Redbird Reverse Proxy

with built in Cluster and Docker support.

WARNING

This is just a temporary fix until http-proxy is patched for a bug while doing NTLM auth.

I've included the NTLM proxy.on code for convenience, but please don't rely upon this package.

Handling dynamic virtual hosts, load balancing, proxying web sockets and SSL encryption should be easy and robust.

With redbird you get a complete library to build dynamic reverse proxies with the speed and robustness of http-proxy.

This light-weight package includes everything you need for easy reverse routing of your applications. Great for routing many applications from different domains in one single host, handling SSL with ease, etc.

Developed by manast

Features

• Flexible and easy routing.
• Websockets.
• Seamless SSL Support (HTTPS -> HTTP proxy)
• Automatic HTTP to HTTPS redirects.
• Load balancer.
• Register and unregister routes programatically without restart (allows zero downtime deployments)
• Docker support for automatic registration of running containers
• Cluster support that enables automatic multi-process.
• Based on top of rock-solid node-http-proxy and battle tested on production in many sites.
• Optional logging based on bunyan.

Install

npm install redbird

Example

You can programatically register or unregister routes dynamically even if the proxy is already running:

var proxy = require('redbird')({port: 80});
 
// OPTIONAL: Setup your proxy but disable the X-Forwarded-For header
var proxy = require('redbird')({port: 80, xfwd: false});
 
// Route to any global ip
proxy.register("optimalbits.com", "http://167.23.42.67:8000");
 
// Route to any local ip, for example from docker containers.
proxy.register("example.com", "http://172.17.42.1:8001");
 
// Route from hostnames as well as paths
proxy.register("example.com/static", "http://172.17.42.1:8002");
proxy.register("example.com/media", "http://172.17.42.1:8003");
 
// Subdomains, paths, everything just works as expected
proxy.register("abc.example.com", "http://172.17.42.4:8080");
proxy.register("abc.example.com/media", "http://172.17.42.5:8080");
 
// Route to any href including a target path
proxy.register("foobar.example.com", "http://172.17.42.6:8080/foobar");
 
// You can also enable load balancing by registering the same hostname with different
// target hosts. The requests will be evenly balanced using a Round Robin scheme.
proxy.register("balance.me", "http://172.17.40.6:8080");
proxy.register("balance.me", "http://172.17.41.6:8080");
proxy.register("balance.me", "http://172.17.42.6:8080");
proxy.register("balance.me", "http://172.17.43.6:8080");
 
 
 

About HTTPS

The HTTPS proxy supports virtual hosts by using SNI (which most modern browsers support: IE7 and above). The proxying is performed by hostname, so you must use the same SSL certificates for a given hostname independently of its paths.

HTTPS Example

Conceptually HTTPS is easy, but it is also easy to struggle getting it right. With redbird its straightforward, check this complete example:

1. Generate a localhost development SSL certificate:

/certs $ openssl genrsa -out dev-key.pem 1024
/certs $ openssl req -new -key dev-key.pem -out dev-csr.pem
 
// IMPORTANT: Do not forget to fill the field! Common Name (e.g. server FQDN or YOUR name) []:localhost
 
/certs $ openssl x509 -req -in dev-csr.pem -signkey dev-key.pem -out dev-cert.pem
 

Note: For production sites you need to buy valid SSL certificates from a trusted authority.

1. Create a simple redbird based proxy:

var redbird = new require('redbird')({
    port: 8080,
 
    // Specify filenames to default SSL certificates (in case SNI is not supported by the 
    // user's browser)
    ssl: {
        port: 8443,
        key: "certs/dev-key.pem",
        cert: "certs/dev-cert.pem",
    }
});
 
// Since we will only have one https host, we dont need to specify additional certificates.
redbird.register('localhost', 'http://localhost:8082', {ssl: true});

1. Test it:

Point your browser to localhost:8000 and you will see how it automatically redirects to your https server and proxies you to your target server.

You can define many virtual hosts, each with its own SSL certificate. And if you do not define any, they will use the default one as in the example above:

redbird.register('example.com', 'http://172.60.80.2:8082', {
    ssl: {
        key: "../certs/example.key",
        cert: "../certs/example.crt",	
        ca: "../certs/example.ca"
    }
});
 
redbird.register('foobar.com', 'http://172.60.80.3:8082', {
    ssl: {
        key: "../certs/foobar.key",
        cert: "../certs/foobar.crt",	
    }
});

You can also specify https hosts as targets and also specify if you want the connection to the target host to be secure (default is true).

var redbird = require('redbird')({
    port: 80,
    secure: false,
    ssl: {
        port: 443,
        key: "../certs/default.key",
        cert: "../certs/default.crt",
    }
});
redbird.register('tutorial.com', 'https://172.60.80.2:8083', {
    ssl: {
        key: "../certs/tutorial.key",
        cert: "../certs/tutorial.crt",
    }
});
 

Docker support

If you use docker, you can tell Redbird to automatically register routes based on image names. You register your image name and then everytime a container starts from that image, it gets registered, and unregistered if the container is stopped. If you run more than one container from the same image, redbird will load balance following a round robin schema:

var redbird = require('redbird')({
  port: 8080,
});
 
require('redbird')
  .docker(redbird)
  .register("example.com", 'company/myimage:latest');

Cluster support

Redbird support automatic support for node cluster. Just specify in the options object the number of processes that you want redbird to use. Redbird will automatically re-start any thread thay may crash automatically, increasing even more its reliability.

var redbird = new require('redbird')({
    port: 8080,
  cluster: 4
});

Roadmap

• Statistics (number of connections, load, response times, etc)
• CORS support.
• Rate limiter.
• Simple IP Filtering.
• Automatic routing via Redis or Etcd backend.

Reference

    opts {Object} Options to pass to the proxy:
    {
    	port: {Number} // port number that the proxy will listen to.
    	ssl: { // Optional SSL proxying.
    		port: {Number} // SSL port the proxy will listen to.
    		// Default certificates
    		key: keyPath,  
    		cert: certPath,
    		ca: caPath // Optional.
            redirect: true, // Disable HTTPS autoredirect to this route.
    	}
        bunyan: {Object} Bunyan options. Check [bunyan](https://github.com/trentm/node-bunyan) for info.
        If you want to disable bunyan, just set this option to false. Keep in mind that
        having logs enabled incours in a performance penalty of about one order of magnitude per request.
    }

    src {String} {String|URL} A string or a url parsed by node url module.
    	Note that port is ignored, since the proxy just listens to one port.
 
    target {String|URL} A string or a url parsed by node url module.
    opts {Object} route options:
    examples:
    {ssl : true} // Will use default ssl certificates.
    {ssl: {
        redirectPort: port, // optional https port number to be redirected if entering using http.
    	key: keyPath,
    	cert: certPath,
    	ca: caPath // optional
    	}
    }

    src {String|URL} A string or a url parsed by node url module.
    target {String|URL} A string or a url parsed by node url module. If not 
    specified, it will unregister all routes for the given source.