fix(route-connection-handler): Forward non-TLS connections on HttpProxy ports to fix ACME HTTP-01 challenge handling

2025-05-19 19:59:22 +00:00
parent 85bd448858
commit 42fe1e5d15
17 changed files with 1020 additions and 530 deletions
--- a/readme.md
+++ b/readme.md
@ -1412,6 +1412,8 @@ createRedirectRoute({
 - `routes` (IRouteConfig[], required) - Array of route configurations
 - `defaults` (object) - Default settings for all routes
 - `acme` (IAcmeOptions) - ACME certificate options
+- `useHttpProxy` (number[], optional) - Array of ports to forward to HttpProxy (e.g. `[80, 443]`)
+- `httpProxyPort` (number, default 8443) - Port where HttpProxy listens for forwarded connections
 - Connection timeouts: `initialDataTimeout`, `socketTimeout`, `inactivityTimeout`, etc.
 - Socket opts: `noDelay`, `keepAlive`, `enableKeepAliveProbes`
 - `certProvisionFunction` (callback) - Custom certificate provisioning
@ -1478,6 +1480,22 @@ HttpProxy now supports full route-based configuration including:
 - Use higher priority for block routes to ensure they take precedence
 - Enable `enableDetailedLogging` or `enableTlsDebugLogging` for debugging

+### ACME HTTP-01 Challenges
+- If ACME HTTP-01 challenges fail on port 80, ensure port 80 is included in `useHttpProxy`
+- Since v19.3.8, non-TLS connections on ports listed in `useHttpProxy` are properly forwarded to HttpProxy
+- Example configuration for ACME on port 80:
+  ```typescript
+  const proxy = new SmartProxy({
+    useHttpProxy: [80], // Ensure port 80 is forwarded to HttpProxy
+    httpProxyPort: 8443,
+    acme: {
+      email: 'ssl@example.com',
+      port: 80
+    },
+    routes: [/* your routes */]
+  });
+  ```
+
 ### NFTables Integration
 - Ensure NFTables is installed: `apt install nftables` or `yum install nftables`
 - Verify root/sudo permissions for NFTables operations