Tex>> configurable-http-proxy>> 返回
项目作者: jupyterhub

项目描述 :
node-http-proxy plus a REST API
高级语言: JavaScript
项目地址: git://github.com/jupyterhub/configurable-http-proxy.git
创建时间: 2014-08-25T22:28:59Z
项目社区:https://github.com/jupyterhub/configurable-http-proxy
开源协议:BSD 3-Clause "New" or "Revised" License
下载


configurable-http-proxy

npm
Docker Build status
GitHub Workflow Status - Test
GitHub
Discourse
Gitter

configurable-http-proxy (CHP) provides you with a way to update and manage
a proxy table using a command line interface or REST API.
It is a simple wrapper around node-http-proxy. node-http-proxy is an HTTP
programmable proxying library that supports websockets and is suitable for
implementing components such as reverse proxies and load balancers. By
wrapping node-http-proxy, configurable-http-proxy extends this
functionality to JupyterHub deployments.

Table of Contents

Install

Prerequisite: Node.js ≥ 18

If you’re installing configurable-http-proxy in Linux, you can follow the instruction of nodesource to install arbitrary version of Node.js.

To install the configurable-http-proxy package globally
using npm:

  1. npm install -g configurable-http-proxy

To install from the source code found in this GitHub repo:

  1. git clone https://github.com/jupyterhub/configurable-http-proxy
  2. cd configurable-http-proxy
  3. npm install  # Use 'npm install -g' for global install

Return to top

Usage

The configurable proxy runs two HTTP(S) servers:

  • The public-facing interface to your application (controlled by --ip,
    --port)
    • listens on all interfaces by default.
  • The inward-facing REST API (--api-ip, --api-port)
    • listens on localhost by default
    • The REST API uses token authorization, where the token is set in the
      CONFIGPROXY_AUTH_TOKEN environment variable.

Return to top

Starting the proxy

  1. configurable-http-proxy [options]

where [options] are the command-line options described below.

Return to top

Setting a default target

The default target is used when a client has requested a URL for which
there is no routing target found in the proxy table. To set a
default target, pass the command line option,
--default-target, when starting the configurable proxy:

  1. configurable-http-proxy --default-target=proto://host[:port]

For example:

  1. configurable-http-proxy --default-target=http://localhost:8888

Return to top

Command-line options

  1. Usage: configurable-http-proxy [options]
  3. Options:
  4.   -V, --version                      output the version number
  5.   --ip <ip-address>                  Public-facing IP of the proxy
  6.   --port <n> (defaults to 8000)      Public-facing port of the proxy
  7.   --ssl-key <keyfile>                SSL key to use, if any
  8.   --ssl-cert <certfile>              SSL certificate to use, if any
  9.   --ssl-ca <ca-file>                 SSL certificate authority, if any
  10.   --ssl-request-cert                 Request SSL certs to authenticate clients
  11.   --ssl-reject-unauthorized          Reject unauthorized SSL connections (only meaningful if --ssl-request-cert is given)
  12.   --ssl-protocol <ssl-protocol>      Set specific SSL protocol, e.g. TLSv1_2, SSLv3
  13.   --ssl-ciphers <ciphers>            `:`-separated ssl cipher list. Default excludes RC4
  14.   --ssl-allow-rc4                    Allow RC4 cipher for SSL (disabled by default)
  15.   --ssl-dhparam <dhparam-file>       SSL Diffie-Helman Parameters pem file, if any
  16.   --api-ip <ip>                      Inward-facing IP for API requests (default: "localhost")
  17.   --api-port <n>                     Inward-facing port for API requests (defaults to --port=value+1)
  18.   --api-ssl-key <keyfile>            SSL key to use, if any, for API requests
  19.   --api-ssl-cert <certfile>          SSL certificate to use, if any, for API requests
  20.   --api-ssl-ca <ca-file>             SSL certificate authority, if any, for API requests
  21.   --api-ssl-request-cert             Request SSL certs to authenticate clients for API requests
  22.   --api-ssl-reject-unauthorized      Reject unauthorized SSL connections (only meaningful if --api-ssl-request-cert is given)
  23.   --client-ssl-key <keyfile>         SSL key to use, if any, for proxy to client requests
  24.   --client-ssl-cert <certfile>       SSL certificate to use, if any, for proxy to client requests
  25.   --client-ssl-ca <ca-file>          SSL certificate authority, if any, for proxy to client requests
  26.   --client-ssl-request-cert          Request SSL certs to authenticate clients for API requests
  27.   --client-ssl-reject-unauthorized   Reject unauthorized SSL connections (only meaningful if --client-ssl-request-cert is given)
  28.   --default-target <host>            Default proxy target (proto://host[:port])
  29.   --error-target <host>              Alternate server for handling proxy errors (proto://host[:port])
  30.   --error-path <path>                Alternate server for handling proxy errors (proto://host[:port])
  31.   --redirect-port <redirect-port>    Redirect HTTP requests on this port to the server on HTTPS
  32.   --redirect-to <port>               Redirect HTTP requests from --redirect-port to this port
  33.   --pid-file <pid-file>              Write our PID to a file
  34.   --no-x-forward                     Don't add 'X-forward-' headers to proxied requests
  35.   --no-prepend-path                  Avoid prepending target paths to proxied requests
  36.   --no-include-prefix                Don't include the routing prefix in proxied requests
  37.   --auto-rewrite                     Rewrite the Location header host/port in redirect responses
  38.   --change-origin                    Changes the origin of the host header to the target URL
  39.   --protocol-rewrite <proto>         Rewrite the Location header protocol in redirect responses to the specified protocol
  40.   --custom-header <header>           Custom header to add to proxied requests. Use same option for multiple headers (--custom-header k1:v1 --custom-header k2:v2) (default: {})
  41.   --insecure                         Disable SSL cert verification
  42.   --host-routing                     Use host routing (host as first level of path)
  43.   --metrics-ip <ip>                  IP for metrics server (default: "")
  44.   --metrics-port <n>                 Port of metrics server. Defaults to no metrics server
  45.   --log-level <loglevel>             Log level (debug, info, warn, error) (default: "info")
  46.   --timeout <n>                      Timeout (in millis) when proxy drops connection for a request.
  47.   --proxy-timeout <n>                Timeout (in millis) when proxy receives no response from target.
  48.   --storage-backend <storage-class>  Define an external storage class. Defaults to in-MemoryStore.
  49.   -h, --help                         display help for command

Return to top

Using the REST API

The configurable-http-proxy REST API is documented and available as:

Return to top

REST API Basics

API Root

HTTP method Endpoint Function
GET /api/ API Root

Routes

HTTP method Endpoint Function
GET /api/routes Get all routes in routing table
POST /api/routes/{route_spec} Add a new route
DELETE /api/routes/{route_spec} Remove the given route

Return to top

Authenticating via passing a token

The REST API is authenticated via passing a token in the Authorization
header. The API is served under the /api/routes base URL.

For example, this curl command entered in the terminal
passes this header "Authorization: token $CONFIGPROXY_AUTH_TOKEN" for
authentication and retrieves the current routing table from this endpoint,
http://localhost:8001/api/routes:

  1. curl -H "Authorization: token $CONFIGPROXY_AUTH_TOKEN" http://localhost:8001/api/routes

Return to top

Getting the routing table

Request:

  1. GET /api/routes[?inactive_since=ISO8601-timestamp]

Parameters:

inactive_since: If the inactive_since URL
parameter is given as an ISO8601
timestamp, only routes whose last_activity is earlier than the timestamp
will be returned. The last_activity timestamp is updated whenever the proxy
passes data to or from the proxy target.

Response:

Status code

  1. status: 200 OK

Response body

A JSON dictionary of the current routing table. This JSON
dictionary excludes the default route.

Behavior:

The current routing table is returned to the user if the request is
successful.

Return to top

Adding new routes

POST requests create new routes. The body of the request should be a JSON
dictionary with at least one key: target, the target host to be proxied.

Request:

  1. POST /api/routes/[:path]

Required input:

target: The host URL

Example request body:

  1. {
  2.   "target": "http://localhost:8002"
  3. }

Response:

  1. status: 201 Created

Behavior:

After adding the new route, any request to /path/prefix on the proxy’s
public interface will be proxied to target.

Return to top

Deleting routes

Request:

  1. DELETE /api/routes/[:path]

Response:

  1. status: 204 No Content

Behavior:

Removes a route from the proxy’s routing table.

Return to top

Custom error pages

Custom error pages can be provided when the proxy encounters an error and has
no proxy target to handle a request. There are two typical errors that CHP may
hit, along with their status code:

  • 404 error: Returned when a client has requested a URL for which there is no
    routing target. This error can be prevented by setting a
    default target before starting the configurable-http-proxy.

  • 503 error: Returned when a route exists, but the upstream server isn’t
    responding. This is more common, and can be due to any number of reasons,
    including the target service having died, not finished starting, or network
    instability.

Return to top

Setting the path for custom error pages

When starting the CHP, specify an error path --error-path /usr/share/chp-errors
to the location of the error page:

  1. configurable-http-proxy --error-path /usr/share/chp-errors

When a proxy error occurs, CHP will look in the following location for a
custom html error page to serve:

  1. /usr/share/chp-errors/{CODE}.html

where {CODE} is a status code number for an html page to serve. If there is
a 503 error, CHP will look for a custom error page in this location
/usr/share/chp-errors/503.html.

If no custom error html file exists for the error code, CHP will use the default
error.html. If you specify an error path, make sure you also create
a default error.html file.

Return to top

Setting a target for custom error handling

You can specify a target URL to use when errors occur by setting
--error-target {URL} when starting the CHP.

If, for example, CHP starts with --error-target http://localhost:1234,
and the proxy encounters an error, the proxy will make a GET request to
the error-target server. The GET request will be sent to the error-target
server URL, http://localhost:1234, appending the status code
/{CODE}, and passing the failing request’s URL escaped in a URL parameter:

  1. GET /404?url=%2Fescaped%2Fpath

Return to top

Host-based routing

If the CHP is started with the --host-routing option, the proxy will
use the hostname of the incoming request to select a target.

When using host-based routes, the API uses the target in the same way as if
the hostname were the first part of the URL path, e.g.:

  1. {
  2.   "/example.com": "https://localhost:1234",
  3.   "/otherdomain.biz": "http://10.0.1.4:5555",
  4. }

Return to top

Troubleshooting

Q: My proxy is not starting. What could be happening?

  • If this occurs on Ubuntu/Debian, check that the you are using a recent
    version of node. Some versions of Ubuntu/Debian come with a version of node
    that is very old, and it is necessary to update node to a recent or LTS
    version.

Return to top