Reverse proxy to map local services and external http(s) domains
Use it with Cloudy
// cloudy.conf.mjs
import proxy from '@cloud-cli/px';
export default { proxy };
All proxies have the following properties:
Options | Description |
---|---|
domain |
Required. entrypoint for reverse proxy |
target |
Required. Any target address, can be local or remote |
cors |
handle CORS request on proxy level. See notes below! |
redirect |
if request comes as http, redirect to https |
redirectUrl |
if provided, issues a Location header and terminates with status 302 instead of proxying a request |
headers |
comma separated headers to set in the outbound connection, e.g. authorisation headers |
authorization |
matches incoming request headers against this value. If strings match, requests can continue. |
Add a proxy to a local service
cy proxy.add --domain "foo.example.com" --target "http://localhost:1234"
Remove a proxy
cy proxy.remove --domain "foo.example.com"
Get details of a proxy
cy proxy.get --domain "foo.example.com"
List proxies
cy proxy.list
List registered domains
cy proxy.domains
Reload all configurations
cy proxy.reload
certificatesFolder = '/etc/letsencrypt/live' or process.env.PX_CERTS_FOLDER
rootDomain = 'example.com' in 'xyz.example.com'
cert = certificatesFolder + '/' + rootDomain + '/' + certificateFile
key = certificatesFolder + '/' + rootDomain + '/' + keyFile
So xyz.example.com points to:
/etc/letsencrypt/live/example.com/fullchain.pem for certificate
/etc/letsencrypt/live/example.com/privkey.pem for private key
CORS handling on proxy level is convenient, but a security risk. Beware:
- All origins are allowed, all common methods and headers, and credentials are enabled.
- In case of an
OPTIONS
request, if coming via CORS (a preflight), an empty response will be send and the request ends before calling the proxied target.
Every request has additional headers:
- x-forwarded-for: the host of the original request. If a proxy is from 'https://foo.example.com' to 'http://localhost:1234', the header will be 'foo.example.com'
- x-forwarded-proto: 'http' or 'https', depends on the original request
- forwarded: the standard header with the same information as the other two above