and target one is HTTPS as well, you should include SSL certificate
如果您的服务器是 HTTPS 而目标服务器也是 HTTPS,您应该包含 SSL 证书
httpProxy.createServer({ ssl: { key: fs.readFileSync('valid-ssl-key.pem', 'utf8'), cert: fs.readFileSync('valid-ssl-cert.pem', 'utf8') }, target: 'https://example.com:3000', secure: true }).listen(443);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.