Ssl – How to send secure cookies using node and a ProxyPass/ProxyPassReverse (Httpd/Amazon linux)

amazon-web-serviceshttpdnode.jsproxypassssl

I am still pretty new but I am using an Amazon linux image and httpd to encrypt and decrypt SSL requests. Then I Proxy those messages to and from a NodeJS app running on port 3001. To do this I have the following in my /etc/httpd/conf.d/ssl.conf

<VirtualHost _default_:443>
...
    ProxyPreserveHost On
    ProxyPass / http://*IP*:3001/
    ProxyPassReverse / http://*IP*:3001/
</VirtualHost>

The public site works great. However, when I try to set a secure cookie using the following…

Error: Cannot send secure cookie over unencrypted connection

I set my cookie in node like this…

const CALLBACK = function(ctx, next) {
    ...
    ctx.cookies.set(
        COOKIE_NAME,
        response.data.id_token,
        {
          secure: true,
          domain: COOKIE_DOMAIN
        },
    );
}

I have also tried adding this to ssl.conf…

RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"

But it didn't help either, anyone have any ideas on how I can get this to work?

Best Answer

I found this in a question and it worked for me (although I can't find the question now)...

/etc/httpd/conf.d/ssl.conf
... 
Header edit Set-Cookie ^(.*)$ $1;Secure

Then I just stopped setting it as secure in node and everything seems to work fine.

Related Topic