@akashnetwork/fastify-mtls-proxy
Advanced tools
This proxy server seamlessly accepts client certificates and keys to forward upstream.
This proxy server seamlessly accepts client certificates and keys to forward upstream.
In secure environments such as browsers, self signed certificates are not honored to ensure that certificate authorities are vetted and thus ideally those using certificates are subject to some form of regulation.
However with-in self managed mTLS environments, self signed certificates make much sense to validate the client application's commands are under control of the client party and not snarfed by a mitm. The ability to generate x509 certificates through Subtle.crypto means the progression of continued security at the user custody level.
This server allows that communication to easily facilitate. Using natural proxy forwarding requests can use a traditional proxy model, supported by libraries like Axios, curl and others.
install the package
yarn add @akashnetwork/fastify-mtls-proxy
setup the server to receive mTLS requests to forward.
import fastify from "fastify";
import mTLSProxyPlugin, { Options } from "@dmikey/fastify-mtls-proxy";
const app = fastify();
app.register(mTLSProxyPlugin, {} as Options);
Send a request to your server as you would to the original upstream. Specify proxy_cert and proxy_key in the post body.
bash using curl
curl --proxy "http://localhost:3000" "http://www.httpbin.org/ip"
or to make a secure request over the insecure proxy
curl --proxy-insecure "http://localhost:3000" "https://www.google.com"
typescript using the axios library
import axios from "axios";
axios
.post("http://localhost:3000/ip", {
headers: {
host: "http://www.httpbin.org/",
},
})
.then(function (response) {
console.log(response);
})
.catch(function (error) {
console.log(error);
});
If you can not modify the headers, and can only modify the host of the platform you are trying to proxy through, using a query string parameter is available.
curl "http://localhost:3000/ip?upstream=http://httpbin.org/ip"
curl "http://localhost:3000/ip?upstream=https://www.httpbin.org"
Sending mTLS connection information along with the upstream request.
import axios from "axios";
axios
.post("http://localhost:3000/", {
headers: {
host: "https://certauth.cryptomix.com",
},
})
.then(function (response) {
console.log(response);
})
.catch(function (error) {
console.log(error);
});
When using a requesting a resource, the pathing should be requested from the proxy.
Example a resource that is available at http://foo.com/my-resource would be requested as http://proxy.com/my-resource?upstream=http://foo.com/my-resource
using the Options type, you can define
to the original work by all the contributors to the original modules.
FAQs
This proxy server seamlessly accepts client certificates and keys to forward upstream.
We found that @akashnetwork/fastify-mtls-proxy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ECMAScript 2025 introduces Iterator Helpers, Set methods, JSON modules, and more in its latest spec update approved by Ecma in June 2025.
Security News
A new Node.js homepage button linking to paid support for EOL versions has sparked a heated discussion among contributors and the wider community.
Research
North Korean threat actors linked to the Contagious Interview campaign return with 35 new malicious npm packages using a stealthy multi-stage malware loader.