How to make outgoing localhost traffic use Windows proxy? - node.js

I am using this app https://github.com/nice-table/bitmex-scaled-orders to connect to testnet.bitmex.com through the api to place orders. I am running the app on Windows in node.js. It looks like the app starts a websocket on port 1337 and a bitmex proxy on port 8000. The app uses a GUI through the browser that you connect to through localhost:3006.
I have a proxy server set in Windows settings. I am unable to access localhost:3006 without the bypass proxy checkbox checked which makes sense. However, when I check the box, it seems as though outgoing traffic to bitmex is also bypassing my proxy. I am able to know because when I put wrong proxy info, the app still connects. Shouldn't this checkbox only apply to local traffic? Is there any way I can make this app use my proxy?
This can be used for testing, make sure the testnet is selected in the app
key ID: 9I0Ez-z-a8wAgM-IB03OMLg0
key secret: OzanemIvHP368THbeGjT6by5bABmYWIXQvAXILX6oumQpipY
I am illiterate when it comes to this stuff please let me know if theres more info I can provide. I tried contacting the author on github but no answer.

Related

node.js and v2ray websocket vless

my problem maybe be some complex
i want to develop a v2ray(vless)+tls+websocket server with auth system
i dont want edit v2ray source code
i just want develop a middleware to handle auth with node.js
i wants verify user by username and password and add his ip to white ip list for my vpn port
i dont know how can i do this, i know ip is dynamic and i can re-register and replace it with client automatically
now i have 2 options with 2 questions:
can i use ngingx? with nginx i can make a whiteListIP in config file and i can edit it and restart it with node.js app per user register, but it makes a question, for use new config you should restart nginx, it can reduce performance?i dont know nginx restarting how much time need
can i register them with node.js and forward them request to vpn port?my mean is my node.js app is a middleware between user and vpn port to auth requests, requests are websocket connection.
ty if u can help me

React front end connected to node.js backend with only 1 port open

I am having a pretty big problem at work and would like some help. Basically I have a react front end and a node.js backend to connect to the database. The problem is that the company I am buildign this for will only open 1 port (443) for the webpage. And since react is generating on the clients side I cant use a localhost url to call the backend to get info from the database. They said they might open another port if we make it HTTPS. So I tried using express and https with a self assigned ssl certificate, which worked on my side. On the clients end the webpage's http call doesnt make it to the express server.
I have also started to build this with webpack and express, so the server will render the react code. This should work but I am suspecting a problem with webpack (have not had a good experience with it in the past).... Anyways, is there anything one of yall can think about that will allow my client rendered react app to connect to the database? How do other companies handle something like this? Really any help would be great. I have been under so much stress from this.
If you think you have any information that could help point me in the right direction, I would greatly appreciate it!
I dont think you need to open any other port to access the database, since the code that will access it will run server-side. I mean, yes the database port will need to be open locally, but it does not need to be open to the Internet.
In other words, you will need to have your react code access an API on your server (https end-point on port 443) in order to retrieve data. Your solution with Express should work. I guess you have a Node server listening on port 443, and that you are using Express as framework server-side. It is this server side code what should access the database and provide the data to https requests made by your React client-side code. Your browser might not like your self-signed certificate, and you will probably need to tell it to trust the certificate.
UPDATE:
If you want to block all ports from the server except port 443, you can use a firewall to achieve that, and make the ports look inactive, except for request coming from localhost, the server itself. If that's not an option, you could also choose to connect to the database using a socket path instead of a TCP port.

Setting up internal web server with Node.js

I want to host a web app with node.js on a Linux virtual machine using the the HTTP module.
As the app will be visualising sensitive data I want to ensure it can only be accessed from PCs on the same LAN.
My understanding is that using the HTTP module a web server is created that's initially only accessible by other PCs on the same LAN. I've seen that either by tunnelling or portforwarding a node.js server can be exposed if desired.
Question
Are there any other important considerations/ways the server could be accessed externally?
Is there a particular way I can setup a node.js server to be confident that it's only accessible to local traffic?
It really depends what you are protecting against.
For example, somebody on your LAN could port forward your service using something like ngrok. There are a few things you can check for:
In this case the header x-forwarded-for is set. So, to protect against this you can check for this header on the incoming request, and if set you can reject the request.
The host header is also set and will indicate how the client referred to your service - if it is as you expect (maybe a direct local LAN address such as 192.168.0.xxx:3000) then all is OK, if not (I ran ngrok on a local service and got something of the form xxxxxxxx.ngrok.io) then reject it.
Of course a malicious somebody could create their own server to redirect requests. The only way there is to put in usernames and passwords or similar. At least you then known who is (allegedly) accessing your service and do something about it.
However, if you are not trying to pretect against a malicious internal actor, then you should be good as you are - I can't think of any way (unless there is a security hole in your LAN) for your service to be made public without somebody actively setting that up.
My last suggestion would be to use something like express rather than the http module by itself. It really does make life a lot simpler. I use it a lot for just this kind of simple internal server.
Thought I'd add a quick example. I've tested this with ngrok and it blocks access via the public address but works find via localhost. Change the host test to whatever local address (or addresses) you want to serve this service from.
const express=require('express');
const app=express();
app.use((req,res,next)=>{
if (req.headers.host!=='localhost:3000' || req.headers['x-forwarded-for']){
res.status(403).send('Invalid access!');
} else next();
});
app.get('/',(req,res)=>res.send('Hello World!'));
app.listen(3000,()=>{
console.log('Service started. Try it at http://localhost:3000/');
});
I would prefer using nginx as a proxy here and rely on nginx' configuration to accept traffic from local LAN to the node.js web server. If this is not possible, a local firewall would be the best tool for the job.

NodeJS server running with a reverse proxy

I really fail to think of the right name for this question. So I'm going to explain the scenario and if someone comes with a good name, please Edit the post or comment it below so I can edit it.
As far as I understood one of the pluses in running NodeJS with a reverse proxy is that the actual app that does the work stays out of the world and the port that the app is running could be closed for the outside world. (Let's say the nodejs server is running on port 3000).
So the only way to access the app is through the proxy that will be running on a port that's open for the world.
My question is what if the app wants to make a request (POST for example) to API on another server (not running in the local network). Should that request go through the proxy again or it could be directly made by the app itself? Does the fact that the port the app is running is closed for external access make it impossible to communicate with the outside world at all?
I am not sure I understood your question, but yes, you can make requests to the outside world from your Node app.
Exposing :3000 is only used to access the app itself, but from the app you're free to make any requests.

TCP server won't work on Openshift NodeJS

I've used the openshift-cartridge-tcp-endpoint cartridge to try and make a TCP server which I can access from a desktop application.
I've set it up on a scaleable application and I can see the OPENSHIFT_NODEJS_PORT_TCP and OPENSHIFT_NODEJS_PROXY_PORT_TCP values when I list the environment variables using 'export' when ssh'd into my application.
The problem is, when I do 'rhc ssh APP_NAME oo-gear-registry all', no port is listed over which I can access my TCP application and when I try to access the application over the port given by the HTTP server, it does not connect. Do I have to take additional steps to make the port show up and be accessible?
It looks like that cartridge is over 2 years old, and probably doesn't work with the current version of OpenShift Online, as it only exposes port 8080 publicly and uses an HTTP/WS reverse proxy, so only http or web services connections would work. You might try logging an issue with the cartridge's creator here (https://github.com/Filirom1/openshift-cartridge-tcp-endpoint/issues) and ask them if it still works or not.

Resources