Create a Reverse Proxy in NodeJS that can handle multiple secure domains

Question

I'm trying to create a reverse proxy in NodeJS. But I keep running the issue that in that I can only serve one one set of cert/key pair on the same port(443), even though I want to serve multiple domains. I have done the research and keep running into teh same road block:

• A node script that can serve multiple domains secure domain from non-secure local source (http local accessed and served https public)
• Let me dynamically server SSL certificates via domain header
• Example:
  • https ://www.someplace.com:443 will pull from http ://thisipaddress:8000 and use the cert and key files for www.someplace.com
  • https ://www.anotherplace.com:443 will pull from http ://thisipaddress:8080 and use the cert and key files for www.anotherplace.com
  • ect.
• I have looked at using NodeJS's https.createServer(options, [requestListener])
  • But this method supports just one cert/key pair per port
  • I can't find a way to dynamically switch certs based on domain header
  • I can't ask my people to use custom https ports
  • And I'll run into browse SSL certificate error if I serve the same SSL certificate for multiple domain names, even if it is secure
• I looked at node-http-proxy but as far as I can see it has the same limitations
• I looked into Apache mod-proxy and nginx but I would rather have something I have more direct control of

If anyone can show me an example of serving multiple secure domains each with their own certificate from the same port number (443) using NodeJS and either https.createServer or node-http-proxy I would be indebted to you.

Answer 1

Redbird actually does this very gracefully and not too hard to configure either.

https://github.com/OptimalBits/redbird

Answer 2

Let me dynamically server SSL certificates via domain header

There is no domain header so I guess you mean the Host header in the HTTP request. But, this will not work because

• HTTPS is HTTP encapsulated inside SSL
• therefore you first have to do your SSL layer (e.g. SSL handshake, which requires the certificates), then comes the HTTP layer
• but the Host header is inside the HTTP layer :(

In former times you would need to have a single IP address for each SSL certificate. Current browsers do support SNI (server name indication), which sends the expected target host already inside the SSL layer. It looks like node.js does support this, look for SNICallback. But, beware that there are still enough libraries out there, which either don't support SNI on the client side at all or where one needs to use it explicitly. But, as long you only want to support browsers this should be ok.