给定SSL密钥和证书,如何创建HTTPS服务?
当前回答
对于Node 0.3.4及以上版本,一直到当前的LTS(在此编辑时为v16), https://nodejs.org/api/https.html#httpscreateserveroptions-requestlistener有您需要的所有示例代码:
const https = require(`https`);
const fs = require(`fs`);
const options = {
key: fs.readFileSync(`test/fixtures/keys/agent2-key.pem`),
cert: fs.readFileSync(`test/fixtures/keys/agent2-cert.pem`)
};
https.createServer(options, (req, res) => {
res.writeHead(200);
res.end(`hello world\n`);
}).listen(8000);
请注意,如果想使用certbot工具使用Let's Encrypt的证书,则私钥称为privkey。Pem,证书名为fullchain.pem:
const certDir = `/etc/letsencrypt/live`;
const domain = `YourDomainName`;
const options = {
key: fs.readFileSync(`${certDir}/${domain}/privkey.pem`),
cert: fs.readFileSync(`${certDir}/${domain}/fullchain.pem`)
};
其他回答
Download rar file for openssl set up from here: https://indy.fulgan.com/SSL/openssl-0.9.8r-i386-win32-rev2.zip Just copy your folder in c drive. Create openssl.cnf file and download their content from : http://web.mit.edu/crypto/openssl.cnf openssl.cnf can be put any where but path shoud be correct when we give in command prompt. Open command propmt and set openssl.cnf path C:\set OPENSSL_CONF=d:/openssl.cnf 5.Run this in cmd : C:\openssl-0.9.8r-i386-win32-rev2>openssl.exe Then Run OpenSSL> genrsa -des3 -out server.enc.key 1024 Then it will ask for pass phrases : enter 4 to 11 character as your password for certificate Then run this Openssl>req -new -key server.enc.key -out server.csr Then it will ask for some details like country code state name etc. fill it freely. 10 . Then Run Openssl > rsa -in server.enc.key -out server.key Run this OpenSSL> x509 -req -days 365 -in server.csr -signkey server.key -out server.crt then use previous code that are on stack overflow Thanks
在Node.js中HTTPS服务器的最小设置是这样的:
var https = require('https');
var fs = require('fs');
var httpsOptions = {
key: fs.readFileSync('path/to/server-key.pem'),
cert: fs.readFileSync('path/to/server-crt.pem')
};
var app = function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}
https.createServer(httpsOptions, app).listen(4433);
如果你也想支持http请求,你需要做一个小小的修改:
var http = require('http');
var https = require('https');
var fs = require('fs');
var httpsOptions = {
key: fs.readFileSync('path/to/server-key.pem'),
cert: fs.readFileSync('path/to/server-crt.pem')
};
var app = function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}
http.createServer(app).listen(8888);
https.createServer(httpsOptions, app).listen(4433);
要让你的应用程序分别在端口80和443上监听http和https,请执行以下操作
创建一个express应用程序:
var express = require('express');
var app = express();
express()返回的应用程序是一个JavaScript函数。它可以作为回调传递给Node的HTTP服务器来处理请求。这使得使用相同的代码库提供HTTP和HTTPS版本的应用程序变得很容易。
你可以这样做:
var express = require('express');
var https = require('https');
var http = require('http');
var fs = require('fs');
var app = express();
var options = {
key: fs.readFileSync('/path/to/key.pem'),
cert: fs.readFileSync('/path/to/cert.pem')
};
http.createServer(app).listen(80);
https.createServer(options, app).listen(443);
要获得完整的细节,请参阅文档
更新
通过Greenlock.js使用Let's Encrypt
最初的发布
我注意到,这些答案都没有显示添加一个中间根CA到链中,这里有一些零配置的例子来看看:
https://github.com/solderjs/nodejs-ssl-example http://coolaj86.com/articles/how-to-create-a-csr-for-https-tls-ssl-rsa-pems/ https://github.com/solderjs/nodejs-self-signed-certificate-example
代码片段:
var options = {
// this is the private key only
key: fs.readFileSync(path.join('certs', 'my-server.key.pem'))
// this must be the fullchain (cert + intermediates)
, cert: fs.readFileSync(path.join('certs', 'my-server.crt.pem'))
// this stuff is generally only for peer certificates
//, ca: [ fs.readFileSync(path.join('certs', 'my-root-ca.crt.pem'))]
//, requestCert: false
};
var server = https.createServer(options);
var app = require('./my-express-or-connect-app').create(server);
server.on('request', app);
server.listen(443, function () {
console.log("Listening on " + server.address().address + ":" + server.address().port);
});
var insecureServer = http.createServer();
server.listen(80, function () {
console.log("Listening on " + server.address().address + ":" + server.address().port);
});
如果你不尝试直接通过connect或express来做,这是那些通常更容易的事情之一,而是让本地https模块处理它,然后使用它来为你的connect / express应用服务。
另外,如果你使用服务器。On ('request', app)而不是在创建服务器时传递应用程序,它让你有机会将服务器实例传递给一些创建connect / express应用程序的初始化函数(例如,如果你想在同一台服务器上通过SSL进行websockets)。
在谷歌搜索“节点https”时发现了这个问题,但接受的答案中的示例非常旧——取自当前(v0.10)版本的节点文档,它应该是这样的:
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}).listen(8000);
推荐文章
- jQuery等价于JavaScript的addEventListener方法
- jQuery需要避免的陷阱
- JavaScript中变量字符串的XML解析
- 最好的方法在asp.net强制https为整个网站?
- 'React'指的是一个UMD全局,但当前文件是一个模块
- 为什么useState不触发重新渲染?
- 如何使用回调与useState挂钩在反应
- 网络请求失败
- 如何使用JavaScript大写字符串中每个单词的第一个字母?
- 如何使用箭头函数(公共类字段)作为类方法?
- 使用Javascript的atob解码base64不能正确解码utf-8字符串
- 禁用包的postinstall脚本
- 如何阻止恶意代码欺骗“Origin”报头来利用CORS?
- Angular JS:当我们已经有了具有作用域的指令控制器时,指令的link函数还需要什么?
- 我如何在JavaScript中转换对象数组为一个对象?
