How to use a Proxy to HTTPS services?


#1

I followed this blog and I absolutely love it. It helped to solve the CORS issues we had. However, we need a proxy to “https://loclahost:8181/api” which is a local Tomcat server we use during development time. We have to access it via https. Our inonic.project file looks like this:

{
    "name": "proxy-example",
    "app_id": "",
    "proxies": [
        {
            "path": "/api",
            "proxyUrl": "https://localhost:8181/api"
        }
    ]
}

The error we get on the cli output is:

✗ Error: self signed certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:927:36)
at TLSSocket.emit (events.js:104:17)
at TLSSocket._finishInit (_tls_wrap.js:458:8)

How can I configure Ionic to accept untrusted certificates when using a proxy?
Is there any proxy configuration I am missing?


Ionic serve proxy self-signed certificate error
#2

Ok, it really seems that ionic currently has no support for this. This is how you have to modify Ionic to make things work:

  1. find the Ionic serve.js file, i.e. on a mac: /usr/share/nodejs/node-v0.12.0/lib/node_modules/ionic/lib/serve.js

  2. search for this code:

    var opts = url.parse(proxy.proxyUrl);
    if(proxy.proxyNoAgent)
        opts.agent = false;
    
  3. Add this line after the if statement:

    var opts = url.parse(proxy.proxyUrl);
    if(proxy.proxyNoAgent)
        opts.agent = false;
    opts.rejectUnauthorized = !(proxy.rejectUnauthorized === false);
    
  4. Add rejectUnauthorized = false to your proxy configuration:

    {
        "name": "proxy-example", 
        "app_id": "",
        "proxies": [
            {
                "path": "/api",
                "proxyUrl": "https://localhost:8181/api",
                "rejectUnauthorized" : false
            }
        ]
    }
    

This works just fine, because Ionic uses internally proxy-middleware which supports any of the https request options, for more information see here.
rejectUnauthorized is a setting from proxy-middleware :slight_smile:

That works like a charm. I hope the Ionic guys will merge the one line of code into their distribution so that everyone can use this :slight_smile:


#3

Why are you using local https?
Easiest way would be to use http for development and testing and on live systems to use a valid (trusted!) https-certificate.

And not manipulating in core files of a framework to allow any https-connections…


#4

Well, as I mentioned there is no way to not use https for us.
One reason is our authentication architecture that requires https. Allowing proxies is a great and important feature. However, a few more configuration options should be added to ionic-cli, at least some of those that come with proxy-middleware… It’s very easy and is helpful when the proxy needs to be configurable like in our project… There are many other scenarios that I can think of where you might need https. In fact, you don’t have to use localhost all the time. Instead, sometimes you could use some other backend server (not localhost) during development (i.e. test/integration server) and those backend servers might offer rest services only accessible vis https.

By the way, I created a pull request: https://github.com/driftyco/ionic-cli/pull/404
As you can see this is one line of code. The default behavior would still be rejectUnauthorized=true in case rejectUnauthorized is not specified.