@reldens/server-utils 0.37.0 → 0.38.0

package/README.md

@@ -1,6 +1,6 @@
 # Reldens - Server Utils
 
-A Node.js server toolkit providing secure application server creation, file handling, encryption, and file upload capabilities for production-ready applications with modular security configurations.
+A Node.js server toolkit providing secure application server creation, HTTP/2 CDN support, file handling, encryption, and file upload capabilities for production-ready applications with modular security configurations.
 
 [![Reldens - GitHub - Release](https://www.dwdeveloper.com/media/reldens/reldens-mmorpg-platform.png)](https://github.com/damian-pastorini/reldens)
 
@@ -9,12 +9,14 @@ A Node.js server toolkit providing secure application server creation, file hand
 ### AppServerFactory
 - Complete Express.js server configuration with modular security
 - HTTPS/HTTP server creation with SSL certificate management
+- HTTP/2 CDN server with optimized static asset delivery
 - Optimized static asset caching for CSS, JS, fonts, and images
 - SNI (Server Name Indication) support for multi-domain hosting
 - Virtual host management with domain mapping
 - Development mode detection with appropriate configurations
 - CORS configuration with flexible origin management
 - Rate limiting with customizable thresholds
+- Reverse proxy support for routing multiple domains to backend servers
 - Security headers and XSS protection
 - Helmet integration for enhanced security
 - Protocol enforcement (HTTP to HTTPS redirection)
@@ -24,6 +26,18 @@ A Node.js server toolkit providing secure application server creation, file hand
 - Compression middleware with smart filtering
 - Input validation utilities
 
+### Http2CdnServer
+- Dedicated HTTP/2 server for static asset delivery
+- Optimized for serving CSS, JavaScript, images, and fonts
+- Dynamic CORS origin validation with regex pattern support
+- Configurable cache headers per file extension
+- Comprehensive MIME type detection
+- HTTP/1.1 fallback support
+- Security headers (X-Content-Type-Options, X-Frame-Options, Vary)
+- Standalone or integrated with AppServerFactory
+- Multiple static path support
+- Separate SSL certificate support from main server
+
 #### Modular Security Components
 The AppServerFactory now uses specialized security configurers:
 
@@ -31,6 +45,7 @@ The AppServerFactory now uses specialized security configurers:
 - **DevelopmentModeDetector** - Automatic development environment detection
 - **ProtocolEnforcer** - Protocol redirection with development mode awareness
 - **RateLimitConfigurer** - Global and endpoint-specific rate limiting
+- **ReverseProxyConfigurer** - Domain-based reverse proxy with WebSocket support
 - **SecurityConfigurer** - Helmet integration with CSP management and XSS protection
 
 ### FileHandler
@@ -100,6 +115,65 @@ if(serverResult){
 }
 ```
 
+### HTTP/2 CDN Server with Express
+
+Serve your main application through Express on port 443, and static assets through HTTP/2 CDN on port 8443:
+
+```javascript
+let appServerFactory = new AppServerFactory();
+let serverResult = appServerFactory.createAppServer({
+    port: 443,
+    useHttps: true,
+    keyPath: '/ssl/main-server.key',
+    certPath: '/ssl/main-server.crt',
+    http2CdnEnabled: true,
+    http2CdnPort: 8443,
+    http2CdnKeyPath: '/ssl/cdn-server.key',
+    http2CdnCertPath: '/ssl/cdn-server.crt',
+    http2CdnStaticPaths: ['/var/www/public'],
+    http2CdnCorsOrigins: [
+        'https://example.com',
+        /^https:\/\/(www\.)?example\.(com|net)$/
+    ],
+    autoListen: true
+});
+
+if(serverResult){
+    let { app, appServer, http2CdnServer } = serverResult;
+    console.log('Express server on port 443');
+    console.log('HTTP/2 CDN server on port 8443');
+}
+```
+
+**Note:** If `http2CdnKeyPath` and `http2CdnCertPath` are not specified, the CDN server will use the same certificates as the main server (`keyPath` and `certPath`).
+
+Browser usage:
+```html
+<link rel="stylesheet" href="https://cdn.example.com:8443/css/style.css">
+<script src="https://cdn.example.com:8443/js/app.js"></script>
+```
+
+### Standalone HTTP/2 CDN Server
+
+```javascript
+const { Http2CdnServer } = require('@reldens/server-utils');
+
+let cdnServer = new Http2CdnServer();
+cdnServer.port = 8443;
+cdnServer.keyPath = '/ssl/cdn.key';
+cdnServer.certPath = '/ssl/cdn.crt';
+cdnServer.staticPaths = ['/var/www/public', '/var/www/assets'];
+cdnServer.corsOrigins = [
+    'https://main-site.com',
+    /^https:\/\/(new\.)?((site1|site2)\.(com|net))$/
+];
+
+if(cdnServer.create()){
+    cdnServer.listen();
+    console.log('HTTP/2 CDN running on port 8443');
+}
+```
+
 ### HTTPS Server with Optimized Caching
 
 ```javascript
@@ -206,6 +280,56 @@ app.post('/upload', uploader, (req, res) => {
 
 ## Advanced Configuration
 
+### HTTP/2 CDN with Separate Certificates
+
+Configure separate SSL certificates for your CDN server:
+
+```javascript
+let appServerFactory = new AppServerFactory();
+let serverResult = appServerFactory.createAppServer({
+    useHttps: true,
+    port: 443,
+    keyPath: '/ssl/app-server.key',
+    certPath: '/ssl/app-server.crt',
+    http2CdnEnabled: true,
+    http2CdnPort: 8443,
+    http2CdnKeyPath: '/ssl/cdn-server.key',
+    http2CdnCertPath: '/ssl/cdn-server.crt',
+    http2CdnHttpsChain: '/ssl/cdn-chain.pem',
+    http2CdnStaticPaths: ['/var/www/public'],
+    http2CdnCorsOrigins: [
+        'https://main-site.com',
+        'https://app.main-site.com',
+        /^https:\/\/(new\.)?main-site\.(com|net)$/
+    ],
+    http2CdnCacheConfig: {
+        '.css': 31536000,
+        '.js': 31536000,
+        '.woff2': 31536000,
+        '.png': 2592000
+    }
+});
+```
+
+### HTTP/2 CDN with Multiple Origins
+
+The HTTP/2 CDN server supports multiple origin validation methods:
+
+```javascript
+let appServerFactory = new AppServerFactory();
+let serverResult = appServerFactory.createAppServer({
+    http2CdnEnabled: true,
+    http2CdnPort: 8443,
+    http2CdnStaticPaths: ['/var/www/public'],
+    http2CdnCorsOrigins: [
+        'https://main-site.com',
+        'https://app.main-site.com',
+        /^https:\/\/(new\.)?main-site\.(com|net)$/,
+        /^https:\/\/(app|admin)\.secondary-site\.com$/
+    ]
+});
+```
+
 ### HTTPS Server with Multiple Domains
 
 ```javascript
@@ -350,6 +474,68 @@ let serverResult = appServerFactory.createAppServer({
 });
 ```
 
+### Reverse Proxy Configuration
+
+Route multiple domains to different backend servers through a single SSL-enabled entry point:
+
+```javascript
+let appServerFactory = new AppServerFactory();
+
+let serverResult = appServerFactory.createAppServer({
+    port: 443,
+    useHttps: true,
+    useVirtualHosts: true,
+    keyPath: '/ssl/server.key',
+    certPath: '/ssl/server.crt',
+    reverseProxyEnabled: true,
+    reverseProxyRules: [
+        {
+            hostname: 'demo.reldens.com',
+            target: 'https://localhost:8444',
+            pathPrefix: '/',
+            websocket: true,
+            secure: false
+        },
+        {
+            hostname: 'api.example.com',
+            target: 'https://localhost:8445',
+            pathPrefix: '/',
+            websocket: false
+        }
+    ],
+    autoListen: true
+});
+```
+
+#### Reverse Proxy Features
+
+- Multiple backend routing with independent configuration per domain
+- WebSocket support for real-time applications
+- SSL termination at entry point
+- Header preservation (X-Forwarded-For, X-Forwarded-Proto, X-Forwarded-Host)
+- Virtual host integration
+- Path-based routing
+- Graceful error handling
+
+#### Rule Properties
+
+- `hostname` (string, required) - Domain to match
+- `target` (string, required) - Backend URL
+- `pathPrefix` (string, optional) - Path prefix, default: '/'
+- `websocket` (boolean, optional) - Enable WebSocket, default: true
+- `changeOrigin` (boolean, optional) - Change origin header, default: true
+- `secure` (boolean, optional) - Verify SSL certificates, default: false
+- `logLevel` (string, optional) - 'debug', 'info', 'warn', 'error', 'silent'
+
+#### Example: Multiple Game Servers
+
+```javascript
+reverseProxyRules: [
+    { hostname: 'demo.game.com', target: 'https://localhost:8444', websocket: true },
+    { hostname: 'staging.game.com', target: 'https://localhost:8445', websocket: true }
+]
+```
+
 ## API Reference
 
 ### AppServerFactory Methods
@@ -365,6 +551,47 @@ let serverResult = appServerFactory.createAppServer({
 - `listen(port)` - Starts server listening
 - `close()` - Gracefully closes server
 
+### AppServerFactory HTTP/2 CDN Configuration
+
+- `http2CdnEnabled` - Enable HTTP/2 CDN server (default: false)
+- `http2CdnPort` - HTTP/2 CDN port (default: 8443)
+- `http2CdnKeyPath` - CDN SSL private key path (falls back to `keyPath`)
+- `http2CdnCertPath` - CDN SSL certificate path (falls back to `certPath`)
+- `http2CdnHttpsChain` - CDN certificate chain path (falls back to `httpsChain`)
+- `http2CdnStaticPaths` - Paths to serve from CDN (default: [])
+- `http2CdnCorsOrigins` - Allowed CORS origins for CDN (default: [])
+- `http2CdnCorsAllowAll` - Allow all origins (default: false)
+- `http2CdnMimeTypes` - Override default MIME types (default: {})
+- `http2CdnCacheConfig` - Override default cache config (default: {})
+
+### AppServerFactory Reverse Proxy Configuration
+
+- `reverseProxyEnabled` - Enable reverse proxy (default: false)
+- `reverseProxyRules` - Array of proxy rules (default: [])
+
+### Http2CdnServer Methods
+
+- `create()` - Creates HTTP/2 secure server
+- `listen()` - Starts listening on configured port
+- `close()` - Gracefully closes HTTP/2 server
+
+### Http2CdnServer Configuration
+
+- `port` - Server port (default: 8443)
+- `keyPath` - SSL private key path
+- `certPath` - SSL certificate path
+- `httpsChain` - Certificate chain path (optional)
+- `staticPaths` - Array of static file directories
+- `cacheConfig` - Cache max-age per extension
+- `allowHTTP1` - Allow HTTP/1.1 fallback (default: true)
+- `corsOrigins` - Array of allowed origins (strings or RegExp)
+- `corsAllowAll` - Allow all origins (default: false)
+- `corsMethods` - Allowed HTTP methods (default: 'GET, OPTIONS')
+- `corsHeaders` - Allowed request headers (default: 'Content-Type')
+- `securityHeaders` - Custom security headers
+- `varyHeader` - Vary header value (default: 'Accept-Encoding, Origin')
+- `mimeTypes` - MIME type mappings
+
 ### FileHandler Methods
 
 - `exists(path)` - Checks if file or folder exists
@@ -386,11 +613,11 @@ let serverResult = appServerFactory.createAppServer({
 - `generateSecureFilename(originalName)` - Generates cryptographically secure filename
 - `quarantineFile(path, reason)` - Moves file to quarantine folder
 - `createTempFile(prefix, extension)` - Creates a temporary file path
-- `moveFile(from, to)` - Moves file to new location
+- `moveFile(from, to)` - Moves a file to new location
 - `getFileSize(path)` - Gets file size in bytes
 - `compareFiles(file1, file2)` - Compares file contents
-- `getRelativePath(from, to)` - Calculates relative path
-- `walkDirectory(path, callback)` - Recursively processes directory tree
+- `getRelativePath(from, to)` - Calculates a relative path
+- `walkDirectory(path, callback)` - Recursively processes a directory tree
 - `getDirectorySize(path)` - Calculates total directory size
 - `emptyDirectory(path)` - Removes all contents from directory
 
@@ -430,6 +657,9 @@ Configurable rate limiting with development mode detection for appropriate thres
 ### HTTPS Support
 Full SSL/TLS support with SNI for multi-domain hosting and automatic certificate management.
 
+### HTTP/2 CDN Security
+The HTTP/2 CDN server includes security headers, CORS validation with pattern matching, and query string stripping to prevent cache poisoning.
+
 ### Input Validation
 Built-in validators for common input types including email, username, strong passwords, alphanumeric strings, and IP addresses.
 

package/index.js

@@ -8,10 +8,18 @@ const { FileHandler } = require('./lib/file-handler');
 const { AppServerFactory } = require('./lib/app-server-factory');
 const { UploaderFactory } = require('./lib/uploader-factory');
 const { Encryptor } = require('./lib/encryptor');
+const { Http2CdnServer } = require('./lib/http2-cdn-server');
+const { ServerDefaultConfigurations } = require('./lib/server-default-configurations');
+const { ServerFactoryUtils } = require('./lib/server-factory-utils');
+const { ServerHeaders } = require('./lib/server-headers');
 
 module.exports = {
     FileHandler,
     AppServerFactory,
     UploaderFactory,
-    Encryptor
+    Encryptor,
+    Http2CdnServer,
+    ServerDefaultConfigurations,
+    ServerFactoryUtils,
+    ServerHeaders
 };

package/lib/app-server-factory/reverse-proxy-configurer.js

@@ -0,0 +1,132 @@
+/**
+ *
+ * Reldens - ReverseProxyConfigurer
+ *
+ */
+
+const { createProxyMiddleware } = require('http-proxy-middleware');
+const { ServerHeaders } = require('../server-headers');
+
+class ReverseProxyConfigurer
+{
+
+    constructor()
+    {
+        this.isDevelopmentMode = false;
+        this.useVirtualHosts = false;
+        this.reverseProxyRules = [];
+        this.reverseProxyOptions = {
+            changeOrigin: true,
+            ws: true,
+            secure: false,
+            logLevel: 'warn'
+        };
+        this.serverHeaders = new ServerHeaders();
+    }
+
+    setup(app, config)
+    {
+        this.isDevelopmentMode = config.isDevelopmentMode || false;
+        this.useVirtualHosts = config.useVirtualHosts || false;
+        this.reverseProxyRules = config.reverseProxyRules || [];
+        this.reverseProxyOptions = config.reverseProxyOptions || this.reverseProxyOptions;
+        if(0 === this.reverseProxyRules.length){
+            return;
+        }
+        this.applyRules(app);
+    }
+
+    applyRules(app)
+    {
+        for(let rule of this.reverseProxyRules){
+            if(!this.validateProxyRule(rule)){
+                continue;
+            }
+            let proxyMiddleware = this.createProxyMiddleware(rule);
+            if(!proxyMiddleware){
+                continue;
+            }
+            let pathPrefix = rule.pathPrefix || '/';
+            if(this.useVirtualHosts){
+                app.use(pathPrefix, (req, res, next) => {
+                    let hostname = this.extractHostname(req);
+                    if(hostname !== rule.hostname){
+                        return next();
+                    }
+                    return proxyMiddleware(req, res, next);
+                });
+                continue;
+            }
+            app.use(pathPrefix, proxyMiddleware);
+        }
+    }
+
+    extractHostname(req)
+    {
+        if(req.domain && req.domain.hostname){
+            return req.domain.hostname;
+        }
+        let host = req.get('host') || '';
+        return host.split(':')[0].toLowerCase();
+    }
+
+    validateProxyRule(rule)
+    {
+        if(!rule){
+            return false;
+        }
+        if(!rule.hostname){
+            return false;
+        }
+        if(!rule.target){
+            return false;
+        }
+        return true;
+    }
+
+    createProxyMiddleware(rule)
+    {
+        let options = Object.assign({}, this.reverseProxyOptions);
+        if('boolean' === typeof rule.changeOrigin){
+            options.changeOrigin = rule.changeOrigin;
+        }
+        if('boolean' === typeof rule.websocket){
+            options.ws = rule.websocket;
+        }
+        if('boolean' === typeof rule.secure){
+            options.secure = rule.secure;
+        }
+        if('string' === typeof rule.logLevel){
+            options.logLevel = rule.logLevel;
+        }
+        options.target = rule.target;
+        options.onError = this.handleProxyError.bind(this);
+        options.onProxyReq = (proxyReq, req) => {
+            if(req.headers['x-forwarded-for']){
+                return;
+            }
+            let clientIp = req.ip || req.connection.remoteAddress || '';
+            proxyReq.setHeader(this.serverHeaders.proxyForwardedFor, clientIp);
+            proxyReq.setHeader(this.serverHeaders.proxyForwardedProto, req.protocol);
+            proxyReq.setHeader(this.serverHeaders.proxyForwardedHost, req.get('host') || '');
+        };
+        return createProxyMiddleware(options);
+    }
+
+    handleProxyError(err, req, res)
+    {
+        if(res.headersSent){
+            return;
+        }
+        if('ECONNREFUSED' === err.code){
+            return res.status(502).send('Bad Gateway - Backend server unavailable');
+        }
+        if('ETIMEDOUT' === err.code || 'ESOCKETTIMEDOUT' === err.code){
+            return res.status(504).send('Gateway Timeout');
+        }
+        return res.status(500).send('Proxy Error');
+    }
+
+}
+
+module.exports.ReverseProxyConfigurer = ReverseProxyConfigurer;

package/lib/app-server-factory.js

@@ -5,10 +5,15 @@
  */
 
 const { FileHandler } = require('./file-handler');
+const { Http2CdnServer } = require('./http2-cdn-server');
+const { ServerDefaultConfigurations } = require('./server-default-configurations');
+const { ServerFactoryUtils } = require('./server-factory-utils');
+const { ServerHeaders } = require('./server-headers');
 const { DevelopmentModeDetector } = require('./app-server-factory/development-mode-detector');
 const { ProtocolEnforcer } = require('./app-server-factory/protocol-enforcer');
 const { SecurityConfigurer } = require('./app-server-factory/security-configurer');
 const { CorsConfigurer } = require('./app-server-factory/cors-configurer');
+const { ReverseProxyConfigurer } = require('./app-server-factory/reverse-proxy-configurer');
 const { RateLimitConfigurer } = require('./app-server-factory/rate-limit-configurer');
 const http = require('http');
 const https = require('https');
@@ -61,21 +66,8 @@ class AppServerFactory
         this.defaultDomain = '';
         this.maxRequestSize = '10mb';
         this.sanitizeOptions = {allowedTags: [], allowedAttributes: {}};
-        this.cacheConfig = {
-            '.css': 31536000,
-            '.js': 31536000,
-            '.woff': 31536000,
-            '.woff2': 31536000,
-            '.ttf': 31536000,
-            '.eot': 31536000,
-            '.jpg': 2592000,
-            '.jpeg': 2592000,
-            '.png': 2592000,
-            '.gif': 2592000,
-            '.webp': 2592000,
-            '.svg': 2592000,
-            '.ico': 2592000
-        };
+        this.cacheConfig = ServerDefaultConfigurations.cacheConfig;
+        this.serverHeaders = new ServerHeaders();
         this.staticOptions = {
             maxAge: '1d',
             immutable: false,
@@ -98,6 +90,7 @@ class AppServerFactory
         this.securityConfigurer = new SecurityConfigurer();
         this.corsConfigurer = new CorsConfigurer();
         this.rateLimitConfigurer = new RateLimitConfigurer();
+        this.reverseProxyConfigurer = new ReverseProxyConfigurer();
         this.useCompression = true;
         this.compressionOptions = {
             level: 6,
@@ -109,28 +102,32 @@ class AppServerFactory
                 return compression.filter(req, res);
             }
         };
+        this.http2CdnEnabled = false;
+        this.http2CdnPort = 8443;
+        this.http2CdnKeyPath = '';
+        this.http2CdnCertPath = '';
+        this.http2CdnHttpsChain = '';
+        this.http2CdnStaticPaths = [];
+        this.http2CdnCorsOrigins = [];
+        this.http2CdnCorsAllowAll = false;
+        this.http2CdnMimeTypes = {};
+        this.http2CdnCacheConfig = {};
+        this.http2CdnServer = false;
+        this.reverseProxyEnabled = false;
+        this.reverseProxyRules = [];
     }
 
     buildStaticHeaders(res, path)
     {
-        res.set('X-Content-Type-Options', 'nosniff');
-        res.set('X-Frame-Options', 'DENY');
-        res.set('Vary', 'Accept-Encoding');
-        let cacheMaxAge = this.getCacheConfigForPath(path);
-        if(cacheMaxAge){
-            res.set('Cache-Control', 'public, max-age='+cacheMaxAge+', immutable');
+        let securityHeaderKeys = Object.keys(this.serverHeaders.expressSecurityHeaders);
+        for(let headerKey of securityHeaderKeys){
+            res.set(headerKey, this.serverHeaders.expressSecurityHeaders[headerKey]);
         }
-    }
-
-    getCacheConfigForPath(path)
-    {
-        let cacheKeys = Object.keys(this.cacheConfig);
-        for(let ext of cacheKeys){
-            if(path.endsWith(ext)){
-                return this.cacheConfig[ext];
-            }
+        res.set('Vary', this.serverHeaders.expressVaryHeader);
+        let cacheMaxAge = ServerFactoryUtils.getCacheConfigForPath(path, this.cacheConfig);
+        if(cacheMaxAge){
+            res.set('Cache-Control', this.serverHeaders.buildCacheControlHeader(cacheMaxAge));
         }
-        return false;
     }
 
     createAppServer(appServerConfig)
@@ -148,6 +145,7 @@ class AppServerFactory
         this.setupCors();
         this.setupRateLimiting();
         this.setupRequestParsing();
+        this.setupReverseProxy();
         this.setupTrustedProxy();
         try {
             this.appServer = this.createServer();
@@ -157,14 +155,48 @@ class AppServerFactory
         }
         if(!this.appServer){
             if(!this.error.message){
-                this.error = {message: 'The createServer() returned false - check certificate paths and permissions'};
+                this.error = {message: 'The createServer() returned false - check certificate paths and permissions.'};
             }
             return false;
         }
+        if(this.http2CdnEnabled){
+            if(!this.createHttp2CdnServer()){
+                this.error = {message: 'The createHttp2CdnServer() returned false.'};
+                return false;
+            }
+        }
         if(this.autoListen){
             this.listen();
         }
-        return {app: this.app, appServer: this.appServer};
+        return {app: this.app, appServer: this.appServer, http2CdnServer: this.http2CdnServer};
+    }
+
+    createHttp2CdnServer()
+    {
+        this.http2CdnServer = new Http2CdnServer();
+        this.http2CdnServer.enabled = this.http2CdnEnabled;
+        this.http2CdnServer.port = this.http2CdnPort;
+        this.http2CdnServer.keyPath = this.http2CdnKeyPath || this.keyPath;
+        this.http2CdnServer.certPath = this.http2CdnCertPath || this.certPath;
+        this.http2CdnServer.httpsChain = this.http2CdnHttpsChain || this.httpsChain;
+        this.http2CdnServer.staticPaths = this.http2CdnStaticPaths;
+        this.http2CdnServer.cacheConfig = this.http2CdnCacheConfig && 0 < Object.keys(this.http2CdnCacheConfig).length
+            ? this.http2CdnCacheConfig
+            : this.cacheConfig;
+        if(this.http2CdnMimeTypes && 0 < Object.keys(this.http2CdnMimeTypes).length){
+            this.http2CdnServer.mimeTypes = this.http2CdnMimeTypes;
+        }
+        this.http2CdnServer.corsOrigins = this.http2CdnCorsOrigins;
+        this.http2CdnServer.corsAllowAll = this.http2CdnCorsAllowAll;
+        if(!this.http2CdnServer.create()){
+            this.error = this.http2CdnServer.error;
+            return false;
+        }
+        if(!this.http2CdnServer.listen()){
+            this.error = this.http2CdnServer.error;
+            return false;
+        }
+        return true;
     }
 
     extractDomainFromHttpUrl(url)
@@ -209,12 +241,14 @@ class AppServerFactory
         }
         this.staticOptions.immutable = false;
         this.staticOptions.setHeaders = (res, path) => {
-            res.set('X-Content-Type-Options', 'nosniff');
-            res.set('X-Frame-Options', 'SAMEORIGIN');
-            res.set('Cache-Control', 'no-cache, no-store, must-revalidate');
-            res.set('Pragma', 'no-cache');
-            res.set('Expires', '0');
-            res.set('Vary', 'Accept-Encoding');
+            let securityHeaderKeys = Object.keys(this.serverHeaders.expressSecurityHeaders);
+            for(let headerKey of securityHeaderKeys){
+                res.set(headerKey, this.serverHeaders.expressSecurityHeaders[headerKey]);
+            }
+            res.set('Cache-Control', this.serverHeaders.expressCacheControlNoCache);
+            res.set('Pragma', this.serverHeaders.expressPragma);
+            res.set('Expires', this.serverHeaders.expressExpires);
+            res.set('Vary', this.serverHeaders.expressVaryHeader);
         };
     }
 
@@ -308,6 +342,18 @@ class AppServerFactory
         }
     }
 
+    setupReverseProxy()
+    {
+        if(!this.reverseProxyEnabled || 0 === this.reverseProxyRules.length){
+            return;
+        }
+        this.reverseProxyConfigurer.setup(this.app, {
+            reverseProxyRules: this.reverseProxyRules,
+            isDevelopmentMode: this.isDevelopmentMode,
+            useVirtualHosts: this.useVirtualHosts
+        });
+    }
+
     setupTrustedProxy()
     {
         if('' !== this.trustedProxy){
@@ -545,6 +591,9 @@ class AppServerFactory
 
     async close()
     {
+        if(this.http2CdnServer){
+            await this.http2CdnServer.close();
+        }
         if(!this.appServer){
             return true;
         }

package/lib/http2-cdn-server.js

@@ -0,0 +1,161 @@
+/**
+ *
+ * Reldens - Http2CdnServer
+ *
+ */
+
+const http2 = require('http2');
+const path = require('path');
+const { FileHandler } = require('./file-handler');
+const { ServerDefaultConfigurations } = require('./server-default-configurations');
+const { ServerFactoryUtils } = require('./server-factory-utils');
+const { ServerHeaders } = require('./server-headers');
+
+class Http2CdnServer
+{
+
+    constructor()
+    {
+        this.enabled = false;
+        this.port = 8443;
+        this.keyPath = '';
+        this.certPath = '';
+        this.httpsChain = '';
+        this.staticPaths = [];
+        this.cacheConfig = ServerDefaultConfigurations.cacheConfig;
+        this.allowHTTP1 = true;
+        this.http2Server = false;
+        this.error = {};
+        this.mimeTypes = ServerDefaultConfigurations.mimeTypes;
+        this.corsOrigins = [];
+        this.corsAllowAll = false;
+        this.serverHeaders = new ServerHeaders();
+        this.corsMethods = this.serverHeaders.http2CorsMethods;
+        this.corsHeaders = this.serverHeaders.http2CorsHeaders;
+        this.securityHeaders = this.serverHeaders.http2SecurityHeaders;
+        this.varyHeader = this.serverHeaders.http2VaryHeader;
+    }
+
+    create()
+    {
+        if(!this.keyPath || !this.certPath){
+            this.error = {message: 'Missing SSL certificates'};
+            return false;
+        }
+        let key = FileHandler.readFile(this.keyPath);
+        if(!key){
+            this.error = {message: 'Could not read key from: '+this.keyPath};
+            return false;
+        }
+        let cert = FileHandler.readFile(this.certPath);
+        if(!cert){
+            this.error = {message: 'Could not read cert from: '+this.certPath};
+            return false;
+        }
+        let options = {key, cert, allowHTTP1: this.allowHTTP1};
+        if(this.httpsChain){
+            let ca = FileHandler.readFile(this.httpsChain);
+            if(ca){
+                options.ca = ca;
+            }
+        }
+        this.http2Server = http2.createSecureServer(options);
+        this.setupStreamHandler();
+        return true;
+    }
+
+    setupStreamHandler()
+    {
+        this.http2Server.on('stream', (stream, headers) => {
+            this.handleStream(stream, headers);
+        });
+    }
+
+    handleStream(stream, headers)
+    {
+        let requestPath = headers[':path'];
+        if(!requestPath){
+            stream.respond({':status': 400});
+            stream.end();
+            return;
+        }
+        let requestOrigin = headers['origin'] || '';
+        let allowedOrigin = ServerFactoryUtils.validateOrigin(requestOrigin, this.corsOrigins, this.corsAllowAll);
+        if('OPTIONS' === headers[':method']){
+            let optionsHeaders = {':status': 200};
+            if(allowedOrigin){
+                optionsHeaders['access-control-allow-origin'] = allowedOrigin;
+            }
+            optionsHeaders['access-control-allow-methods'] = this.corsMethods;
+            optionsHeaders['access-control-allow-headers'] = this.corsHeaders;
+            stream.respond(optionsHeaders);
+            stream.end();
+            return;
+        }
+        let filePath = this.resolveFilePath(requestPath);
+        if(!filePath){
+            stream.respond({':status': 404});
+            stream.end();
+            return;
+        }
+        let ext = path.extname(filePath);
+        let cacheAge = ServerFactoryUtils.getCacheConfigForPath(filePath, this.cacheConfig);
+        let responseHeaders = {':status': 200};
+        let securityKeys = Object.keys(this.securityHeaders);
+        for(let headerKey of securityKeys){
+            responseHeaders[headerKey] = this.securityHeaders[headerKey];
+        }
+        if(allowedOrigin){
+            responseHeaders['access-control-allow-origin'] = allowedOrigin;
+        }
+        if(this.varyHeader){
+            responseHeaders['vary'] = this.varyHeader;
+        }
+        if(cacheAge){
+            responseHeaders['cache-control'] = 'public, max-age='+cacheAge+', immutable';
+        }
+        if(this.mimeTypes[ext]){
+            responseHeaders['content-type'] = this.mimeTypes[ext];
+        }
+        stream.respondWithFile(filePath, responseHeaders);
+    }
+
+    resolveFilePath(requestPath)
+    {
+        let cleanPath = ServerFactoryUtils.stripQueryString(requestPath);
+        for(let staticPath of this.staticPaths){
+            let fullPath = path.join(staticPath, cleanPath);
+            if(!FileHandler.exists(fullPath)){
+                continue;
+            }
+            if(!FileHandler.isFile(fullPath)){
+                continue;
+            }
+            return fullPath;
+        }
+        return false;
+    }
+
+    listen()
+    {
+        if(!this.http2Server){
+            this.error = {message: 'HTTP2 server not created'};
+            return false;
+        }
+        this.http2Server.listen(this.port);
+        return true;
+    }
+
+    async close()
+    {
+        if(!this.http2Server){
+            return true;
+        }
+        return new Promise((resolve) => {
+            this.http2Server.close(() => resolve(true));
+        });
+    }
+
+}
+
+module.exports.Http2CdnServer = Http2CdnServer;

package/lib/server-default-configurations.js

@@ -0,0 +1,57 @@
+/**
+ *
+ * Reldens - ServerDefaultConfigurations
+ *
+ */
+
+class ServerDefaultConfigurations
+{
+
+    static get mimeTypes()
+    {
+        return {
+            '.html': 'text/html',
+            '.css': 'text/css',
+            '.js': 'application/javascript',
+            '.json': 'application/json',
+            '.xml': 'application/xml',
+            '.txt': 'text/plain',
+            '.jpg': 'image/jpeg',
+            '.jpeg': 'image/jpeg',
+            '.png': 'image/png',
+            '.gif': 'image/gif',
+            '.webp': 'image/webp',
+            '.svg': 'image/svg+xml',
+            '.ico': 'image/x-icon',
+            '.woff': 'font/woff',
+            '.woff2': 'font/woff2',
+            '.ttf': 'font/ttf',
+            '.eot': 'application/vnd.ms-fontobject',
+            '.webmanifest': 'application/manifest+json'
+        };
+    }
+
+    static get cacheConfig()
+    {
+        return {
+            '.css': 31536000,
+            '.js': 31536000,
+            '.woff': 31536000,
+            '.woff2': 31536000,
+            '.ttf': 31536000,
+            '.eot': 31536000,
+            '.jpg': 2592000,
+            '.jpeg': 2592000,
+            '.png': 2592000,
+            '.gif': 2592000,
+            '.webp': 2592000,
+            '.svg': 2592000,
+            '.ico': 2592000,
+            '.xml': 31536000,
+            '.webmanifest': 31536000
+        };
+    }
+
+}
+
+module.exports.ServerDefaultConfigurations = ServerDefaultConfigurations;

package/lib/server-factory-utils.js

@@ -0,0 +1,56 @@
+/**
+ *
+ * Reldens - ServerFactoryUtils
+ *
+ */
+
+class ServerFactoryUtils
+{
+
+    static getCacheConfigForPath(path, cacheConfig)
+    {
+        if(!cacheConfig){
+            return false;
+        }
+        let cacheKeys = Object.keys(cacheConfig);
+        for(let ext of cacheKeys){
+            if(path.endsWith(ext)){
+                return cacheConfig[ext];
+            }
+        }
+        return false;
+    }
+
+    static validateOrigin(origin, corsOrigins, corsAllowAll)
+    {
+        if(corsAllowAll){
+            return '*';
+        }
+        if(!origin){
+            return false;
+        }
+        if(0 === corsOrigins.length){
+            return false;
+        }
+        for(let allowedOrigin of corsOrigins){
+            if('string' === typeof allowedOrigin && origin === allowedOrigin){
+                return origin;
+            }
+            if(allowedOrigin instanceof RegExp && allowedOrigin.test(origin)){
+                return origin;
+            }
+        }
+        return false;
+    }
+
+    static stripQueryString(url)
+    {
+        if(!url){
+            return '';
+        }
+        return url.split('?')[0];
+    }
+
+}
+
+module.exports.ServerFactoryUtils = ServerFactoryUtils;

package/lib/server-headers.js

@@ -0,0 +1,40 @@
+/**
+ *
+ * Reldens - ServerHeaders
+ *
+ */
+
+class ServerHeaders
+{
+
+    constructor()
+    {
+        this.http2SecurityHeaders = {
+            'x-content-type-options': 'nosniff',
+            'x-frame-options': 'DENY'
+        };
+        this.http2VaryHeader = 'Accept-Encoding, Origin';
+        this.http2CorsMethods = 'GET, OPTIONS';
+        this.http2CorsHeaders = 'Content-Type';
+        this.expressSecurityHeaders = {
+            'X-Content-Type-Options': 'nosniff',
+            'X-Frame-Options': 'DENY'
+        };
+        this.expressVaryHeader = 'Accept-Encoding';
+        this.expressCacheControlNoCache = 'no-cache, no-store, must-revalidate';
+        this.expressCacheControlPublic = 'public, max-age={maxAge}, immutable';
+        this.expressPragma = 'no-cache';
+        this.expressExpires = '0';
+        this.proxyForwardedFor = 'X-Forwarded-For';
+        this.proxyForwardedProto = 'X-Forwarded-Proto';
+        this.proxyForwardedHost = 'X-Forwarded-Host';
+    }
+
+    buildCacheControlHeader(maxAge)
+    {
+        return this.expressCacheControlPublic.replace('{maxAge}', maxAge);
+    }
+
+}
+
+module.exports.ServerHeaders = ServerHeaders;

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@reldens/server-utils",
     "scope": "@reldens",
-    "version": "0.37.0",
+    "version": "0.38.0",
     "description": "Reldens - Server Utils",
     "author": "Damian A. Pastorini",
     "license": "MIT",
@@ -43,6 +43,7 @@
         "express-rate-limit": "8.1.0",
         "express-session": "1.18.2",
         "helmet": "8.1.0",
+        "http-proxy-middleware": "^3.0.5",
         "multer": "2.0.2",
         "sanitize-html": "2.17.0"
     }