@push.rocks/smartproxy 12.0.0 → 13.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist_ts/00_commitinfo_data.js +1 -1
- package/dist_ts/certificate/acme/acme-factory.d.ts +17 -0
- package/dist_ts/certificate/acme/acme-factory.js +40 -0
- package/dist_ts/certificate/acme/challenge-handler.d.ts +44 -0
- package/dist_ts/certificate/acme/challenge-handler.js +92 -0
- package/dist_ts/certificate/acme/index.d.ts +4 -0
- package/dist_ts/certificate/acme/index.js +5 -0
- package/dist_ts/certificate/events/certificate-events.d.ts +33 -0
- package/dist_ts/certificate/events/certificate-events.js +38 -0
- package/dist_ts/certificate/index.d.ts +24 -0
- package/dist_ts/certificate/index.js +39 -0
- package/dist_ts/certificate/models/certificate-types.d.ts +77 -0
- package/dist_ts/certificate/models/certificate-types.js +2 -0
- package/dist_ts/certificate/providers/cert-provisioner.d.ts +93 -0
- package/dist_ts/certificate/providers/cert-provisioner.js +262 -0
- package/dist_ts/certificate/providers/index.d.ts +4 -0
- package/dist_ts/certificate/providers/index.js +5 -0
- package/dist_ts/certificate/storage/file-storage.d.ts +66 -0
- package/dist_ts/certificate/storage/file-storage.js +194 -0
- package/dist_ts/certificate/storage/index.d.ts +4 -0
- package/dist_ts/certificate/storage/index.js +5 -0
- package/dist_ts/certificate/utils/certificate-helpers.d.ts +17 -0
- package/dist_ts/certificate/utils/certificate-helpers.js +45 -0
- package/dist_ts/common/eventUtils.d.ts +1 -1
- package/dist_ts/common/port80-adapter.d.ts +1 -1
- package/dist_ts/core/events/index.d.ts +4 -0
- package/dist_ts/core/events/index.js +5 -0
- package/dist_ts/core/index.d.ts +6 -0
- package/dist_ts/core/index.js +8 -0
- package/dist_ts/core/models/common-types.d.ts +82 -0
- package/dist_ts/core/models/common-types.js +15 -0
- package/dist_ts/core/models/index.d.ts +4 -0
- package/dist_ts/core/models/index.js +5 -0
- package/dist_ts/core/utils/event-utils.d.ts +15 -0
- package/dist_ts/core/utils/event-utils.js +19 -0
- package/dist_ts/core/utils/index.d.ts +6 -0
- package/dist_ts/core/utils/index.js +7 -0
- package/dist_ts/core/utils/ip-utils.d.ts +53 -0
- package/dist_ts/core/utils/ip-utils.js +153 -0
- package/dist_ts/core/utils/validation-utils.d.ts +61 -0
- package/dist_ts/core/utils/validation-utils.js +149 -0
- package/dist_ts/forwarding/config/domain-config.d.ts +12 -0
- package/dist_ts/forwarding/config/domain-config.js +12 -0
- package/dist_ts/forwarding/config/domain-manager.d.ts +86 -0
- package/dist_ts/forwarding/config/domain-manager.js +242 -0
- package/dist_ts/forwarding/config/forwarding-types.d.ts +104 -0
- package/dist_ts/forwarding/config/forwarding-types.js +50 -0
- package/dist_ts/forwarding/config/index.d.ts +6 -0
- package/dist_ts/forwarding/config/index.js +7 -0
- package/dist_ts/forwarding/factory/forwarding-factory.d.ts +25 -0
- package/dist_ts/forwarding/factory/forwarding-factory.js +138 -0
- package/dist_ts/forwarding/factory/index.d.ts +4 -0
- package/dist_ts/forwarding/factory/index.js +5 -0
- package/dist_ts/forwarding/handlers/base-handler.d.ts +55 -0
- package/dist_ts/forwarding/handlers/base-handler.js +94 -0
- package/dist_ts/forwarding/handlers/http-handler.d.ts +30 -0
- package/dist_ts/forwarding/handlers/http-handler.js +131 -0
- package/dist_ts/forwarding/handlers/https-passthrough-handler.d.ts +29 -0
- package/dist_ts/forwarding/handlers/https-passthrough-handler.js +162 -0
- package/dist_ts/forwarding/handlers/https-terminate-to-http-handler.d.ts +36 -0
- package/dist_ts/forwarding/handlers/https-terminate-to-http-handler.js +229 -0
- package/dist_ts/forwarding/handlers/https-terminate-to-https-handler.d.ts +35 -0
- package/dist_ts/forwarding/handlers/https-terminate-to-https-handler.js +254 -0
- package/dist_ts/forwarding/handlers/index.d.ts +8 -0
- package/dist_ts/forwarding/handlers/index.js +9 -0
- package/dist_ts/forwarding/index.d.ts +19 -0
- package/dist_ts/forwarding/index.js +25 -0
- package/dist_ts/http/index.d.ts +15 -0
- package/dist_ts/http/index.js +20 -0
- package/dist_ts/http/models/http-types.d.ts +81 -0
- package/dist_ts/http/models/http-types.js +62 -0
- package/dist_ts/http/port80/acme-interfaces.d.ts +78 -0
- package/dist_ts/http/port80/acme-interfaces.js +6 -0
- package/dist_ts/http/port80/challenge-responder.d.ts +53 -0
- package/dist_ts/http/port80/challenge-responder.js +203 -0
- package/dist_ts/http/port80/index.d.ts +6 -0
- package/dist_ts/http/port80/index.js +9 -0
- package/dist_ts/http/port80/port80-handler.d.ts +121 -0
- package/dist_ts/http/port80/port80-handler.js +554 -0
- package/dist_ts/http/redirects/index.d.ts +4 -0
- package/dist_ts/http/redirects/index.js +5 -0
- package/dist_ts/http/router/index.d.ts +4 -0
- package/dist_ts/http/router/index.js +5 -0
- package/dist_ts/http/router/proxy-router.d.ts +115 -0
- package/dist_ts/http/router/proxy-router.js +325 -0
- package/dist_ts/index.d.ts +15 -8
- package/dist_ts/index.js +26 -10
- package/dist_ts/networkproxy/classes.np.certificatemanager.js +2 -2
- package/dist_ts/networkproxy/index.d.ts +1 -6
- package/dist_ts/networkproxy/index.js +4 -8
- package/dist_ts/plugins.d.ts +2 -1
- package/dist_ts/plugins.js +3 -2
- package/dist_ts/port80handler/classes.port80handler.d.ts +8 -136
- package/dist_ts/port80handler/classes.port80handler.js +14 -567
- package/dist_ts/proxies/index.d.ts +6 -0
- package/dist_ts/proxies/index.js +8 -0
- package/dist_ts/proxies/network-proxy/certificate-manager.d.ts +77 -0
- package/dist_ts/proxies/network-proxy/certificate-manager.js +373 -0
- package/dist_ts/proxies/network-proxy/connection-pool.d.ts +47 -0
- package/dist_ts/proxies/network-proxy/connection-pool.js +210 -0
- package/dist_ts/proxies/network-proxy/index.d.ts +10 -0
- package/dist_ts/proxies/network-proxy/index.js +12 -0
- package/dist_ts/proxies/network-proxy/models/index.d.ts +4 -0
- package/dist_ts/proxies/network-proxy/models/index.js +5 -0
- package/dist_ts/proxies/network-proxy/models/types.d.ts +80 -0
- package/dist_ts/proxies/network-proxy/models/types.js +35 -0
- package/dist_ts/proxies/network-proxy/network-proxy.d.ts +118 -0
- package/dist_ts/proxies/network-proxy/network-proxy.js +387 -0
- package/dist_ts/proxies/network-proxy/request-handler.d.ts +57 -0
- package/dist_ts/proxies/network-proxy/request-handler.js +394 -0
- package/dist_ts/proxies/network-proxy/websocket-handler.d.ts +38 -0
- package/dist_ts/proxies/network-proxy/websocket-handler.js +188 -0
- package/dist_ts/proxies/nftables-proxy/index.d.ts +5 -0
- package/dist_ts/proxies/nftables-proxy/index.js +6 -0
- package/dist_ts/proxies/nftables-proxy/models/errors.d.ts +15 -0
- package/dist_ts/proxies/nftables-proxy/models/errors.js +28 -0
- package/dist_ts/proxies/nftables-proxy/models/index.d.ts +5 -0
- package/dist_ts/proxies/nftables-proxy/models/index.js +6 -0
- package/dist_ts/proxies/nftables-proxy/models/interfaces.d.ts +75 -0
- package/dist_ts/proxies/nftables-proxy/models/interfaces.js +5 -0
- package/dist_ts/proxies/nftables-proxy/nftables-proxy.d.ts +136 -0
- package/dist_ts/proxies/nftables-proxy/nftables-proxy.js +1516 -0
- package/dist_ts/proxies/smart-proxy/connection-handler.d.ts +39 -0
- package/dist_ts/proxies/smart-proxy/connection-handler.js +894 -0
- package/dist_ts/proxies/smart-proxy/connection-manager.d.ts +78 -0
- package/dist_ts/proxies/smart-proxy/connection-manager.js +378 -0
- package/dist_ts/proxies/smart-proxy/domain-config-manager.d.ts +95 -0
- package/dist_ts/proxies/smart-proxy/domain-config-manager.js +255 -0
- package/dist_ts/proxies/smart-proxy/index.d.ts +13 -0
- package/dist_ts/proxies/smart-proxy/index.js +17 -0
- package/dist_ts/proxies/smart-proxy/models/index.d.ts +4 -0
- package/dist_ts/proxies/smart-proxy/models/index.js +5 -0
- package/dist_ts/proxies/smart-proxy/models/interfaces.d.ts +107 -0
- package/dist_ts/proxies/smart-proxy/models/interfaces.js +2 -0
- package/dist_ts/proxies/smart-proxy/network-proxy-bridge.d.ts +62 -0
- package/dist_ts/proxies/smart-proxy/network-proxy-bridge.js +316 -0
- package/dist_ts/proxies/smart-proxy/port-range-manager.d.ts +56 -0
- package/dist_ts/proxies/smart-proxy/port-range-manager.js +176 -0
- package/dist_ts/proxies/smart-proxy/security-manager.d.ts +64 -0
- package/dist_ts/proxies/smart-proxy/security-manager.js +149 -0
- package/dist_ts/proxies/smart-proxy/smart-proxy.d.ts +63 -0
- package/dist_ts/proxies/smart-proxy/smart-proxy.js +523 -0
- package/dist_ts/proxies/smart-proxy/timeout-manager.d.ts +47 -0
- package/dist_ts/proxies/smart-proxy/timeout-manager.js +154 -0
- package/dist_ts/proxies/smart-proxy/tls-manager.d.ts +57 -0
- package/dist_ts/proxies/smart-proxy/tls-manager.js +132 -0
- package/dist_ts/smartproxy/classes.pp.networkproxybridge.d.ts +2 -2
- package/dist_ts/smartproxy/classes.pp.networkproxybridge.js +1 -1
- package/dist_ts/smartproxy/classes.pp.tlsmanager.js +2 -2
- package/dist_ts/smartproxy/classes.smartproxy.js +3 -3
- package/dist_ts/tls/alerts/index.d.ts +4 -0
- package/dist_ts/tls/alerts/index.js +5 -0
- package/dist_ts/tls/alerts/tls-alert.d.ts +150 -0
- package/dist_ts/tls/alerts/tls-alert.js +226 -0
- package/dist_ts/tls/index.d.ts +18 -0
- package/dist_ts/tls/index.js +27 -0
- package/dist_ts/tls/sni/client-hello-parser.d.ts +100 -0
- package/dist_ts/tls/sni/client-hello-parser.js +463 -0
- package/dist_ts/tls/sni/index.d.ts +4 -0
- package/dist_ts/tls/sni/index.js +5 -0
- package/dist_ts/tls/sni/sni-extraction.d.ts +58 -0
- package/dist_ts/tls/sni/sni-extraction.js +275 -0
- package/dist_ts/tls/sni/sni-handler.d.ts +154 -0
- package/dist_ts/tls/sni/sni-handler.js +191 -0
- package/dist_ts/tls/utils/index.d.ts +4 -0
- package/dist_ts/tls/utils/index.js +5 -0
- package/dist_ts/tls/utils/tls-utils.d.ts +158 -0
- package/dist_ts/tls/utils/tls-utils.js +187 -0
- package/package.json +1 -1
- package/readme.md +499 -220
- package/readme.plan.md +253 -469
- package/ts/00_commitinfo_data.ts +1 -1
- package/ts/certificate/acme/acme-factory.ts +48 -0
- package/ts/certificate/acme/challenge-handler.ts +110 -0
- package/ts/certificate/acme/index.ts +3 -0
- package/ts/certificate/events/certificate-events.ts +36 -0
- package/ts/certificate/index.ts +67 -0
- package/ts/certificate/models/certificate-types.ts +88 -0
- package/ts/certificate/providers/cert-provisioner.ts +326 -0
- package/ts/certificate/providers/index.ts +3 -0
- package/ts/certificate/storage/file-storage.ts +234 -0
- package/ts/certificate/storage/index.ts +3 -0
- package/ts/certificate/utils/certificate-helpers.ts +50 -0
- package/ts/common/eventUtils.ts +1 -1
- package/ts/common/port80-adapter.ts +1 -1
- package/ts/core/events/index.ts +3 -0
- package/ts/core/index.ts +8 -0
- package/ts/core/models/common-types.ts +91 -0
- package/ts/core/models/index.ts +5 -0
- package/ts/core/utils/event-utils.ts +34 -0
- package/ts/core/utils/index.ts +7 -0
- package/ts/core/utils/ip-utils.ts +175 -0
- package/ts/core/utils/validation-utils.ts +177 -0
- package/ts/{smartproxy/forwarding → forwarding/config}/domain-config.ts +1 -1
- package/ts/{smartproxy/forwarding → forwarding/config}/domain-manager.ts +8 -8
- package/ts/{smartproxy/types/forwarding.types.ts → forwarding/config/forwarding-types.ts} +6 -6
- package/ts/forwarding/config/index.ts +7 -0
- package/ts/{smartproxy/forwarding/forwarding.factory.ts → forwarding/factory/forwarding-factory.ts} +12 -11
- package/ts/forwarding/factory/index.ts +5 -0
- package/ts/{smartproxy/forwarding/forwarding.handler.ts → forwarding/handlers/base-handler.ts} +2 -2
- package/ts/{smartproxy/forwarding/http.handler.ts → forwarding/handlers/http-handler.ts} +13 -4
- package/ts/{smartproxy/forwarding/https-passthrough.handler.ts → forwarding/handlers/https-passthrough-handler.ts} +13 -4
- package/ts/{smartproxy/forwarding/https-terminate-to-http.handler.ts → forwarding/handlers/https-terminate-to-http-handler.ts} +3 -3
- package/ts/{smartproxy/forwarding/https-terminate-to-https.handler.ts → forwarding/handlers/https-terminate-to-https-handler.ts} +3 -3
- package/ts/forwarding/handlers/index.ts +9 -0
- package/ts/forwarding/index.ts +34 -0
- package/ts/http/index.ts +23 -0
- package/ts/http/models/http-types.ts +105 -0
- package/ts/http/port80/acme-interfaces.ts +85 -0
- package/ts/http/port80/challenge-responder.ts +246 -0
- package/ts/http/port80/index.ts +13 -0
- package/ts/{port80handler/classes.port80handler.ts → http/port80/port80-handler.ts} +164 -161
- package/ts/http/redirects/index.ts +3 -0
- package/ts/http/router/index.ts +5 -0
- package/ts/{classes.router.ts → http/router/proxy-router.ts} +27 -20
- package/ts/index.ts +32 -9
- package/ts/plugins.ts +2 -1
- package/ts/proxies/index.ts +8 -0
- package/ts/{networkproxy/classes.np.certificatemanager.ts → proxies/network-proxy/certificate-manager.ts} +17 -16
- package/ts/{networkproxy/classes.np.connectionpool.ts → proxies/network-proxy/connection-pool.ts} +3 -3
- package/ts/proxies/network-proxy/index.ts +13 -0
- package/ts/proxies/network-proxy/models/index.ts +4 -0
- package/ts/{networkproxy/classes.np.types.ts → proxies/network-proxy/models/types.ts} +7 -11
- package/ts/{networkproxy/classes.np.networkproxy.ts → proxies/network-proxy/network-proxy.ts} +31 -24
- package/ts/{networkproxy/classes.np.requesthandler.ts → proxies/network-proxy/request-handler.ts} +12 -7
- package/ts/{networkproxy/classes.np.websockethandler.ts → proxies/network-proxy/websocket-handler.ts} +6 -6
- package/ts/proxies/nftables-proxy/index.ts +5 -0
- package/ts/proxies/nftables-proxy/models/errors.ts +30 -0
- package/ts/proxies/nftables-proxy/models/index.ts +5 -0
- package/ts/proxies/nftables-proxy/models/interfaces.ts +94 -0
- package/ts/{nfttablesproxy/classes.nftablesproxy.ts → proxies/nftables-proxy/nftables-proxy.ts} +24 -126
- package/ts/{smartproxy/classes.pp.connectionhandler.ts → proxies/smart-proxy/connection-handler.ts} +12 -12
- package/ts/{smartproxy/classes.pp.connectionmanager.ts → proxies/smart-proxy/connection-manager.ts} +8 -8
- package/ts/{smartproxy/classes.pp.domainconfigmanager.ts → proxies/smart-proxy/domain-config-manager.ts} +15 -14
- package/ts/proxies/smart-proxy/index.ts +18 -0
- package/ts/proxies/smart-proxy/models/index.ts +4 -0
- package/ts/{smartproxy/classes.pp.interfaces.ts → proxies/smart-proxy/models/interfaces.ts} +12 -8
- package/ts/{smartproxy/classes.pp.networkproxybridge.ts → proxies/smart-proxy/network-proxy-bridge.ts} +14 -14
- package/ts/{smartproxy/classes.pp.portrangemanager.ts → proxies/smart-proxy/port-range-manager.ts} +1 -1
- package/ts/{smartproxy/classes.pp.securitymanager.ts → proxies/smart-proxy/security-manager.ts} +3 -3
- package/ts/{smartproxy/classes.smartproxy.ts → proxies/smart-proxy/smart-proxy.ts} +29 -24
- package/ts/{smartproxy/classes.pp.timeoutmanager.ts → proxies/smart-proxy/timeout-manager.ts} +3 -3
- package/ts/{smartproxy/classes.pp.tlsmanager.ts → proxies/smart-proxy/tls-manager.ts} +3 -3
- package/ts/tls/alerts/index.ts +3 -0
- package/ts/{smartproxy/classes.pp.tlsalert.ts → tls/alerts/tls-alert.ts} +44 -43
- package/ts/tls/index.ts +33 -0
- package/ts/tls/sni/client-hello-parser.ts +629 -0
- package/ts/tls/sni/index.ts +3 -0
- package/ts/tls/sni/sni-extraction.ts +353 -0
- package/ts/tls/sni/sni-handler.ts +264 -0
- package/ts/tls/utils/index.ts +3 -0
- package/ts/tls/utils/tls-utils.ts +201 -0
- package/ts/common/acmeFactory.ts +0 -23
- package/ts/helpers.certificates.ts +0 -30
- package/ts/networkproxy/index.ts +0 -7
- package/ts/smartproxy/classes.pp.certprovisioner.ts +0 -200
- package/ts/smartproxy/classes.pp.snihandler.ts +0 -1281
- package/ts/smartproxy/forwarding/index.ts +0 -52
package/readme.md
CHANGED
|
@@ -1,37 +1,103 @@
|
|
|
1
1
|
# @push.rocks/smartproxy
|
|
2
2
|
|
|
3
|
-
A high-performance proxy toolkit for Node.js,
|
|
4
|
-
|
|
5
|
-
-
|
|
6
|
-
-
|
|
7
|
-
-
|
|
8
|
-
- Advanced TCP/SNI-based
|
|
9
|
-
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
3
|
+
A unified high-performance proxy toolkit for Node.js, with **SmartProxy** as the central API to handle all your proxy needs:
|
|
4
|
+
|
|
5
|
+
- **Unified Configuration API**: One consistent way to configure various proxy types
|
|
6
|
+
- **SSL/TLS Support**: Automatic HTTPS with Let's Encrypt certificate provisioning
|
|
7
|
+
- **Simplified Domain Management**: Easy routing based on domain names with wildcard support
|
|
8
|
+
- **Advanced SNI Handling**: Smart TCP/SNI-based forwarding with IP filtering
|
|
9
|
+
- **Multiple Forwarding Types**: HTTP-only, HTTPS passthrough, TLS termination options
|
|
10
|
+
- **Security Features**: IP allowlists, connection limits, timeouts, and more
|
|
11
|
+
|
|
12
|
+
## Project Architecture Overview
|
|
13
|
+
|
|
14
|
+
SmartProxy has been restructured using a modern, modular architecture to improve maintainability and clarity:
|
|
15
|
+
|
|
16
|
+
```
|
|
17
|
+
/ts
|
|
18
|
+
├── /core # Core functionality
|
|
19
|
+
│ ├── /models # Data models and interfaces
|
|
20
|
+
│ ├── /utils # Shared utilities (IP validation, logging, etc.)
|
|
21
|
+
│ └── /events # Common event definitions
|
|
22
|
+
├── /certificate # Certificate management
|
|
23
|
+
│ ├── /acme # ACME-specific functionality
|
|
24
|
+
│ ├── /providers # Certificate providers (static, ACME)
|
|
25
|
+
│ └── /storage # Certificate storage mechanisms
|
|
26
|
+
├── /forwarding # Forwarding system
|
|
27
|
+
│ ├── /handlers # Various forwarding handlers
|
|
28
|
+
│ │ ├── base-handler.ts # Abstract base handler
|
|
29
|
+
│ │ ├── http-handler.ts # HTTP-only handler
|
|
30
|
+
│ │ └── ... # Other handlers
|
|
31
|
+
│ ├── /config # Configuration models
|
|
32
|
+
│ │ ├── forwarding-types.ts # Type definitions
|
|
33
|
+
│ │ ├── domain-config.ts # Domain config utilities
|
|
34
|
+
│ │ └── domain-manager.ts # Domain routing manager
|
|
35
|
+
│ └── /factory # Factory for creating handlers
|
|
36
|
+
├── /proxies # Different proxy implementations
|
|
37
|
+
│ ├── /smart-proxy # SmartProxy implementation
|
|
38
|
+
│ │ ├── /models # SmartProxy-specific interfaces
|
|
39
|
+
│ │ ├── smart-proxy.ts # Main SmartProxy class
|
|
40
|
+
│ │ └── ... # Supporting classes
|
|
41
|
+
│ ├── /network-proxy # NetworkProxy implementation
|
|
42
|
+
│ │ ├── /models # NetworkProxy-specific interfaces
|
|
43
|
+
│ │ ├── network-proxy.ts # Main NetworkProxy class
|
|
44
|
+
│ │ └── ... # Supporting classes
|
|
45
|
+
│ └── /nftables-proxy # NfTablesProxy implementation
|
|
46
|
+
├── /tls # TLS-specific functionality
|
|
47
|
+
│ ├── /sni # SNI handling components
|
|
48
|
+
│ └── /alerts # TLS alerts system
|
|
49
|
+
└── /http # HTTP-specific functionality
|
|
50
|
+
├── /port80 # Port80Handler components
|
|
51
|
+
├── /router # HTTP routing system
|
|
52
|
+
└── /redirects # Redirect handlers
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
## Main Components
|
|
56
|
+
|
|
57
|
+
### Primary API (Recommended)
|
|
58
|
+
|
|
59
|
+
- **SmartProxy** (`ts/proxies/smart-proxy/smart-proxy.ts`)
|
|
60
|
+
The central unified API for all proxy needs, featuring:
|
|
61
|
+
- Domain-based routing with SNI inspection
|
|
62
|
+
- Automatic certificate management
|
|
63
|
+
- Multiple forwarding types in one configuration
|
|
64
|
+
- Advanced security controls
|
|
65
|
+
- Flexible backend targeting options
|
|
66
|
+
|
|
67
|
+
### Helper Functions
|
|
68
|
+
|
|
69
|
+
- **createDomainConfig**
|
|
70
|
+
Create domain configuration with clean syntax
|
|
71
|
+
- **httpOnly**, **httpsPassthrough**, **tlsTerminateToHttp**, **tlsTerminateToHttps**
|
|
72
|
+
Helper functions to create different forwarding configurations
|
|
73
|
+
|
|
74
|
+
### Specialized Components
|
|
75
|
+
|
|
76
|
+
- **NetworkProxy** (`ts/proxies/network-proxy/network-proxy.ts`)
|
|
77
|
+
HTTP/HTTPS reverse proxy with TLS termination and WebSocket support
|
|
78
|
+
- **Port80Handler** (`ts/http/port80/port80-handler.ts`)
|
|
79
|
+
ACME HTTP-01 challenge handler for Let's Encrypt certificates
|
|
80
|
+
- **NfTablesProxy** (`ts/proxies/nftables-proxy/nftables-proxy.ts`)
|
|
81
|
+
Low-level port forwarding using nftables NAT rules
|
|
82
|
+
- **Redirect**, **SslRedirect** (`ts/http/redirects/redirect-handler.ts`)
|
|
83
|
+
HTTP-to-HTTPS redirects with customizable rules
|
|
84
|
+
- **SniHandler** (`ts/tls/sni/sni-handler.ts`)
|
|
85
|
+
Utilities for SNI extraction from TLS handshakes
|
|
86
|
+
|
|
87
|
+
### Core Utilities
|
|
88
|
+
|
|
89
|
+
- **ValidationUtils** (`ts/core/utils/validation-utils.ts`)
|
|
90
|
+
Domain, port, and configuration validation
|
|
91
|
+
- **IpUtils** (`ts/core/utils/ip-utils.ts`)
|
|
92
|
+
IP address validation and filtering with glob patterns
|
|
93
|
+
|
|
94
|
+
### Interfaces and Types
|
|
95
|
+
|
|
96
|
+
- `ISmartProxyOptions`, `IDomainConfig` (`ts/proxies/smart-proxy/models/interfaces.ts`)
|
|
97
|
+
- `IForwardConfig`, `TForwardingType` (`ts/forwarding/config/forwarding-types.ts`)
|
|
98
|
+
- `INetworkProxyOptions` (`ts/proxies/network-proxy/models/types.ts`)
|
|
99
|
+
- `IAcmeOptions`, `IDomainOptions` (`ts/certificate/models/certificate-types.ts`)
|
|
100
|
+
- `INfTableProxySettings` (`ts/proxies/nftables-proxy/models/interfaces.ts`)
|
|
35
101
|
|
|
36
102
|
## Installation
|
|
37
103
|
Install via npm:
|
|
@@ -39,15 +105,142 @@ Install via npm:
|
|
|
39
105
|
npm install @push.rocks/smartproxy
|
|
40
106
|
```
|
|
41
107
|
|
|
42
|
-
## Quick Start
|
|
108
|
+
## Quick Start with SmartProxy
|
|
109
|
+
|
|
110
|
+
SmartProxy is the recommended way to use this library, providing a unified API for all proxy scenarios.
|
|
111
|
+
|
|
112
|
+
```typescript
|
|
113
|
+
import { SmartProxy, createDomainConfig, httpOnly, tlsTerminateToHttp, httpsPassthrough } from '@push.rocks/smartproxy';
|
|
114
|
+
|
|
115
|
+
// Create a new SmartProxy instance with all your domain configurations in one place
|
|
116
|
+
const proxy = new SmartProxy({
|
|
117
|
+
// Listen on port 443 for incoming connections
|
|
118
|
+
fromPort: 443,
|
|
119
|
+
|
|
120
|
+
// Configure domains and their forwarding rules
|
|
121
|
+
domainConfigs: [
|
|
122
|
+
// Basic HTTP forwarding for api.example.com
|
|
123
|
+
createDomainConfig('api.example.com', httpOnly({
|
|
124
|
+
target: { host: 'localhost', port: 3000 }
|
|
125
|
+
})),
|
|
126
|
+
|
|
127
|
+
// HTTPS termination with automatic Let's Encrypt certificates
|
|
128
|
+
createDomainConfig('secure.example.com', tlsTerminateToHttp({
|
|
129
|
+
target: { host: 'localhost', port: 8080 },
|
|
130
|
+
acme: {
|
|
131
|
+
enabled: true,
|
|
132
|
+
production: true
|
|
133
|
+
}
|
|
134
|
+
})),
|
|
135
|
+
|
|
136
|
+
// Multiple domains with wildcard support
|
|
137
|
+
createDomainConfig(['example.com', '*.example.com'], httpsPassthrough({
|
|
138
|
+
target: {
|
|
139
|
+
// Load balancing across multiple backend servers
|
|
140
|
+
host: ['192.168.1.10', '192.168.1.11'],
|
|
141
|
+
port: 443
|
|
142
|
+
},
|
|
143
|
+
security: {
|
|
144
|
+
// IP filtering for enhanced security
|
|
145
|
+
allowedIps: ['10.0.0.*', '192.168.1.*'],
|
|
146
|
+
blockedIps: ['1.2.3.4']
|
|
147
|
+
}
|
|
148
|
+
}))
|
|
149
|
+
],
|
|
150
|
+
|
|
151
|
+
// Enable SNI-based routing
|
|
152
|
+
sniEnabled: true,
|
|
153
|
+
|
|
154
|
+
// Automatic Let's Encrypt integration
|
|
155
|
+
acme: {
|
|
156
|
+
enabled: true,
|
|
157
|
+
contactEmail: 'admin@example.com',
|
|
158
|
+
useProduction: true
|
|
159
|
+
}
|
|
160
|
+
});
|
|
161
|
+
|
|
162
|
+
// Listen for certificate events
|
|
163
|
+
proxy.on('certificate', evt => {
|
|
164
|
+
console.log(`Certificate for ${evt.domain} ready, expires: ${evt.expiryDate}`);
|
|
165
|
+
});
|
|
166
|
+
|
|
167
|
+
// Start the proxy
|
|
168
|
+
await proxy.start();
|
|
169
|
+
|
|
170
|
+
// Dynamically add or update domain configurations later
|
|
171
|
+
await proxy.updateDomainConfigs([
|
|
172
|
+
createDomainConfig('new-domain.com', tlsTerminateToHttp({
|
|
173
|
+
target: { host: 'localhost', port: 9000 }
|
|
174
|
+
}))
|
|
175
|
+
]);
|
|
176
|
+
|
|
177
|
+
// Later, gracefully shut down
|
|
178
|
+
await proxy.stop();
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
### What You Can Do with SmartProxy
|
|
182
|
+
|
|
183
|
+
1. **Domain-Based Routing**
|
|
184
|
+
```typescript
|
|
185
|
+
// Route requests for different domains to different backend servers
|
|
186
|
+
createDomainConfig('api.example.com', httpOnly({
|
|
187
|
+
target: { host: 'api-server', port: 3000 }
|
|
188
|
+
}))
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
2. **Automatic SSL with Let's Encrypt**
|
|
192
|
+
```typescript
|
|
193
|
+
// Get and automatically renew certificates
|
|
194
|
+
createDomainConfig('secure.example.com', tlsTerminateToHttp({
|
|
195
|
+
target: { host: 'localhost', port: 8080 },
|
|
196
|
+
acme: { enabled: true, production: true }
|
|
197
|
+
}))
|
|
198
|
+
```
|
|
199
|
+
|
|
200
|
+
3. **Load Balancing**
|
|
201
|
+
```typescript
|
|
202
|
+
// Distribute traffic across multiple backend servers
|
|
203
|
+
createDomainConfig('app.example.com', httpOnly({
|
|
204
|
+
target: {
|
|
205
|
+
host: ['10.0.0.1', '10.0.0.2', '10.0.0.3'],
|
|
206
|
+
port: 8080
|
|
207
|
+
}
|
|
208
|
+
}))
|
|
209
|
+
```
|
|
210
|
+
|
|
211
|
+
4. **Security Controls**
|
|
212
|
+
```typescript
|
|
213
|
+
// Restrict access based on IP addresses
|
|
214
|
+
createDomainConfig('admin.example.com', httpOnly({
|
|
215
|
+
target: { host: 'localhost', port: 8080 },
|
|
216
|
+
security: {
|
|
217
|
+
allowedIps: ['10.0.0.*', '192.168.1.*'],
|
|
218
|
+
maxConnections: 100
|
|
219
|
+
}
|
|
220
|
+
}))
|
|
221
|
+
```
|
|
222
|
+
|
|
223
|
+
5. **Wildcard Domains**
|
|
224
|
+
```typescript
|
|
225
|
+
// Handle all subdomains with one config
|
|
226
|
+
createDomainConfig(['example.com', '*.example.com'], httpsPassthrough({
|
|
227
|
+
target: { host: 'backend-server', port: 443 }
|
|
228
|
+
}))
|
|
229
|
+
```
|
|
230
|
+
|
|
231
|
+
## Other Components
|
|
232
|
+
|
|
233
|
+
While SmartProxy provides a unified API for most needs, you can also use individual components:
|
|
234
|
+
|
|
235
|
+
### NetworkProxy
|
|
236
|
+
For HTTP/HTTPS reverse proxy with TLS termination and WebSocket support:
|
|
43
237
|
|
|
44
|
-
### 1. HTTP(S) Reverse Proxy (NetworkProxy)
|
|
45
238
|
```typescript
|
|
46
239
|
import { NetworkProxy } from '@push.rocks/smartproxy';
|
|
240
|
+
import * as fs from 'fs';
|
|
47
241
|
|
|
48
242
|
const proxy = new NetworkProxy({ port: 443 });
|
|
49
243
|
await proxy.start();
|
|
50
|
-
|
|
51
244
|
await proxy.updateProxyConfigs([
|
|
52
245
|
{
|
|
53
246
|
hostName: 'example.com',
|
|
@@ -57,148 +250,59 @@ await proxy.updateProxyConfigs([
|
|
|
57
250
|
privateKey: fs.readFileSync('key.pem', 'utf8'),
|
|
58
251
|
}
|
|
59
252
|
]);
|
|
60
|
-
|
|
61
|
-
// Add default headers to all responses
|
|
62
|
-
await proxy.addDefaultHeaders({
|
|
63
|
-
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
|
|
64
|
-
});
|
|
65
|
-
// ...
|
|
66
|
-
await proxy.stop();
|
|
67
253
|
```
|
|
68
254
|
|
|
69
|
-
###
|
|
70
|
-
|
|
71
|
-
import { Redirect, SslRedirect } from '@push.rocks/smartproxy';
|
|
72
|
-
import * as fs from 'fs';
|
|
73
|
-
|
|
74
|
-
// Custom redirect rules
|
|
75
|
-
const redirect = new Redirect({
|
|
76
|
-
httpPort: 80,
|
|
77
|
-
httpsPort: 443,
|
|
78
|
-
sslOptions: {
|
|
79
|
-
key: fs.readFileSync('key.pem'),
|
|
80
|
-
cert: fs.readFileSync('cert.pem'),
|
|
81
|
-
},
|
|
82
|
-
rules: [
|
|
83
|
-
{
|
|
84
|
-
fromProtocol: 'http',
|
|
85
|
-
fromHost: '*',
|
|
86
|
-
toProtocol: 'https',
|
|
87
|
-
toHost: '$1',
|
|
88
|
-
statusCode: 301
|
|
89
|
-
}
|
|
90
|
-
]
|
|
91
|
-
});
|
|
92
|
-
await redirect.start();
|
|
93
|
-
|
|
94
|
-
// Quick HTTP→HTTPS helper on port 80
|
|
95
|
-
const quick = new SslRedirect(80);
|
|
96
|
-
await quick.start();
|
|
97
|
-
```
|
|
255
|
+
### Port80Handler
|
|
256
|
+
For standalone ACME certificate management:
|
|
98
257
|
|
|
99
|
-
### 3. Automatic Certificates (ACME Port80Handler)
|
|
100
258
|
```typescript
|
|
101
259
|
import { Port80Handler } from '@push.rocks/smartproxy';
|
|
102
260
|
|
|
103
|
-
// Configure ACME on port 80 with contact email
|
|
104
261
|
const acme = new Port80Handler({
|
|
105
262
|
port: 80,
|
|
106
263
|
contactEmail: 'admin@example.com',
|
|
107
|
-
useProduction: true
|
|
108
|
-
renewThresholdDays: 30
|
|
109
|
-
});
|
|
110
|
-
acme.on('certificate-issued', evt => {
|
|
111
|
-
console.log(`Certificate ready for ${evt.domain}, expires ${evt.expiryDate}`);
|
|
264
|
+
useProduction: true
|
|
112
265
|
});
|
|
266
|
+
acme.on('certificate-issued', evt => console.log(`Certificate ready: ${evt.domain}`));
|
|
113
267
|
await acme.start();
|
|
114
|
-
acme.addDomain({
|
|
115
|
-
domainName: 'example.com',
|
|
116
|
-
sslRedirect: true,
|
|
117
|
-
acmeMaintenance: true
|
|
118
|
-
});
|
|
119
268
|
```
|
|
120
269
|
|
|
121
|
-
###
|
|
270
|
+
### NfTablesProxy
|
|
271
|
+
For low-level port forwarding using nftables:
|
|
272
|
+
|
|
122
273
|
```typescript
|
|
123
274
|
import { NfTablesProxy } from '@push.rocks/smartproxy';
|
|
124
275
|
|
|
125
|
-
// Forward port 80→8080 with source IP preservation
|
|
126
276
|
const nft = new NfTablesProxy({
|
|
127
277
|
fromPort: 80,
|
|
128
278
|
toPort: 8080,
|
|
129
279
|
toHost: 'localhost',
|
|
130
|
-
preserveSourceIP: true
|
|
131
|
-
deleteOnExit: true
|
|
280
|
+
preserveSourceIP: true
|
|
132
281
|
});
|
|
133
282
|
await nft.start();
|
|
134
|
-
// ...
|
|
135
|
-
await nft.stop();
|
|
136
283
|
```
|
|
137
284
|
|
|
138
|
-
###
|
|
139
|
-
|
|
140
|
-
import { SmartProxy } from '@push.rocks/smartproxy';
|
|
141
|
-
import { createDomainConfig, httpOnly, tlsTerminateToHttp, httpsPassthrough } from '@push.rocks/smartproxy';
|
|
142
|
-
|
|
143
|
-
const smart = new SmartProxy({
|
|
144
|
-
fromPort: 443,
|
|
145
|
-
toPort: 8443,
|
|
146
|
-
domainConfigs: [
|
|
147
|
-
// HTTPS passthrough example
|
|
148
|
-
createDomainConfig(['example.com', '*.example.com'],
|
|
149
|
-
httpsPassthrough({
|
|
150
|
-
target: {
|
|
151
|
-
host: '127.0.0.1',
|
|
152
|
-
port: 443
|
|
153
|
-
},
|
|
154
|
-
security: {
|
|
155
|
-
allowedIps: ['*']
|
|
156
|
-
}
|
|
157
|
-
})
|
|
158
|
-
),
|
|
159
|
-
// HTTPS termination example
|
|
160
|
-
createDomainConfig('secure.example.com',
|
|
161
|
-
tlsTerminateToHttp({
|
|
162
|
-
target: {
|
|
163
|
-
host: 'localhost',
|
|
164
|
-
port: 3000
|
|
165
|
-
},
|
|
166
|
-
acme: {
|
|
167
|
-
enabled: true,
|
|
168
|
-
production: true
|
|
169
|
-
}
|
|
170
|
-
})
|
|
171
|
-
)
|
|
172
|
-
],
|
|
173
|
-
sniEnabled: true
|
|
174
|
-
});
|
|
175
|
-
smart.on('certificate', evt => console.log(evt));
|
|
176
|
-
await smart.start();
|
|
177
|
-
// Update domains later
|
|
178
|
-
await smart.updateDomainConfigs([/* new configs */]);
|
|
179
|
-
```
|
|
180
|
-
|
|
181
|
-
### 6. SNI Utilities (SniHandler)
|
|
182
|
-
```js
|
|
183
|
-
import { SniHandler } from '@push.rocks/smartproxy';
|
|
285
|
+
### Redirect / SslRedirect
|
|
286
|
+
For HTTP-to-HTTPS redirects:
|
|
184
287
|
|
|
185
|
-
|
|
186
|
-
|
|
288
|
+
```typescript
|
|
289
|
+
import { SslRedirect } from '@push.rocks/smartproxy';
|
|
187
290
|
|
|
188
|
-
//
|
|
189
|
-
const
|
|
291
|
+
// Quick HTTP→HTTPS helper on port 80
|
|
292
|
+
const redirect = new SslRedirect(80);
|
|
293
|
+
await redirect.start();
|
|
190
294
|
```
|
|
191
295
|
|
|
192
296
|
## API Reference
|
|
193
|
-
For full configuration options and type definitions, see the TypeScript interfaces
|
|
194
|
-
- `INetworkProxyOptions` (ts/
|
|
195
|
-
- `IAcmeOptions`, `IDomainOptions
|
|
196
|
-
- `
|
|
197
|
-
- `
|
|
297
|
+
For full configuration options and type definitions, see the TypeScript interfaces:
|
|
298
|
+
- `INetworkProxyOptions` (`ts/proxies/network-proxy/models/types.ts`)
|
|
299
|
+
- `IAcmeOptions`, `IDomainOptions` (`ts/certificate/models/certificate-types.ts`)
|
|
300
|
+
- `IForwardConfig` (`ts/forwarding/config/forwarding-types.ts`)
|
|
301
|
+
- `INfTableProxySettings` (`ts/proxies/nftables-proxy/models/interfaces.ts`)
|
|
302
|
+
- `ISmartProxyOptions`, `IDomainConfig` (`ts/proxies/smart-proxy/models/interfaces.ts`)
|
|
198
303
|
|
|
199
304
|
## Architecture & Flow Diagrams
|
|
200
305
|
|
|
201
|
-
|
|
202
306
|
```mermaid
|
|
203
307
|
flowchart TB
|
|
204
308
|
Client([Client])
|
|
@@ -400,6 +504,9 @@ sequenceDiagram
|
|
|
400
504
|
- SNI Utilities (SniHandler)
|
|
401
505
|
• Robust ClientHello parsing, fragmentation & session resumption support
|
|
402
506
|
|
|
507
|
+
- Core Utilities
|
|
508
|
+
• ValidationUtils and IpUtils for configuration validation and IP management
|
|
509
|
+
|
|
403
510
|
## Certificate Hooks & Events
|
|
404
511
|
|
|
405
512
|
Listen for certificate events via EventEmitter:
|
|
@@ -411,113 +518,285 @@ Listen for certificate events via EventEmitter:
|
|
|
411
518
|
|
|
412
519
|
Provide a `certProvisionFunction(domain)` in SmartProxy settings to supply static certs or return `'http01'`.
|
|
413
520
|
|
|
414
|
-
##
|
|
521
|
+
## SmartProxy: Common Use Cases
|
|
522
|
+
|
|
523
|
+
The SmartProxy component offers a clean, unified approach to handle virtually any proxy scenario.
|
|
524
|
+
|
|
525
|
+
### 1. API Gateway / Backend Routing
|
|
526
|
+
|
|
527
|
+
Create a flexible API gateway to route traffic to different microservices based on domain:
|
|
528
|
+
|
|
529
|
+
```typescript
|
|
530
|
+
import { SmartProxy, createDomainConfig, httpOnly, tlsTerminateToHttp } from '@push.rocks/smartproxy';
|
|
531
|
+
|
|
532
|
+
const apiGateway = new SmartProxy({
|
|
533
|
+
fromPort: 443,
|
|
534
|
+
domainConfigs: [
|
|
535
|
+
// Users API
|
|
536
|
+
createDomainConfig('users.api.example.com', tlsTerminateToHttp({
|
|
537
|
+
target: { host: 'users-service', port: 3000 },
|
|
538
|
+
acme: { enabled: true, production: true }
|
|
539
|
+
})),
|
|
540
|
+
|
|
541
|
+
// Products API
|
|
542
|
+
createDomainConfig('products.api.example.com', tlsTerminateToHttp({
|
|
543
|
+
target: { host: 'products-service', port: 3001 },
|
|
544
|
+
acme: { enabled: true, production: true }
|
|
545
|
+
})),
|
|
546
|
+
|
|
547
|
+
// Admin dashboard gets extra security
|
|
548
|
+
createDomainConfig('admin.example.com', tlsTerminateToHttp({
|
|
549
|
+
target: { host: 'admin-dashboard', port: 8080 },
|
|
550
|
+
security: {
|
|
551
|
+
allowedIps: ['10.0.0.*', '192.168.1.*'] // Only allow internal network
|
|
552
|
+
}
|
|
553
|
+
}))
|
|
554
|
+
],
|
|
555
|
+
sniEnabled: true
|
|
556
|
+
});
|
|
557
|
+
|
|
558
|
+
await apiGateway.start();
|
|
559
|
+
```
|
|
560
|
+
|
|
561
|
+
### 2. Automatic HTTPS for Development
|
|
562
|
+
|
|
563
|
+
Easily add HTTPS to your local development environment with automatic certificates:
|
|
564
|
+
|
|
565
|
+
```typescript
|
|
566
|
+
import { SmartProxy, createDomainConfig, tlsTerminateToHttp } from '@push.rocks/smartproxy';
|
|
567
|
+
|
|
568
|
+
const devProxy = new SmartProxy({
|
|
569
|
+
fromPort: 443,
|
|
570
|
+
domainConfigs: [
|
|
571
|
+
createDomainConfig('dev.local', tlsTerminateToHttp({
|
|
572
|
+
target: { host: 'localhost', port: 3000 },
|
|
573
|
+
// For development, use self-signed or existing certificates
|
|
574
|
+
https: {
|
|
575
|
+
customCert: {
|
|
576
|
+
key: fs.readFileSync('dev-cert.key', 'utf8'),
|
|
577
|
+
cert: fs.readFileSync('dev-cert.pem', 'utf8')
|
|
578
|
+
}
|
|
579
|
+
},
|
|
580
|
+
// Auto-redirect HTTP to HTTPS
|
|
581
|
+
http: {
|
|
582
|
+
enabled: true,
|
|
583
|
+
redirectToHttps: true
|
|
584
|
+
}
|
|
585
|
+
}))
|
|
586
|
+
]
|
|
587
|
+
});
|
|
588
|
+
|
|
589
|
+
await devProxy.start();
|
|
590
|
+
```
|
|
591
|
+
|
|
592
|
+
### 3. Load Balancing Multiple Servers
|
|
593
|
+
|
|
594
|
+
Distribute traffic across multiple backend servers with round-robin load balancing:
|
|
595
|
+
|
|
596
|
+
```typescript
|
|
597
|
+
import { SmartProxy, createDomainConfig, tlsTerminateToHttp } from '@push.rocks/smartproxy';
|
|
598
|
+
|
|
599
|
+
const loadBalancer = new SmartProxy({
|
|
600
|
+
fromPort: 443,
|
|
601
|
+
domainConfigs: [
|
|
602
|
+
createDomainConfig('app.example.com', tlsTerminateToHttp({
|
|
603
|
+
target: {
|
|
604
|
+
// Round-robin across multiple servers
|
|
605
|
+
host: [
|
|
606
|
+
'10.0.0.10',
|
|
607
|
+
'10.0.0.11',
|
|
608
|
+
'10.0.0.12'
|
|
609
|
+
],
|
|
610
|
+
port: 8080
|
|
611
|
+
},
|
|
612
|
+
acme: { enabled: true, production: true }
|
|
613
|
+
}))
|
|
614
|
+
]
|
|
615
|
+
});
|
|
616
|
+
|
|
617
|
+
await loadBalancer.start();
|
|
618
|
+
```
|
|
619
|
+
|
|
620
|
+
### 4. Wildcard Subdomain Handling
|
|
621
|
+
|
|
622
|
+
Support multiple or dynamically created subdomains with one configuration:
|
|
623
|
+
|
|
624
|
+
```typescript
|
|
625
|
+
import { SmartProxy, createDomainConfig, tlsTerminateToHttp } from '@push.rocks/smartproxy';
|
|
626
|
+
|
|
627
|
+
const multiTenantProxy = new SmartProxy({
|
|
628
|
+
fromPort: 443,
|
|
629
|
+
domainConfigs: [
|
|
630
|
+
// Handle all customer subdomains with one config
|
|
631
|
+
createDomainConfig('*.example.com', tlsTerminateToHttp({
|
|
632
|
+
target: { host: 'tenant-router', port: 8080 },
|
|
633
|
+
acme: { enabled: true, production: true },
|
|
634
|
+
// Pass original hostname to backend for tenant identification
|
|
635
|
+
advanced: {
|
|
636
|
+
headers: {
|
|
637
|
+
'X-Original-Host': '{sni}'
|
|
638
|
+
}
|
|
639
|
+
}
|
|
640
|
+
}))
|
|
641
|
+
],
|
|
642
|
+
sniEnabled: true
|
|
643
|
+
});
|
|
644
|
+
|
|
645
|
+
await multiTenantProxy.start();
|
|
646
|
+
```
|
|
647
|
+
|
|
648
|
+
### 5. Comprehensive Proxy Server
|
|
649
|
+
|
|
650
|
+
Create a complete proxy solution with multiple services on a single server:
|
|
651
|
+
|
|
652
|
+
```typescript
|
|
653
|
+
import { SmartProxy, createDomainConfig, httpOnly, tlsTerminateToHttp, tlsTerminateToHttps, httpsPassthrough } from '@push.rocks/smartproxy';
|
|
654
|
+
|
|
655
|
+
const enterpriseProxy = new SmartProxy({
|
|
656
|
+
fromPort: 443,
|
|
657
|
+
domainConfigs: [
|
|
658
|
+
// Web application with automatic HTTPS
|
|
659
|
+
createDomainConfig('app.example.com', tlsTerminateToHttp({
|
|
660
|
+
target: { host: 'web-app', port: 8080 },
|
|
661
|
+
acme: { enabled: true, production: true },
|
|
662
|
+
http: { enabled: true, redirectToHttps: true }
|
|
663
|
+
})),
|
|
664
|
+
|
|
665
|
+
// Legacy system that needs HTTPS passthrough
|
|
666
|
+
createDomainConfig('legacy.example.com', httpsPassthrough({
|
|
667
|
+
target: { host: 'legacy-server', port: 443 }
|
|
668
|
+
})),
|
|
669
|
+
|
|
670
|
+
// Internal APIs with IP restrictions
|
|
671
|
+
createDomainConfig('api.internal.example.com', tlsTerminateToHttp({
|
|
672
|
+
target: { host: 'api-gateway', port: 3000 },
|
|
673
|
+
security: {
|
|
674
|
+
allowedIps: ['10.0.0.0/16', '192.168.0.0/16'],
|
|
675
|
+
maxConnections: 500
|
|
676
|
+
}
|
|
677
|
+
})),
|
|
678
|
+
|
|
679
|
+
// External services with customer certificate
|
|
680
|
+
createDomainConfig('external.example.com', tlsTerminateToHttps({
|
|
681
|
+
target: { host: 'external-service', port: 8443 },
|
|
682
|
+
https: {
|
|
683
|
+
customCert: {
|
|
684
|
+
key: fs.readFileSync('external-key.pem', 'utf8'),
|
|
685
|
+
cert: fs.readFileSync('external-cert.pem', 'utf8')
|
|
686
|
+
}
|
|
687
|
+
}
|
|
688
|
+
}))
|
|
689
|
+
],
|
|
690
|
+
sniEnabled: true,
|
|
691
|
+
// Enable connection timeouts for security
|
|
692
|
+
inactivityTimeout: 30000,
|
|
693
|
+
// Using global certificate management
|
|
694
|
+
acme: {
|
|
695
|
+
enabled: true,
|
|
696
|
+
contactEmail: 'admin@example.com',
|
|
697
|
+
useProduction: true,
|
|
698
|
+
renewThresholdDays: 30
|
|
699
|
+
}
|
|
700
|
+
});
|
|
415
701
|
|
|
416
|
-
|
|
702
|
+
await enterpriseProxy.start();
|
|
703
|
+
```
|
|
417
704
|
|
|
418
|
-
|
|
705
|
+
## Unified Forwarding System Details
|
|
419
706
|
|
|
420
|
-
|
|
707
|
+
SmartProxy's unified forwarding system supports four primary forwarding types:
|
|
421
708
|
|
|
422
709
|
1. **HTTP-only (`http-only`)**: Forwards HTTP traffic to a backend server.
|
|
423
710
|
2. **HTTPS Passthrough (`https-passthrough`)**: Passes through raw TLS traffic without termination (SNI forwarding).
|
|
424
711
|
3. **HTTPS Termination to HTTP (`https-terminate-to-http`)**: Terminates TLS and forwards the decrypted traffic to an HTTP backend.
|
|
425
712
|
4. **HTTPS Termination to HTTPS (`https-terminate-to-https`)**: Terminates TLS and creates a new TLS connection to an HTTPS backend.
|
|
426
713
|
|
|
427
|
-
###
|
|
714
|
+
### Configuration Format
|
|
428
715
|
|
|
429
716
|
Each domain is configured with a forwarding type and target:
|
|
430
717
|
|
|
431
718
|
```typescript
|
|
432
719
|
{
|
|
433
|
-
domains: ['example.com'],
|
|
720
|
+
domains: ['example.com'], // Single domain or array of domains (with wildcard support)
|
|
434
721
|
forwarding: {
|
|
435
|
-
type: 'http-only',
|
|
722
|
+
type: 'http-only', // One of the four forwarding types
|
|
436
723
|
target: {
|
|
437
|
-
host: 'localhost',
|
|
438
|
-
port: 3000
|
|
724
|
+
host: 'localhost', // Backend server (string or array for load balancing)
|
|
725
|
+
port: 3000 // Backend port
|
|
439
726
|
}
|
|
727
|
+
// Additional options as needed
|
|
440
728
|
}
|
|
441
729
|
}
|
|
442
730
|
```
|
|
443
731
|
|
|
444
732
|
### Helper Functions
|
|
445
733
|
|
|
446
|
-
Helper functions
|
|
734
|
+
Helper functions provide a cleaner syntax for creating configurations:
|
|
447
735
|
|
|
448
736
|
```typescript
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
)
|
|
458
|
-
|
|
459
|
-
// HTTPS termination to HTTP
|
|
460
|
-
await domainManager.addDomainConfig(
|
|
461
|
-
createDomainConfig('secure.example.com', tlsTerminateToHttp({
|
|
462
|
-
target: { host: 'localhost', port: 3000 },
|
|
463
|
-
acme: { production: true }
|
|
464
|
-
}))
|
|
465
|
-
);
|
|
466
|
-
|
|
467
|
-
// HTTPS termination to HTTPS
|
|
468
|
-
await domainManager.addDomainConfig(
|
|
469
|
-
createDomainConfig('api.example.com', tlsTerminateToHttps({
|
|
470
|
-
target: { host: 'internal-api', port: 8443 },
|
|
471
|
-
http: { redirectToHttps: true }
|
|
472
|
-
}))
|
|
473
|
-
);
|
|
474
|
-
|
|
475
|
-
// HTTPS passthrough (SNI)
|
|
476
|
-
await domainManager.addDomainConfig(
|
|
477
|
-
createDomainConfig('passthrough.example.com', httpsPassthrough({
|
|
478
|
-
target: { host: '10.0.0.5', port: 443 }
|
|
479
|
-
}))
|
|
480
|
-
);
|
|
737
|
+
// Instead of manually specifying the type and format
|
|
738
|
+
const config = createDomainConfig('example.com', httpOnly({
|
|
739
|
+
target: { host: 'localhost', port: 3000 }
|
|
740
|
+
}));
|
|
741
|
+
|
|
742
|
+
// Available helper functions:
|
|
743
|
+
// - httpOnly() - For HTTP-only traffic
|
|
744
|
+
// - httpsPassthrough() - For SNI-based passthrough
|
|
745
|
+
// - tlsTerminateToHttp() - For HTTPS termination to HTTP
|
|
746
|
+
// - tlsTerminateToHttps() - For HTTPS termination to HTTPS
|
|
481
747
|
```
|
|
482
748
|
|
|
483
|
-
### Advanced Configuration
|
|
749
|
+
### Advanced Configuration Options
|
|
484
750
|
|
|
485
751
|
For more complex scenarios, additional options can be specified:
|
|
486
752
|
|
|
487
753
|
```typescript
|
|
488
|
-
{
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
754
|
+
createDomainConfig('api.example.com', tlsTerminateToHttps({
|
|
755
|
+
// Target configuration with load balancing
|
|
756
|
+
target: {
|
|
757
|
+
host: ['10.0.0.10', '10.0.0.11'], // Round-robin load balancing
|
|
758
|
+
port: 8443
|
|
759
|
+
},
|
|
760
|
+
|
|
761
|
+
// HTTP options
|
|
762
|
+
http: {
|
|
763
|
+
enabled: true, // Listen on HTTP port
|
|
764
|
+
redirectToHttps: true // Automatically redirect to HTTPS
|
|
765
|
+
},
|
|
766
|
+
|
|
767
|
+
// HTTPS/TLS options
|
|
768
|
+
https: {
|
|
769
|
+
customCert: { // Provide your own certificate
|
|
770
|
+
key: '-----BEGIN PRIVATE KEY-----\n...',
|
|
771
|
+
cert: '-----BEGIN CERTIFICATE-----\n...'
|
|
506
772
|
},
|
|
507
|
-
|
|
508
|
-
|
|
509
|
-
|
|
510
|
-
|
|
773
|
+
forwardSni: true // Forward original SNI to backend
|
|
774
|
+
},
|
|
775
|
+
|
|
776
|
+
// Let's Encrypt ACME integration
|
|
777
|
+
acme: {
|
|
778
|
+
enabled: true, // Enable automatic certificates
|
|
779
|
+
production: true, // Use production Let's Encrypt
|
|
780
|
+
maintenance: true // Auto-renew certificates
|
|
781
|
+
},
|
|
782
|
+
|
|
783
|
+
// Security settings
|
|
784
|
+
security: {
|
|
785
|
+
allowedIps: ['10.0.0.*'], // IP allowlist (glob patterns)
|
|
786
|
+
blockedIps: ['1.2.3.4'], // IP blocklist
|
|
787
|
+
maxConnections: 100 // Connection limits
|
|
788
|
+
},
|
|
789
|
+
|
|
790
|
+
// Advanced settings
|
|
791
|
+
advanced: {
|
|
792
|
+
timeout: 30000, // Connection timeout in ms
|
|
793
|
+
headers: { // Custom headers to backend
|
|
794
|
+
'X-Forwarded-For': '{clientIp}',
|
|
795
|
+
'X-Original-Host': '{sni}' // Template variables available
|
|
511
796
|
},
|
|
512
|
-
|
|
513
|
-
timeout: 30000,
|
|
514
|
-
headers: {
|
|
515
|
-
'X-Forwarded-For': '{clientIp}',
|
|
516
|
-
'X-Original-Host': '{sni}'
|
|
517
|
-
}
|
|
518
|
-
}
|
|
797
|
+
keepAlive: true // Keep connections alive
|
|
519
798
|
}
|
|
520
|
-
}
|
|
799
|
+
}))
|
|
521
800
|
```
|
|
522
801
|
|
|
523
802
|
### Extended Configuration Options
|
|
@@ -566,9 +845,9 @@ For more complex scenarios, additional options can be specified:
|
|
|
566
845
|
- `qos`, `netProxyIntegration` (objects)
|
|
567
846
|
|
|
568
847
|
### Redirect / SslRedirect
|
|
569
|
-
- Constructor options: `httpPort`, `httpsPort`, `sslOptions`, `rules` (
|
|
848
|
+
- Constructor options: `httpPort`, `httpsPort`, `sslOptions`, `rules` (IRedirectRule[])
|
|
570
849
|
|
|
571
|
-
### SmartProxy (
|
|
850
|
+
### SmartProxy (ISmartProxyOptions)
|
|
572
851
|
- `fromPort`, `toPort` (number)
|
|
573
852
|
- `domainConfigs` (IDomainConfig[]) - Using unified forwarding configuration
|
|
574
853
|
- `sniEnabled`, `preserveSourceIP` (booleans)
|