This repo/branch is a fork of the official MyGovBC-MSP-Service. The goal is to merge this upstream once changes are complete and stable.
- Need to address MSP hardcoded "nouns" in url string validation
- Merge back into MyGovBC-MSP-Service
- Revert OpenShift FPC Dev to load from MyGovBC-MSP-Service (currently it loads from MyGovBC-FPC-Service#fpc, i.e. this branch/repo)
A NodeJS based static proxy for MyGovBC-MSP user interface.
- Proxy to target base URL
- Replays body and query parameters
- Adds HTTP Basic and Client Certificate Authentication
- Logs to console
- Utility to convert file like a PEM to base64 string
base64encode.jsfor use in configuration
- node@>=4.2.5
- npm@>=3.10.0 (note: not the default of [email protected])
- GIT
All configuration is done via a user's shell environment variable and read in NodeJS via process.env
| Name | Description |
|---|---|
| TARGET_URL | Base URL to send HTTP request |
| TARGET_HEADER_HOST | Host header to send |
| TARGET_USERNAME_PASSWORD | For HTTP Basic the username:password |
| CORS_ORIGIN | Optional, if using CORS supply use domain name of the allowed origin |
| MUTUAL_TLS_PEM_KEY_BASE64 | A base64 encoded PEM key string |
| MUTUAL_TLS_PEM_KEY_PASSPHRASE | The passphrase for the above PEM key |
| MUTUAL_TLS_PEM_CERT | The client certificate for the above KEY in a base64 encoded PEM format |
| SECURE_MODE | Insecure mode allows untrusted targets. Always true unless you are debugging |
| USE_MUTUAL_TLS | Turns on and off Mutual TLS to target. Always true unless you are debugging |
| AUTH_TOKEN_KEY | Authentication Key used in all SSL |
| USE_AUTH_TOKEN | Use Auth Token in all SSL |
| LOGGER_HOST | Host name for the Splunk Forwarder |
| LOGGER_PORT | Port for the Splunk Forwarder |
| SPLUNK_AUTH_TOKEN | Authorization token required to use the splunk server |
| BYPASS_CAPTCHA_URLS | A comma-separated list of relative urls that bypass the captcha (e.g. "service/rest/getCalendar"). Has no effect if USE_AUTH_TOKEN is false. |
Requires OpenSSL CLI installed on workstation
If you want to extract private key from a pfx file and write it to PEM file
openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem
If you want to extract the certificate file (the signed public key) from the pfx file
openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem
If you want to base64encode a file, i.e., like the PEMs above:
cd <Root of MyGovBC-MSP-Service>
node ./base64encode.js <filename>
Add these to the OpenShift env vars, do NOT save any certificates to GitHub.
To ensure the target's mutual SSL/TLS is configured correctly, try this command:
openssl s_client -showcerts -connect <servername>:<port> -servername <servername>
See Deploy to OpenShift docs.