From 585d3189e44039fcf7c4c44a2f3bdfad07144f30 Mon Sep 17 00:00:00 2001 From: Darren Date: Thu, 23 Jan 2014 20:32:25 +0000 Subject: [PATCH] SSL support on the proxy --- server/kiwi.js | 2 +- server/proxy.js | 41 +++++++++++++++++++++++++++++++++++------ 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/server/kiwi.js b/server/kiwi.js index 0a54e5d..2323a5f 100755 --- a/server/kiwi.js +++ b/server/kiwi.js @@ -233,7 +233,7 @@ _.each(global.config.servers, function (server) { if (server.type == 'proxy') { // Start up a kiwi proxy server var serv = new Proxy.ProxyServer(); - serv.listen(server.port, server.address); + serv.listen(server.port, server.address, server); serv.on('listening', function() { console.log('Kiwi proxy listening on %s:%s %s SSL', server.address, server.port, (server.ssl ? 'with' : 'without')); diff --git a/server/proxy.js b/server/proxy.js index 9ff2ff8..91dbbf1 100644 --- a/server/proxy.js +++ b/server/proxy.js @@ -1,8 +1,9 @@ var stream = require('stream'), util = require('util'), events = require('events'), - net = require("net"), - tls = require("tls"); + net = require('net'), + tls = require('tls'), + fs = require('fs'); module.exports = { @@ -35,11 +36,39 @@ function ProxyServer() { util.inherits(ProxyServer, events.EventEmitter); -ProxyServer.prototype.listen = function(listen_port, listen_addr) { - var that = this; +ProxyServer.prototype.listen = function(listen_port, listen_addr, opts) { + var that = this, + serv_opts = {}; + + opts = opts || {}; + + // Listen using SSL? + if (opts.ssl) { + serv_opts = { + key: fs.readFileSync(opts.ssl_key), + cert: fs.readFileSync(opts.ssl_cert) + }; + + // Do we have an intermediate certificate? + if (typeof opts.ssl_ca !== 'undefined') { + // An array of them? + if (typeof opts.ssl_ca.map !== 'undefined') { + serv_opts.ca = opts.ssl_ca.map(function (f) { return fs.readFileSync(f); }); + + } else { + serv_opts.ca = fs.readFileSync(opts.ssl_ca); + } + } + + this.server = tls.createServer(serv_opts); + + } + + // No SSL, start a simple clear text server + else { + this.server = new net.Server(); + } - // Start listening for proxy connections connections - this.server = new net.Server(); this.server.listen(listen_port, listen_addr, function() { that.emit('listening'); }); -- 2.25.1