reverse proxy and custom certificate
# i-need-helpp
polite-glass-8571
05/25/2023, 10:31 AMHello, I have been stumbling around trying to get this to work for the last couple days and still with no luck. I'll describe my setup and my needs:
I have a custom url
www.mysite.comwww.mysite.comwww.mysite.comwww.mysite.combefore:browser:launchg
gray-kilobyte-89541
05/25/2023, 10:56 AMHow does your script that runs on the page check the connection?
p
polite-glass-8571
05/25/2023, 10:57 AM@gray-kilobyte-89541 I've been trying to find out on and off for a few days, problem is, it's minified and obfuscated. I only know that it only works if the certificate is trusted (it's a custom gigya setup).
polite-glass-8571
05/25/2023, 10:59 AMwhat I ultimately need to do is to intercept a call that it performs when the certificate is trusted, but just doesn't occur when running within cypress
g
gray-kilobyte-89541
05/25/2023, 11:28 AMOk I’m curious, but without a reproducible example impossible to say
p
polite-glass-8571
05/25/2023, 2:06 PM@gray-kilobyte-89541 here, I configured this to reproduce. Instructions in the README
polite-glass-8571
05/25/2023, 2:53 PMpolite-glass-8571
05/25/2023, 2:53 PMhttps://cdn.discordapp.com/attachments/1111240184814637149/1111306021797892207/Schermata_2023-05-25_alle_16.51.54.png▾
g
gray-kilobyte-89541
05/25/2023, 2:57 PMwhat is this?
p
polite-glass-8571
05/25/2023, 3:00 PMthe screenshot? it's the certificate shown for the custom url. As you can see, it has "CypressProxyCA" as the issuer, showing that it's not the certificate I expect
polite-glass-8571
05/25/2023, 3:01 PMyou can see that in the security tab in chrome devtools
polite-glass-8571
05/25/2023, 3:02 PMin the cypress config I left commented code that adds the PAC file to chrome, which causes cypress to show the "This browser was not launched through Cypress. Tests cannot run" message
polite-glass-8571
05/25/2023, 3:03 PMyou can test that by uncommenting the setupNodeEvents function
g
gray-kilobyte-89541
05/25/2023, 4:26 PMI am sorry, I am not inserting any certificates into my laptop. I would suggest opening an issue in the Cypress repo
p
polite-glass-8571
05/25/2023, 4:28 PMI understand your concern, though it's just a random self-signed certificate, I can tell you how to generate your own if it makes you feel safer
polite-glass-8571
05/25/2023, 4:28 PMit would work just as well for the purpose of the test
polite-glass-8571
05/25/2023, 4:33 PMthis would be the script, it uses the https://smallstep.com/ executable to generate a fresh certificate for that domain
Copy code
#!/bin/bash
brew update
brew install pcre openssl nginx step
DOMAIN=www-local.example.com
SECRET="secret"
PWD=$(pwd)
mkdir -p $PWD/ssl
rm -rf $PWD/ssl/$DOMAIN
export STEPPATH=$PWD/ssl/$DOMAIN
echo $SECRET >> $PWD/ssl/password.txt
step ca init --name=$DOMAIN \
--provisioner="selfsigned" \
--address="127.0.0.1:3000" \
--deployment-type="standalone" \
--dns="$DOMAIN,localhost" \
--password-file="$PWD/ssl/password.txt"
mkdir -p $PWD/ssl/$DOMAIN/keys
step crypto keypair \
$PWD/ssl/$DOMAIN/keys/public_key.pem \
$PWD/ssl/$DOMAIN/keys/private_key.pem \
--kty 'RSA' \
--size 2048 \
--no-password \
--insecure
mkdir -p $PWD/ssl/$DOMAIN/certificate
step ca certificate \
$DOMAIN \
$PWD/ssl/$DOMAIN/certificate/$DOMAIN.crt \
$PWD/ssl/$DOMAIN/certificate/$DOMAIN.key \
--offline \
--san $DOMAIN \
--password-file="$PWD/ssl/password.txt"
cp $PWD/ssl/$DOMAIN/certs/root_ca.crt $PWD/ssl/$DOMAIN.root.crt
mv $PWD/ssl/$DOMAIN/certificate/$DOMAIN.crt $PWD/ssl/$DOMAIN.crt
mv $PWD/ssl/$DOMAIN/certificate/$DOMAIN.key $PWD/ssl/$DOMAIN.key
mv $PWD/ssl/password.txt $PWD/ssl/$DOMAIN.password
rm -rf $PWD/ssl/$DOMAIN
echo "Do you want to install this certificate?"
step certificate install --all $PWD/ssl/$DOMAIN.root.crt2 Views