I’m not sure in which community to ask this, if you know of a better one let me know.
I already have squid proxy working, if I set up my browser or curl to use the proxy all sites work properly.
But when I try to make a request with axios it doesn’t work.
Here are the logs of squid
The first two lines are successful google connections are from a browser.
The 3rd line is a successful to google using curl.
The 4th line is a successful to ipify using curl.
The last two ones are the ones from node using axios
squid_proxy | 1693406310.165 12043 127.0.0.1 TCP_TUNNEL/200 56694 CONNECT www.google.com:443 - HIER_DIRECT/142.250.217.132 -
squid_proxy | 1693406310.166 10681 127.0.0.1 TCP_TUNNEL/200 47267 CONNECT apis.google.com:443 - HIER_DIRECT/142.250.176.14 -
squid_proxy | 1693406325.551 497 127.0.0.1 TCP_TUNNEL/200 24778 CONNECT www.google.com:443 - HIER_DIRECT/142.250.217.132 -
squid_proxy | 1693406336.829 403 127.0.0.1 TCP_TUNNEL/200 7082 CONNECT api.ipify.org:443 - HIER_DIRECT/64.185.227.156 -
squid_proxy | 1693406361.410 12590 127.0.0.1 TCP_MISS/503 4358 GET https://api.ipify.org/? - HIER_NONE/- text/html
squid_proxy | 1693406361.889 385 127.0.0.1 TCP_MISS/502 3948 GET https://www.google.com/ - HIER_DIRECT/142.250.217.132 text/html
The errors sent to axios are these:
# ipify
[No Error] (TLS code: SQUID_TLS_ERR_CONNECT+GNUTLS_E_FATAL_ALERT_RECEIVED)
SSL handshake error (SQUID_TLS_ERR_CONNECT)
This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.
# google
The system returned: [No Error]
My code looks like this
const axios = new Axios({
proxy: {
host: proxyIP,
port: proxyPort,
protocol: 'http'
}
});
const ip = await axios.get('https://api.ipify.org?format=json');
console.log(ip.data);
const res = await axios.get('https://www.google.com');
console.log(res.data);
Any idea what might be happening?
I’m not sure if axios handles the connection in a different way since the logs from the browser show CONNECT
and axios shows GET
, but maybe that’s because it’s failing to actually connect and it only logs the request method.
Might be worth asking in [email protected]
Your assumption is correct, Axios is using the proxy differently. The recommended way for HTTPS over a proxy is to use the CONNECT method, which just passes through the traffic directly and allows for proper end to end encryption.
Axios just asks the proxy to get it over HTTPS as it would HTTP, and it seems Squid isn’t configured correctly and can’t handle outgoing TLS. You might need to enable TLSv2/TLSv3 in Squid, as the error says it couldn’t agree on security settings and one of them is probably using outdated ciphers.
You’re right, thank you for pointing me into the right direction!
I found this explanation https://stackoverflow.com/questions/11697943/when-should-one-use-connect-and-get-http-methods-at-http-proxy-server
And this issue with axios which includes the current workaround https://github.com/axios/axios/issues/4531