Skip to content

Alternatives to http-proxy #1687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
paulrutter opened this issue Nov 8, 2024 · 9 comments
Open

Alternatives to http-proxy #1687

paulrutter opened this issue Nov 8, 2024 · 9 comments

Comments

@paulrutter
Copy link

paulrutter commented Nov 8, 2024
edited
Loading

I've been using this module for a long time for http proxying, but since it's no longer maintained i was looking into alternatives.
For what it's worth, sharing my findings here.

Using node basic modules

My usecase: i have a expressjs app for which i want to proxy all requests to a Node process running on the same machine, on a different port. This code snippet shows how to proxy request/response including error handling.

const stream = require('stream');
const util = require('util');
const pipeline = util.promisify(stream.pipeline);

// proxyPort, req and res are passed here
// proxyPort: 5000
// req: incoming expressjs request
// res: outgoing expressjs response

// custom agent if needed
const proxyAgent = new http.Agent({
  keepAlive: global.PROXY_CONFIG.useKeepAlive,
  maxSockets: global.PROXY_CONFIG.maxSockets
});

// copy over url, method and headers here
const requestOptions = {
  hostname: "localhost",
  port: proxyPort,
  path: req.url,
  method: req.method,
  agent: proxyAgent ,
  headers: req.headers
};

// create the proxy request 
const proxyReq = http.request(requestOptions, async (proxyRes) => {
  // Proxy response headers
  for (const headerName of Object.keys(proxyRes.headers)) {
    res.setHeader(headerName, proxyRes.headers[headerName]);
  }

  // Proxy response status code and message
  res.statusCode = proxyRes.statusCode;
  res.statusMessage = proxyRes.statusMessage;

  // send the response body of the proxied response to the origin response 
  try {
    await pipeline(proxyRes, res);
  } catch (err) {
    // add error handling here or log it at least
   res.send(500).end();
  } finally {
    // proxy is done here, log it?
  }
});

// Proxy the request body
try {
  await pipeline(req, proxyReq);
} catch (error) {
  // add error handling here or log it at least
  res.send(500).end();
} finally {
    // The request body is fully proxied here, if you want to do anything with this information
}

This snippet doesn't offer everything this module offers, but it's easily extendable to add features like adding/removing headers from the request or response. It's all plain node code, no additional module involved.

Other proxy modules or ways to do it

I hope this is helpful to others moving away from http-proxy.
@med8bra
Copy link

med8bra commented Nov 8, 2024

Thanks @paulrutter for this snippet, I was looking into migrating some old code too, and I came up with this using fetch API

async function handler(req: Request): Promise<Response> {
  const parsedUrl = new URL(req.url);
  // transform request
  parsedUrl.host = API_HOST;

  // add forwarded headers
  req.headers.append("x-forwarded-for", req.headers.get("host") ?? DEFAULT_HOST);

  // fetch should handle pipeing ReadStream/WriteStream
  return fetch(new Request(parsedUrl, req));
}

It's pretty simple, but I believe its extendable too to add extra pre/post processing if needed. Currently I'm using this only for dev.

@paulrutter
Copy link
Author

paulrutter commented Nov 8, 2024
edited
Loading

@med8bra thanks, that seems pretty easy as well. It doesn't pipe the proxied response (headers, statusCode, body) though, but that could be added probably.

@paulrutter
Copy link
Author

Another thing to handle in my code snippet would be request timeout and set-cookie headers, which would need to be rewritten (if cookies are relevant to the proxy). Http-proxy does both as well.

@kamuiroeru
Copy link

How about Hono Proxy Helper? I have not tried yet but Hono is nice framework.

@Netail
Copy link

Netail commented Apr 16, 2025

How about Hono Proxy Helper? I have not tried yet but Hono is nice framework.

For us the hono proxy wasn't an option as it does not support websocket

@williamstein
Copy link

It seems like https://www.npmjs.com/package/http-proxy-node16 (i.e., https://github.com/Jimbly/http-proxy-node16) is the closest to a 'maintained' fork right now. Some big projects like JupyterHub have switched to it: https://github.com/jupyterhub/configurable-http-proxy/blob/4.6.2/CHANGELOG.md

@williamstein williamstein mentioned this issue May 5, 2025
Closed
@williamstein
Copy link

williamstein commented May 7, 2025
edited
Loading

I started work on a modern typescript rewrite of http-proxy:

STATUS compared to http-proxy:

  • DISCLAIMER: This mostly works, but obviously is NOT safe to deploy until we get the testing infrastructure in place and fix the bugs that are revealed.
  • Library entirely rewritten in Typescript in a modern style, with many types added internally
  • Switch to pnpm
  • All dependent packages updated to latest versions, addressing all known security vulnerabilities (according to pnpm audit).
  • Code rewritten to not use deprecated/insecure API's, e.g., using URL instead of parse.
  • Fixed major socket leaks in the Websocket proxy code
  • The nontrivial application https://CoCalc.com works using this (but obviously not actually running in production yet -- I just mean my dev version).
  • Examples: Mostly NOT rewritten yet.
  • Tests: Not rewritten yet.

I'm working on this because (1) there are many security issues revealed by "npm audit" which is bad for compliance, (2) the websocket implementation has leaks which are causing problems for my work, and (3) http-proxy is clearly not being maintained anymore, so somebody has to step up.

I hope I can finish the test/examples soon, so that this could be considered usable. Also, unlike with http-proxy, I will be responsive regarding PR's. If anybody is interested in helping out, please do.

-- William

@williamstein
Copy link

I turned many of the examples into unit tests, and I'm now much more confident in http-proxy-3. Again, as mentioned in the README, etc., if anybody wants to contribute in any way, I'm very open to that. E.g., there are a lot of unit tests that could still be updated...

@williamstein
Copy link

I spent all week and modernized ALL the unit tests from the original http-proxy, and also made all of their examples into unit tests that are tested to work (they were not actually tested in http-proxy). I fixed various vulnerabilities and issues (some revealed by unit testing). I also added some tests involving websockets along with instrumenting counting how many sockets are open to ensure leaks like reported here don't recur. It's running live now on http://cocalc.com. So now I think this is ready for general use and contributions:

https://www.npmjs.com/package/http-proxy-3

There are a LOT of tests -- like 5x more lines of test code than the core library. This was a lot of work :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@williamstein @paulrutter @Netail @kamuiroeru @med8bra