redbird icon indicating copy to clipboard operation
redbird copied to clipboard
verified publisher icon OptimalBits

DEPTH_ZERO_SELF_SIGNED_CERT Error

Open mvictoras opened this issue 9 years ago • 8 comments

I have a docker image that uses a self-signed certificate (https). mycert certificates bellow are real and not self-signed. Only the certificate inside the docker image is self-signed.

var proxy = require('redbird')({
    port: 80,
    ssl: {
            port: 443,
            key: "./certs/mycert.key",
            cert: "./certs/mycert.crt",

    }
});

proxy.register("localhost, "https://localhost:3000", {ssl: true});

When I access https://localhost on my browser I get DEPTH_ZERO_SELF_SIGNED_CERT

I tried process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; but that didn't work either.

Any ideas?

mvictoras avatar Feb 01 '17 00:02 mvictoras

I have no idea. Have you tried newer/older versions of node?

manast avatar Feb 01 '17 06:02 manast

Hi,

I was having the same issue, I'm reverse proxying to an internal server that uses a self signed certificate.

The way I go around this is in proxy.js function setupHttpsProxy

change -> proxy.web(req, res, { target: target}) to -> proxy.web(req, res, { target: target, secure:false });

Because the proxy server itself has a valid cert, and I'm proxying to a server I trust, I believe this should be fine. But instead of me having to hard code this in, maybe an option in the register might be nicer.

KpjComp avatar May 19 '17 10:05 KpjComp

@KpjComp i'm having the same issue; the upstream server has a self-signed cert and i'm presented with the same error "DEPTH_ZERO_SELF_SIGNED_CERT"

I tried the modification you made but this didn't improve my situation; do you have another suggestion as a workaround?

Would be great to have the ability to set this "secure: false" option on a per-proxy basis.

b3nz0 avatar Jun 11 '17 16:06 b3nz0

Ignore me; i'd modified the wrong part of proxy.js !!

Workaround works a charm. Thanks.

b3nz0 avatar Jun 11 '17 16:06 b3nz0

@manast , any chance of having this put in as an option to the register function?

@b3nz0 glad that worked for you too. :)

KpjComp avatar Jun 14 '17 23:06 KpjComp

@KpjComp doesn't using secure:false allow for man in the middle attacks and defeat the purpose of having a cert that is not self signed? Is there anyway to solve this while keeping it secure?

Edit: Sorry just realized he is actually using a self-signed cert -- please ignore this. I was having a a similar issue with a certificate that is not self-signed.

geigev avatar Dec 04 '17 22:12 geigev

@geigev

Firstly, I did say as an option anyway.

But the secure = false, is between the your server & your server.. If the server you reverse proxying too belongs to you, how do you envisage man in the middle attacks, as the outbound / exposed host is still using secure?..

KpjComp avatar Dec 18 '17 10:12 KpjComp

@KpjComp

But the secure = false, is between the your server & your server.. If the server you reverse proxying too belongs to you, how do you envisage man in the middle attacks, as the outbound / exposed host is still using secure?..

If you are using a cloud provider that doesn't have a private VLAN, or are on a public network -- it would be a problem in those scenarios right?

geigev avatar Dec 19 '17 00:12 geigev