expressjs setting tls connect https nginx server f

2019-07-28 23:48发布

How can set the request of expressjs to properly identify a TLS connection with https nginx server so that I can perform authentication through getPeerCertificate?

this is my nginx config to transfer request to expressjs api

location /api {

    proxy_pass http://10.88.132.14:4337/api;     

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;  
}

标签： node.js express nginx

1条回答

迷人小祖宗

2楼-- · 2019-07-29 00:15

You need to pass the SSL-token and then manually decode it. You pass it through adding X-SSL-CERT with the $ssl_client_escaped_cert. Make sure you are using Nginx 1.13 or later as the $ssl_client_escaped_cert didn't exist in 1.12.

location /api {
    proxy_pass http://10.88.132.14:4337/api;     
    proxy_http_version 1.1;
    proxy_set_header   Upgrade $http_upgrade;
    proxy_set_header   Connection 'upgrade';
    proxy_set_header   Host $host;
    proxy_cache_bypass $http_upgrade;  
    proxy_set_header    X-SSL-CERT $ssl_client_escaped_cert;
}

Now you can't use getPeerCertifice() as this requires the full SSL-connection. Instead you decode the x-ssl-cert header from above using the x509 package:

let cert = req.headers['x-ssl-cert'];
try {
  cert = decodeURIComponent(cert);
  console.log(x509.getSubject(cert));
} catch (error) {
  console.log('Bad SSL-certificate?', error);
}

0人赞添加讨论(0) 举报

expressjs setting tls connect https nginx server f

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间