Node.js proxying made simple. Configure proxy middleware with ease for connect, express, next.js and many more.

Powered by the popular Nodejitsu http-proxy.

This page is showing documentation for version v3.x.x (release notes)

See MIGRATION.md for details on how to migrate from v2.x.x to v3.x.x

If you're looking for older documentation. Go to:

• https://github.com/chimurai/http-proxy-middleware/tree/v2.0.4#readme
• https://github.com/chimurai/http-proxy-middleware/tree/v0.21.0#readme

Proxy /api requests to http://www.example.org

💡 Tip: Set the option changeOrigin to true for name-based virtual hosted sites.

// typescriptimport*asexpressfrom'express';importtype{NextFunction,Request,Response}from'express';import{createProxyMiddleware}from'http-proxy-middleware';importtype{Filter,Options,RequestHandler}from'http-proxy-middleware';constapp=express();constproxyMiddleware=createProxyMiddleware<Request,Response>({target: 'http://www.example.org/api',changeOrigin: true,});app.use('/api',proxyMiddleware);app.listen(3000);// proxy and keep the same base path "/api"// http://127.0.0.1:3000/api/foo/bar -> http://www.example.org/api/foo/bar

Allhttp-proxyoptions can be used, along with some extra http-proxy-middlewareoptions.

• Install
• Basic usage
• Express Server Example
  • app.use(path, proxy)
• Options
  • pathFilter (string, []string, glob, []glob, function)
  • pathRewrite (object/function)
  • router (object/function)
  • plugins (Array)
  • ejectPlugins (boolean) default: false
  • logger (Object)
• http-proxy events
• http-proxy options
• WebSocket
  • External WebSocket upgrade
• Intercept and manipulate requests
• Intercept and manipulate responses
• Node.js 17+: ECONNREFUSED issue with IPv6 and localhost (#705)
• Debugging
• Working examples
• Recipes
• Compatible servers
• Tests
• Changelog
• License

npm install --save-dev http-proxy-middleware

Create and configure a proxy middleware with: createProxyMiddleware(config).

const{ createProxyMiddleware }=require('http-proxy-middleware');constapiProxy=createProxyMiddleware({target: 'http://www.example.org',changeOrigin: true,});// 'apiProxy' is now ready to be used as middleware in a server.

• options.target: target host to proxy to. (protocol + host)

• options.changeOrigin: for virtual hosted sites

• see full list of http-proxy-middleware configuration options

An example with express server.

// include dependenciesconstexpress=require('express');const{ createProxyMiddleware }=require('http-proxy-middleware');constapp=express();// create the proxy/** @type{import('http-proxy-middleware/dist/types').RequestHandler<express.Request, express.Response>} */constexampleProxy=createProxyMiddleware({target: 'http://www.example.org/api',// target host with the same base pathchangeOrigin: true,// needed for virtual hosted sites});// mount `exampleProxy` in web serverapp.use('/api',exampleProxy);app.listen(3000);

If you want to use the server's app.usepath parameter to match requests. Use pathFilter option to further include/exclude requests which you want to proxy.

app.use(createProxyMiddleware({target: 'http://www.example.org/api',changeOrigin: true,pathFilter: '/api/proxy-only-this-path',}),);

app.use documentation:

• express: http://expressjs.com/en/4x/api.html#app.use
• connect: https://github.com/senchalabs/connect#mount-middleware
• polka: https://github.com/lukeed/polka#usebase-fn

http-proxy-middleware options:

Narrow down which requests should be proxied. The path used for filtering is the request.url pathname. In Express, this is the path relative to the mount-point of the proxy.

• path matching

  • createProxyMiddleware({...}) - matches any path, all requests will be proxied when pathFilter is not configured.
  • createProxyMiddleware({pathFilter: '/api', ...}) - matches paths starting with /api

• multiple path matching

  • createProxyMiddleware({pathFilter: ['/api', '/ajax', '/someotherpath'], ...})

• wildcard path matching

  For fine-grained control you can use wildcard matching. Glob pattern matching is done by micromatch. Visit micromatch or glob for more globbing examples.

  • createProxyMiddleware({pathFilter: '**', ...}) matches any path, all requests will be proxied.
  • createProxyMiddleware({pathFilter: '**/*.html', ...}) matches any path which ends with .html
  • createProxyMiddleware({pathFilter: '/*.html', ...}) matches paths directly under path-absolute
  • createProxyMiddleware({pathFilter: '/api/**/*.html', ...}) matches requests ending with .html in the path of /api
  • createProxyMiddleware({pathFilter: ['/api/**', '/ajax/**'], ...}) combine multiple patterns
  • createProxyMiddleware({pathFilter: ['/api/**', '!**/bad.json'], ...}) exclusion

  Note: In multiple path matching, you cannot use string paths and wildcard paths together.

• custom matching

  For full control you can provide a custom function to determine which requests should be proxied or not.

  /** * @return{Boolean} */constpathFilter=function(path,req){returnpath.match('^/api')&&req.method==='GET';};constapiProxy=createProxyMiddleware({target: 'http://www.example.org',pathFilter: pathFilter,});

Rewrite target's url path. Object-keys will be used as RegExp to match paths.

// rewrite path pathRewrite: {'^/old/api' : '/new/api'}// remove path pathRewrite: {'^/remove/api' : ''}// add base path pathRewrite: {'^/' : '/basepath/'}// custom rewriting pathRewrite: function(path,req){returnpath.replace('/api','/base/api')}// custom rewriting, returning Promise pathRewrite: asyncfunction(path,req){constshould_add_something=awaithttpRequestToDecideSomething(path);if(should_add_something)path+="something";returnpath;}

Re-target option.target for specific requests.

// Use `host` and/or `path` to match requests. First match will be used.// The order of the configuration matters. router: {'integration.localhost:3000' : 'http://127.0.0.1:8001',// host only'staging.localhost:3000' : 'http://127.0.0.1:8002',// host only'localhost:3000/api' : 'http://127.0.0.1:8003',// host + path'/rest' : 'http://127.0.0.1:8004'// path only}// Custom router function (string target) router: function(req){return'http://127.0.0.1:8004';}// Custom router function (target object) router: function(req){return{protocol: 'https:',// The : is requiredhost: '127.0.0.1',port: 8004};}// Asynchronous router function which returns promise router: asyncfunction(req){consturl=awaitdoSomeIO();returnurl;}

constsimpleRequestLogger=(proxyServer,options)=>{proxyServer.on('proxyReq',(proxyReq,req,res)=>{console.log(`[HPM] [${req.method}] ${req.url}`);// outputs: [HPM] GET /users});},constconfig={target: `http://example.org`,changeOrigin: true,plugins: [simpleRequestLogger],};

If you're not satisfied with the pre-configured plugins, you can eject them by configuring ejectPlugins: true.

NOTE: register your own error handlers to prevent server from crashing.

// eject default plugins and manually add them backconst{ debugProxyErrorsPlugin,// subscribe to proxy errors to prevent server from crashing loggerPlugin,// log proxy events to a logger (ie. console) errorResponsePlugin,// return 5xx response on proxy error proxyEventsPlugin,// implements the "on:" option}=require('http-proxy-middleware');createProxyMiddleware({target: `http://example.org`,changeOrigin: true,ejectPlugins: true,plugins: [debugProxyErrorsPlugin,loggerPlugin,errorResponsePlugin,proxyEventsPlugin],});

Configure a logger to output information from http-proxy-middleware: ie. console, winston, pino, bunyan, log4js, etc...

Only info, warn, error are used internally for compatibility across different loggers.

If you use winston, make sure to enable interpolation: https://github.com/winstonjs/winston#string-interpolation

See also logger recipes (recipes/logger.md) for more details.

createProxyMiddleware({logger: console,});

Subscribe to http-proxy events with the on option:

createProxyMiddleware({target: 'http://www.example.org',on: {proxyReq: (proxyReq,req,res)=>{/* handle proxyReq */},proxyRes: (proxyRes,req,res)=>{/* handle proxyRes */},error: (err,req,res)=>{/* handle error */},},});

• option.on.error: function, subscribe to http-proxy's error event for custom error handling.

  functiononError(err,req,res,target){res.writeHead(500,{'Content-Type': 'text/plain',});res.end('Something went wrong. And we are reporting a custom error message.');}

• option.on.proxyRes: function, subscribe to http-proxy's proxyRes event.

  functiononProxyRes(proxyRes,req,res){proxyRes.headers['x-added']='foobar';// add new header to responsedeleteproxyRes.headers['x-removed'];// remove header from response}

• option.on.proxyReq: function, subscribe to http-proxy's proxyReq event.

  functiononProxyReq(proxyReq,req,res){// add custom header to requestproxyReq.setHeader('x-added','foobar');// or log the req}

• option.on.proxyReqWs: function, subscribe to http-proxy's proxyReqWs event.

  functiononProxyReqWs(proxyReq,req,socket,options,head){// add custom headerproxyReq.setHeader('X-Special-Proxy-Header','foobar');}

• option.on.open: function, subscribe to http-proxy's open event.

  functiononOpen(proxySocket){// listen for messages coming FROM the target hereproxySocket.on('data',hybridParseAndLogMessage);}

• option.on.close: function, subscribe to http-proxy's close event.

  functiononClose(res,socket,head){// view disconnected websocket connectionsconsole.log('Client disconnected');}

The following options are provided by the underlying http-proxy library.

• option.target: url string to be parsed with the url module

• option.forward: url string to be parsed with the url module

• option.agent: object to be passed to http(s).request (see Node's https agent and http agent objects)

• option.ssl: object to be passed to https.createServer()

• option.ws: true/false: if you want to proxy websockets

• option.xfwd: true/false, adds x-forward headers

• option.secure: true/false, if you want to verify the SSL Certs

• option.toProxy: true/false, passes the absolute URL as the path (useful for proxying to proxies)

• option.prependPath: true/false, Default: true - specify whether you want to prepend the target's path to the proxy path

• option.ignorePath: true/false, Default: false - specify whether you want to ignore the proxy path of the incoming request (note: you will have to append / manually if required).

• option.localAddress : Local interface string to bind for outgoing connections

• option.changeOrigin: true/false, Default: false - changes the origin of the host header to the target URL

• option.preserveHeaderKeyCase: true/false, Default: false - specify whether you want to keep letter case of response header key

• option.auth : Basic authentication i.e. 'user:password' to compute an Authorization header.

• option.hostRewrite: rewrites the location hostname on (301/302/307/308) redirects.

• option.autoRewrite: rewrites the location host/port on (301/302/307/308) redirects based on requested host/port. Default: false.

• option.protocolRewrite: rewrites the location protocol on (301/302/307/308) redirects to 'http' or 'https'. Default: null.

• option.cookieDomainRewrite: rewrites domain of set-cookie headers. Possible values:

  • false (default): disable cookie rewriting

  • String: new domain, for example cookieDomainRewrite: "new.domain". To remove the domain, use cookieDomainRewrite: "".

  • Object: mapping of domains to new domains, use "*" to match all domains.
    For example keep one domain unchanged, rewrite one domain and remove other domains:

    cookieDomainRewrite:{"unchanged.domain": "unchanged.domain", "old.domain": "new.domain", "*": "" }

• option.cookiePathRewrite: rewrites path of set-cookie headers. Possible values:

  • false (default): disable cookie rewriting

  • String: new path, for example cookiePathRewrite: "/newPath/". To remove the path, use cookiePathRewrite: "". To set path to root use cookiePathRewrite: "/".

  • Object: mapping of paths to new paths, use "*" to match all paths. For example, to keep one path unchanged, rewrite one path and remove other paths:

    cookiePathRewrite:{"/unchanged.path/": "/unchanged.path/", "/old.path/": "/new.path/", "*": "" }

• option.headers: object, adds request headers. (Example: {host:'www.example.org'})

• option.proxyTimeout: timeout (in millis) when proxy receives no response from target

• option.timeout: timeout (in millis) for incoming requests

• option.followRedirects: true/false, Default: false - specify whether you want to follow redirects

• option.selfHandleResponse true/false, if set to true, none of the webOutgoing passes are called and it's your responsibility to appropriately return the response by listening and acting on the proxyRes event

• option.buffer: stream of data to send as the request body. Maybe you have some middleware that consumes the request stream before proxying it on e.g. If you read the body of a request into a field called 'req.rawbody' you could restream this field in the buffer option:

  'use strict';conststreamify=require('stream-array');constHttpProxy=require('http-proxy');constproxy=newHttpProxy();module.exports=(req,res,next)=>{proxy.web(req,res,{target: 'http://127.0.0.1:4003/',buffer: streamify(req.rawBody),},next,);};

// verbose apicreateProxyMiddleware({pathFilter: '/',target: 'http://echo.websocket.org',ws: true});

In the previous WebSocket examples, http-proxy-middleware relies on a initial http request in order to listen to the http upgrade event. If you need to proxy WebSockets without the initial http request, you can subscribe to the server's http upgrade event manually.

constwsProxy=createProxyMiddleware({target: 'ws://echo.websocket.org',changeOrigin: true});constapp=express();app.use(wsProxy);constserver=app.listen(3000);server.on('upgrade',wsProxy.upgrade);// <-- subscribe to http 'upgrade'

Intercept requests from downstream by defining onProxyReq in createProxyMiddleware.

Currently the only pre-provided request interceptor is fixRequestBody, which is used to fix proxied POST requests when bodyParser is applied before this middleware.

Example:

const{ createProxyMiddleware, fixRequestBody }=require('http-proxy-middleware');constproxy=createProxyMiddleware({/** * Fix bodyParser **/on: {proxyReq: fixRequestBody,},});

Intercept responses from upstream with responseInterceptor. (Make sure to set selfHandleResponse: true)

Responses which are compressed with brotli, gzip and deflate will be decompressed automatically. The response will be returned as buffer (docs) which you can manipulate.

With buffer, response manipulation is not limited to text responses (html/css/js, etc...); image manipulation will be possible too. (example)

NOTE: responseInterceptor disables streaming of target's response.

Example:

const{ createProxyMiddleware, responseInterceptor }=require('http-proxy-middleware');constproxy=createProxyMiddleware({/** * IMPORTANT: avoid res.end being called automatically **/selfHandleResponse: true,// res.end() will be called internally by responseInterceptor()/** * Intercept response and replace 'Hello' with 'Goodbye' **/on: {proxyRes: responseInterceptor(async(responseBuffer,proxyRes,req,res)=>{constresponse=responseBuffer.toString('utf8');// convert buffer to stringreturnresponse.replace('Hello','Goodbye');// manipulate response and return the result}),},});

Check out interception recipes for more examples.

Node.js 17+ no longer prefers IPv4 over IPv6 for DNS lookups. E.g. It's not guaranteed that localhost will be resolved to 127.0.0.1 – it might just as well be ::1 (or some other IP address).

If your target server only accepts IPv4 connections, trying to proxy to localhost will fail if resolved to ::1 (IPv6).

Ways to solve it:

• Change target: "http://localhost" to target: "http://127.0.0.1" (IPv4).
• Change the target server to (also) accept IPv6 connections.
• Add this flag when running node: node index.js --dns-result-order=ipv4first. (Not recommended.)

Note: There’s a thing called Happy Eyeballs which means connecting to both IPv4 and IPv6 in parallel, which Node.js doesn’t have, but explains why for example curl can connect.

Configure the DEBUG environment variable enable debug logging.

See debug project for more options.

DEBUG=http-proxy-middleware* node server.js $ http-proxy-middleware proxy created +0ms $ http-proxy-middleware proxying request to target: 'http://www.example.org' +359ms

View and play around with working examples.

• Browser-Sync (example source)
• express (example source)
• connect (example source)
• WebSocket (example source)
• Response Manipulation (example source)

View the recipes for common use cases.

http-proxy-middleware is compatible with the following servers:

• connect
• express
• next.js
• fastify
• browser-sync
• lite-server
• polka
• grunt-contrib-connect
• grunt-browser-sync
• gulp-connect
• gulp-webserver

Sample implementations can be found in the server recipes.

Run the test suite:

# install dependencies $ yarn # linting $ yarn lint $ yarn lint:fix # building (compile typescript to js) $ yarn build # unit tests $ yarn test# code coverage $ yarn cover # check spelling mistakes $ yarn spellcheck

• View changelog

The MIT License (MIT)

Copyright (c) 2015-2025 Steven Chim