Package detail

http-proxy-middleware

chimurai72.9mMIT3.0.3

The one-liner node.js proxy middleware for connect, express, next.js and more

reverse, proxy, middleware, http, https, connect, express, fastify, polka, next.js, browser-sync, gulp, grunt-contrib-connect, websocket, ws, cors

readme

http-proxy-middleware

Node.js proxying made simple. Configure proxy middleware with ease for connect, express, next.js and many more.

⚠️ Note

This page is showing documentation for version v3.x.x (release notes)

See MIGRATION.md for details on how to migrate from v2.x.x to v3.x.x

If you're looking for older documentation. Go to:

TL;DR

Proxy /api requests to http://www.example.org

:bulb: Tip: Set the option changeOrigin to true for name-based virtual hosted sites.

// typescript

import * as express from 'express';
import type { Request, Response, NextFunction } from 'express';

import { createProxyMiddleware } from 'http-proxy-middleware';
import type { Filter, Options, RequestHandler } from 'http-proxy-middleware';

const app = express();

const proxyMiddleware = createProxyMiddleware<Request, Response>({
    target: 'http://www.example.org/api',
    changeOrigin: true,
  }),

app.use('/api', proxyMiddleware);

app.listen(3000);

// proxy and keep the same base path "/api"
// http://127.0.0.1:3000/api/foo/bar -> http://www.example.org/api/foo/bar

All http-proxy options can be used, along with some extra http-proxy-middleware options.

Install
Basic usage
Express Server Example
- app.use(path, proxy)
Options
http-proxy events
http-proxy options
WebSocket
- External WebSocket upgrade
Intercept and manipulate requests
Intercept and manipulate responses
Node.js 17+: ECONNREFUSED issue with IPv6 and localhost (#705)
Debugging
Working examples
Recipes
Compatible servers
Tests
Changelog
License

Install

npm install --save-dev http-proxy-middleware

Basic usage

Create and configure a proxy middleware with: createProxyMiddleware(config).

const { createProxyMiddleware } = require('http-proxy-middleware');

const apiProxy = createProxyMiddleware({
  target: 'http://www.example.org',
  changeOrigin: true,
});

// 'apiProxy' is now ready to be used as middleware in a server.

options.target: target host to proxy to. (protocol + host)
options.changeOrigin: for virtual hosted sites
see full list of http-proxy-middleware configuration options

Express Server Example

An example with express server.

// include dependencies
const express = require('express');
const { createProxyMiddleware } = require('http-proxy-middleware');

const app = express();

// create the proxy
/** @type {import('http-proxy-middleware/dist/types').RequestHandler<express.Request, express.Response>} */
const exampleProxy = createProxyMiddleware({
  target: 'http://www.example.org/api', // target host with the same base path
  changeOrigin: true, // needed for virtual hosted sites
});

// mount `exampleProxy` in web server
app.use('/api', exampleProxy);
app.listen(3000);

app.use(path, proxy)

If you want to use the server's app.use path parameter to match requests. Use pathFilter option to further include/exclude requests which you want to proxy.

app.use(
  createProxyMiddleware({
    target: 'http://www.example.org/api',
    changeOrigin: true,
    pathFilter: '/api/proxy-only-this-path',
  }),
);

app.use documentation:

express: http://expressjs.com/en/4x/api.html#app.use
connect: https://github.com/senchalabs/connect#mount-middleware
polka: https://github.com/lukeed/polka#usebase-fn

Options

http-proxy-middleware options:

`pathFilter` (string, []string, glob, []glob, function)

Narrow down which requests should be proxied. The path used for filtering is the request.url pathname. In Express, this is the path relative to the mount-point of the proxy.

path matching
- createProxyMiddleware({...}) - matches any path, all requests will be proxied when pathFilter is not configured.
- createProxyMiddleware({ pathFilter: '/api', ...}) - matches paths starting with /api
multiple path matching
- createProxyMiddleware({ pathFilter: ['/api', '/ajax', '/someotherpath'], ...})
wildcard path matching

For fine-grained control you can use wildcard matching. Glob pattern matching is done by micromatch. Visit micromatch or glob for more globbing examples.
- createProxyMiddleware({ pathFilter: '**', ...}) matches any path, all requests will be proxied.
- createProxyMiddleware({ pathFilter: '**/*.html', ...}) matches any path which ends with .html
- createProxyMiddleware({ pathFilter: '/*.html', ...}) matches paths directly under path-absolute
- createProxyMiddleware({ pathFilter: '/api/**/*.html', ...}) matches requests ending with .html in the path of /api
- createProxyMiddleware({ pathFilter: ['/api/**', '/ajax/**'], ...}) combine multiple patterns
- createProxyMiddleware({ pathFilter: ['/api/**', '!**/bad.json'], ...}) exclusion
Note: In multiple path matching, you cannot use string paths and wildcard paths together.

custom matching

For full control you can provide a custom function to determine which requests should be proxied or not.

/**
 * @return {Boolean}
 */
const pathFilter = function (path, req) {
  return path.match('^/api') && req.method === 'GET';
};

const apiProxy = createProxyMiddleware({
  target: 'http://www.example.org',
  pathFilter: pathFilter,
});

`pathRewrite` (object/function)

Rewrite target's url path. Object-keys will be used as RegExp to match paths.

// rewrite path
pathRewrite: {'^/old/api' : '/new/api'}

// remove path
pathRewrite: {'^/remove/api' : ''}

// add base path
pathRewrite: {'^/' : '/basepath/'}

// custom rewriting
pathRewrite: function (path, req) { return path.replace('/api', '/base/api') }

// custom rewriting, returning Promise
pathRewrite: async function (path, req) {
  const should_add_something = await httpRequestToDecideSomething(path);
  if (should_add_something) path += "something";
  return path;
}

`router` (object/function)

Re-target option.target for specific requests.

// Use `host` and/or `path` to match requests. First match will be used.
// The order of the configuration matters.
router: {
    'integration.localhost:3000' : 'http://127.0.0.1:8001',  // host only
    'staging.localhost:3000'     : 'http://127.0.0.1:8002',  // host only
    'localhost:3000/api'         : 'http://127.0.0.1:8003',  // host + path
    '/rest'                      : 'http://127.0.0.1:8004'   // path only
}

// Custom router function (string target)
router: function(req) {
    return 'http://127.0.0.1:8004';
}

// Custom router function (target object)
router: function(req) {
    return {
        protocol: 'https:', // The : is required
        host: '127.0.0.1',
        port: 8004
    };
}

// Asynchronous router function which returns promise
router: async function(req) {
    const url = await doSomeIO();
    return url;
}

`plugins` (Array)

const simpleRequestLogger = (proxyServer, options) => {
  proxyServer.on('proxyReq', (proxyReq, req, res) => {
    console.log(`[HPM] [${req.method}] ${req.url}`); // outputs: [HPM] GET /users
  });
},

const config = {
  target: `http://example.org`,
  changeOrigin: true,
  plugins: [simpleRequestLogger],
};

`ejectPlugins` (boolean) default: `false`

If you're not satisfied with the pre-configured plugins, you can eject them by configuring ejectPlugins: true.

NOTE: register your own error handlers to prevent server from crashing.

// eject default plugins and manually add them back

const {
  debugProxyErrorsPlugin, // subscribe to proxy errors to prevent server from crashing
  loggerPlugin, // log proxy events to a logger (ie. console)
  errorResponsePlugin, // return 5xx response on proxy error
  proxyEventsPlugin, // implements the "on:" option
} = require('http-proxy-middleware');

createProxyMiddleware({
  target: `http://example.org`,
  changeOrigin: true,
  ejectPlugins: true,
  plugins: [debugProxyErrorsPlugin, loggerPlugin, errorResponsePlugin, proxyEventsPlugin],
});

`logger` (Object)

Configure a logger to output information from http-proxy-middleware: ie. console, winston, pino, bunyan, log4js, etc...

Only info, warn, error are used internally for compatibility across different loggers.

If you use winston, make sure to enable interpolation: https://github.com/winstonjs/winston#string-interpolation

See also logger recipes (recipes/logger.md) for more details.

createProxyMiddleware({
  logger: console,
});

`http-proxy` events

Subscribe to http-proxy events with the on option:

createProxyMiddleware({
  target: 'http://www.example.org',
  on: {
    proxyReq: (proxyReq, req, res) => {
      /* handle proxyReq */
    },
    proxyRes: (proxyRes, req, res) => {
      /* handle proxyRes */
    },
    error: (err, req, res) => {
      /* handle error */
    },
  },
});

option.on.error: function, subscribe to http-proxy's error event for custom error handling.

function onError(err, req, res, target) {
  res.writeHead(500, {
    'Content-Type': 'text/plain',
  });
  res.end('Something went wrong. And we are reporting a custom error message.');
}

option.on.proxyRes: function, subscribe to http-proxy's proxyRes event.

function onProxyRes(proxyRes, req, res) {
  proxyRes.headers['x-added'] = 'foobar'; // add new header to response
  delete proxyRes.headers['x-removed']; // remove header from response
}

option.on.proxyReq: function, subscribe to http-proxy's proxyReq event.

function onProxyReq(proxyReq, req, res) {
  // add custom header to request
  proxyReq.setHeader('x-added', 'foobar');
  // or log the req
}

option.on.proxyReqWs: function, subscribe to http-proxy's proxyReqWs event.

function onProxyReqWs(proxyReq, req, socket, options, head) {
  // add custom header
  proxyReq.setHeader('X-Special-Proxy-Header', 'foobar');
}

option.on.open: function, subscribe to http-proxy's open event.

function onOpen(proxySocket) {
  // listen for messages coming FROM the target here
  proxySocket.on('data', hybridParseAndLogMessage);
}

option.on.close: function, subscribe to http-proxy's close event.

function onClose(res, socket, head) {
  // view disconnected websocket connections
  console.log('Client disconnected');
}

`http-proxy` options

The following options are provided by the underlying http-proxy library.

option.target: url string to be parsed with the url module
option.forward: url string to be parsed with the url module
option.agent: object to be passed to http(s).request (see Node's https agent and http agent objects)
option.ssl: object to be passed to https.createServer()
option.ws: true/false: if you want to proxy websockets
option.xfwd: true/false, adds x-forward headers
option.secure: true/false, if you want to verify the SSL Certs
option.toProxy: true/false, passes the absolute URL as the path (useful for proxying to proxies)
option.prependPath: true/false, Default: true - specify whether you want to prepend the target's path to the proxy path
option.ignorePath: true/false, Default: false - specify whether you want to ignore the proxy path of the incoming request (note: you will have to append / manually if required).
option.localAddress : Local interface string to bind for outgoing connections
option.changeOrigin: true/false, Default: false - changes the origin of the host header to the target URL
option.preserveHeaderKeyCase: true/false, Default: false - specify whether you want to keep letter case of response header key
option.auth : Basic authentication i.e. 'user:password' to compute an Authorization header.
option.hostRewrite: rewrites the location hostname on (301/302/307/308) redirects.
option.autoRewrite: rewrites the location host/port on (301/302/307/308) redirects based on requested host/port. Default: false.
option.protocolRewrite: rewrites the location protocol on (301/302/307/308) redirects to 'http' or 'https'. Default: null.
option.cookieDomainRewrite: rewrites domain of set-cookie headers. Possible values:
- false (default): disable cookie rewriting
- String: new domain, for example cookieDomainRewrite: "new.domain". To remove the domain, use cookieDomainRewrite: "".
- Object: mapping of domains to new domains, use "*" to match all domains.
  For example keep one domain unchanged, rewrite one domain and remove other domains:
```
cookieDomainRewrite: {
  "unchanged.domain": "unchanged.domain",
  "old.domain": "new.domain",
  "*": ""
}
```
option.cookiePathRewrite: rewrites path of set-cookie headers. Possible values:
- false (default): disable cookie rewriting
- String: new path, for example cookiePathRewrite: "/newPath/". To remove the path, use cookiePathRewrite: "". To set path to root use cookiePathRewrite: "/".
- Object: mapping of paths to new paths, use "*" to match all paths. For example, to keep one path unchanged, rewrite one path and remove other paths:
```
cookiePathRewrite: {
  "/unchanged.path/": "/unchanged.path/",
  "/old.path/": "/new.path/",
  "*": ""
}
```
option.headers: object, adds request headers. (Example: {host:'www.example.org'})
option.proxyTimeout: timeout (in millis) when proxy receives no response from target
option.timeout: timeout (in millis) for incoming requests
option.followRedirects: true/false, Default: false - specify whether you want to follow redirects
option.selfHandleResponse true/false, if set to true, none of the webOutgoing passes are called and it's your responsibility to appropriately return the response by listening and acting on the proxyRes event

option.buffer: stream of data to send as the request body. Maybe you have some middleware that consumes the request stream before proxying it on e.g. If you read the body of a request into a field called 'req.rawbody' you could restream this field in the buffer option:

'use strict';

const streamify = require('stream-array');
const HttpProxy = require('http-proxy');
const proxy = new HttpProxy();

module.exports = (req, res, next) => {
  proxy.web(
    req,
    res,
    {
      target: 'http://127.0.0.1:4003/',
      buffer: streamify(req.rawBody),
    },
    next,
  );
};

WebSocket

// verbose api
createProxyMiddleware({ pathFilter: '/', target: 'http://echo.websocket.org', ws: true });

External WebSocket upgrade

In the previous WebSocket examples, http-proxy-middleware relies on a initial http request in order to listen to the http upgrade event. If you need to proxy WebSockets without the initial http request, you can subscribe to the server's http upgrade event manually.

const wsProxy = createProxyMiddleware({ target: 'ws://echo.websocket.org', changeOrigin: true });

const app = express();
app.use(wsProxy);

const server = app.listen(3000);
server.on('upgrade', wsProxy.upgrade); // <-- subscribe to http 'upgrade'

Intercept and manipulate requests

Intercept requests from downstream by defining onProxyReq in createProxyMiddleware.

Currently the only pre-provided request interceptor is fixRequestBody, which is used to fix proxied POST requests when bodyParser is applied before this middleware.

Example:

const { createProxyMiddleware, fixRequestBody } = require('http-proxy-middleware');

const proxy = createProxyMiddleware({
  /**
   * Fix bodyParser
   **/
  on: {
    proxyReq: fixRequestBody,
  },
});

Intercept and manipulate responses

Intercept responses from upstream with responseInterceptor. (Make sure to set selfHandleResponse: true)

Responses which are compressed with brotli, gzip and deflate will be decompressed automatically. The response will be returned as buffer (docs) which you can manipulate.

With buffer, response manipulation is not limited to text responses (html/css/js, etc...); image manipulation will be possible too. (example)

NOTE: responseInterceptor disables streaming of target's response.

Example:

const { createProxyMiddleware, responseInterceptor } = require('http-proxy-middleware');

const proxy = createProxyMiddleware({
  /**
   * IMPORTANT: avoid res.end being called automatically
   **/
  selfHandleResponse: true, // res.end() will be called internally by responseInterceptor()

  /**
   * Intercept response and replace 'Hello' with 'Goodbye'
   **/
  on: {
    proxyRes: responseInterceptor(async (responseBuffer, proxyRes, req, res) => {
      const response = responseBuffer.toString('utf8'); // convert buffer to string
      return response.replace('Hello', 'Goodbye'); // manipulate response and return the result
    }),
  },
});

Check out interception recipes for more examples.

Node.js 17+: ECONNREFUSED issue with IPv6 and localhost (#705)

Node.js 17+ no longer prefers IPv4 over IPv6 for DNS lookups. E.g. It's not guaranteed that localhost will be resolved to 127.0.0.1 – it might just as well be ::1 (or some other IP address).

If your target server only accepts IPv4 connections, trying to proxy to localhost will fail if resolved to ::1 (IPv6).

Ways to solve it:

Change target: "http://localhost" to target: "http://127.0.0.1" (IPv4).
Change the target server to (also) accept IPv6 connections.
Add this flag when running node: node index.js --dns-result-order=ipv4first. (Not recommended.)

Note: There’s a thing called Happy Eyeballs which means connecting to both IPv4 and IPv6 in parallel, which Node.js doesn’t have, but explains why for example curl can connect.

Debugging

Configure the DEBUG environment variable enable debug logging.

See debug project for more options.

DEBUG=http-proxy-middleware* node server.js

$ http-proxy-middleware proxy created +0ms
$ http-proxy-middleware proxying request to target: 'http://www.example.org' +359ms

Working examples

View and play around with working examples.

Browser-Sync (example source)
express (example source)
connect (example source)
WebSocket (example source)
Response Manipulation (example source)

Recipes

View the recipes for common use cases.

Compatible servers

http-proxy-middleware is compatible with the following servers:

Sample implementations can be found in the server recipes.

Tests

Run the test suite:

# install dependencies
$ yarn

# linting
$ yarn lint
$ yarn lint:fix

# building (compile typescript to js)
$ yarn build

# unit tests
$ yarn test

# code coverage
$ yarn cover

# check spelling mistakes
$ yarn spellcheck

Changelog

View changelog

License

The MIT License (MIT)

changelog

Changelog

v3.0.3

fix(pathFilter): handle errors

v3.0.2

refactor(dependency): replace is-plain-obj with is-plain-object (#1031)
chore(package): upgrade to eslint v9 (#1032)
fix(logger-plugin): handle undefined protocol and hostname (#1036)

v3.0.1

fix(type): fix RequestHandler return type (#980)
refactor(errors): improve pathFilter error message (#987)
fix(logger-plugin): fix missing target port (#989)
ci(package): npm package provenance (#991)
fix(logger-plugin): log target port when router option is used (#1001)
refactor: fix circular dependencies (#1010)
fix(fix-request-body): support '+json' content-type suffix (#1015)

v3.0.0

This release contains some breaking changes.

Please read the V3 discussion https://github.com/chimurai/http-proxy-middleware/discussions/768 or follow the MIGRATION.md guide.

feat(typescript): type improvements (#882)
chore(deps): update micromatch to 4.0.5
chore(package): bump devDependencies
feat(legacyCreateProxyMiddleware): show migration tips (#756)
feat(legacyCreateProxyMiddleware): adapter with v2 behavior (#754)
docs(proxy events): fix new syntax (#753)
feat(debug): improve troubleshooting (#752)
test(path-rewriter): improve coverage (#751)
feat(ejectPlugins): skip registering default plugins (#750)
refactor: logging [BREAKING CHANGE] (#749)
refactor(handlers): refactor to plugins [BREAKING CHANGE] (#745)
feat(plugins): add support for plugins (#732)
docs: fix v3 documentation
fix: server mounting [BREAKING CHANGE] (#731)
test(fixRequestBody): fix broken test
refactor: use node http base types [BREAKING CHANGE] (#730) (special thanks: @cdaringe & @devanshj)
feat(option): refactor context to pathFilter option [BREAKING CHANGE] (#722)
feat: remove shorthand usage [BREAKING CHANGE] (#716)

v2.0.6

fix(proxyReqWs): catch socket errors (#763)

v2.0.5

fix(error handler): add default handler to econnreset (#759)

v2.0.4

fix(fix-request-body): improve content type check (#725) (kevinxh)

v2.0.3

feat(package): optional @types/express peer dependency (#707)

v2.0.2

chore(deps): update @types/http-proxy to 1.17.8 (#701)
fix(fixRequestBody): fix request body for empty JSON object requests (#640) (mhassan1)
fix(types): fix type regression (#700)

v2.0.1

fix(fixRequestBody): fix type error (#615)
test(coverage): improve coverage config (#609) (leonardobazico)
test: add test coverage to fixRequestBody and responseInterceptor (#608) (leonardobazico)
chore(typescript): extract handlers types (#603) (leonardobazico)

v2.0.0

chore(package): drop node 10 [BREAKING CHANGE] (#577)

v1.3.1

fix(fix-request-body): make sure the content-type exists (#578) (oufeng)

v1.3.0

docs(response interceptor): align with nodejs default utf8 (#567)
feat: try to proxy body even after body-parser middleware (#492) (midgleyc)

v1.2.1

fix(response interceptor): proxy original response headers (#563)

v1.2.0

feat(handler): response interceptor (#520)
fix(log error): handle undefined target when websocket errors (#527)

v1.1.2

fix(log error): handle optional target (#523)

v1.1.1

fix(error handler): re-throw http-proxy missing target error (#517)
refactor(dependency): remove camelcase
fix(option): optional target when router is used (#512)

v1.1.0

fix(errorHandler): fix confusing error message (#509)
fix(proxy): close proxy when server closes (#508)
refactor(lodash): remove lodash (#459) (#507) (TrySound)
fix(ETIMEDOUT): return 504 on ETIMEDOUT (#480) (aremishevsky)

v1.0.6

chore(deps): lodash 4.17.20 (#475)

v1.0.5

chore(deps): lodash 4.17.19 (#454)

v1.0.4

chore(deps): http-proxy 1.18.1 (#442)

v1.0.3

build(package): exclude build artifact tsconfig.tsbuildinfo (#415)

v1.0.2

fix(router): handle rejected promise in custom router (#410) (bforbis)

v1.0.1

fix(typescript): fix proxyRes and router types (#410) (dylang)

v1.0.0

feat(createProxyMiddleware): explicit import http-proxy-middleware (BREAKING CHANGE)(#400)
feat(typescript): export http-proxy-middleware types (#400)
fix(typescript): ES6 target - TS1192 (#400)

v0.21.0

feat(http-proxy): bump to v1.18.0
feat: async router (#379) (LiranBri)
feat(typescript): types support (#369)
feat: async pathRewrite (#397) (rsethc)

v0.20.0

fix(ws): concurrent websocket requests do not get upgraded (#335)
chore: drop node 6 (BREAKING CHANGE)
chore: update to micromatch@4 (BREAKING CHANGE)
chore: update dev dependencies
refactor: migrate to typescript (#328)
feat(middleware): Promise / async support (#328)
refactor: remove legacy options proxyHost and proxyTable (BREAKING CHANGE)

v0.19.1

fix(log): handle case when error code is missing (#303)

v0.19.0

feat(http-proxy): bump to v1.17.0 (#261)

v0.18.0

fix(vulnerability): update micromatch to v3.x (npm:braces:20180219)
test(node): drop node 0.x support (#212)

v0.17.4

fix(ntlm authentication): fixed bug preventing proxying with ntlm authentication. (#132) (Thanks: EladBezalel, oshri551)

v0.17.3

fix(onError): improve default proxy error handling. http status codes (504, 502 and 500). (#132) (graingert)

v0.17.2

feat(logging): improve error message & add link to Node errors page. (#106) (cloudmu)
feat(pathRewrite): path can be empty string. (#110) (sunnylqm)
bug(websocket): memory leak when option 'ws:true' is used. (#114) (julbra)
chore(package.json): reduce package size. (#109)

v0.17.1

fix(Express sub Router): 404 on non-proxy routes (#94)

v0.17.0

fix(context matching): Use RFC 3986 path in context matching. (excludes query parameters)

v0.16.0

deprecated(proxyTable): renamed proxyTable to router.
feat(router): support for custom router function.

v0.15.2

fix(websocket): fixes websocket upgrade.

v0.15.1

feat(pathRewrite): expose req object to pathRewrite function.
fix(websocket): fixes websocket upgrade when both config.ws and external .upgrade() are used.

v0.15.0

feat(pathRewrite): support for custom pathRewrite function.

v0.14.0

feat(proxy): support proxy creation without context.
fix(connect mounting): use connect's path configuration to mount proxy.

v0.13.0

feat(context): custom context matcher; when simple path matching is not sufficient.

v0.12.0

add option onProxyReqWs (subscribe to http-proxy proxyReqWs event)
add option onOpen (subscribe to http-proxy open event)
add option onClose (subscribe to http-proxy close event)

v0.11.0

improved logging

v0.10.0

feat(proxyTable) - added proxyTable support for WebSockets.
fixed(proxyTable) - ensure original path (not rewritten path) is being used when proxyTable is used in conjunction with pathRewrite.