简介
最近做项目的时候,发现硬件开发的客户很不在行https的相关开发。所以做一个基于Python简单的20行左右的的https服务器部署的教程。
代码
# https_server.py
from http.server import HTTPServer, BaseHTTPRequestHandler
import ssl
from io import BytesIO
class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.end_headers()
self.wfile.write(b'Hello, world!')
def do_POST(self):
content_length = int(self.headers['Content-Length'])
body = self.rfile.read(content_length)
self.send_response(200)
self.end_headers()
response = BytesIO()
response.write(b'This is POST request. Received: ')
response.write(body)
self.wfile.write(response.getvalue())
httpd = HTTPServer(('localhost', 8000), SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="key.pem", certfile='cert.pem', server_side=True)
httpd.serve_forever()
代码里面的key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA+PxIR+iPq2uZj8+IGMNQRZg8AyTjBiqMHK/iPbrA3jtoNY5/
t5al501zyzjepANQ1nDmRLs/O45//RnXlSXLD63+RK8DxBCzPysC7LB1D4lEPuQV
VCmRxpnJLkN2gsku7sYPlYRno3isGSLbAj3Kmr33xAcXpzd4iMv3hQL8C3/QzUh0
GhHRY91O66/vMSU7SanwTJ0uT/ePjsMqVQsxhByYdvYzKEqbaSqN7QPdUAjAx8IF
VVkPhW5m2XXGJegf1+tfXD4jztB9B4vEWDnscdX8oG4GWkRrycuExnflPY/S9eVv
iTsmhJZKGNjrAhXlXH62A6t8m+oHg8betBqBDwIDAQABAoIBAF8IO7Zmh1+QRB5l
wbZh5eOKRW2VyKjz2GKipyGUhETOO+olJ441C8GLCGVKoX/MXDBdCya0qV/b9fHu
yR/+OtETQfeJLVDKZv/3NLiOaT+yzr+KYrGq5B7/V5A246brjuRH6G7TCJOWXWmC
qkDiwM/rLgQ+CMMkIvdjkmfMSdNBBv3XS0hVU560zu/rYSK83obug4fT3VULUmf1
kH6J8KTguTpP1ZbHImbd3TWEEyX0HY5cbdvDf8E5fosYFfNGruNzxhw2cw4nCAVd
1iwAB7PmTNPDZKd9wL27bHcs4XWs7cGbKvDHS1RR0//i0KXx+nnquyWM/7SX8zeB
LuQ2MGECgYEA/4AcxPXYHVEfFErtsSbptk/1e9a/nisB4OCfjwk/vc6rNsHbUa5h
4xjHufXADEX5PrIhajbf0ej6a2987EpAqZdIj6KbYifcqJbZcfjmMfxOiwdHC0LL
gS6xTRLnFBvwsBxgEzdeNxh85/ACFdayeChG7Dqs5qS+ruJkTBhFxRkCgYEA+Xjo
sxiC28LpUaXKcH5kMqxnsXQCUAxPEvaEIbEB2GKXvRa/4PARB+qIKW2pidQ3I+dj
m4GHBVsvw0h/5Eh1Wm8x88+x85wVMRjjVALzUxf84oCGv7QSrHf6Cf0ynTzm907B
WSsNYhdJQY5a1C3hDuLSmfKA0HLDCl1C/FW8VGcCgYBS7SrpRn3hbg3vUS56nA2p
DaS4kAfbd0wByAYhr7fPjD+H4z2i8j11LvrMQZYWpbNzBO/RgIP+pmZ47lOWgbch
FCgJ7pYOMq/szCFBW66jNKfteew2HHTetd/4CxWTMkpZbqxEMGlU6o7H3N9gZTHB
zBjQ3W524au+KV6yUAJ9KQKBgQCQlPBYC5abgsTyGuHOfJHZhG28PH2yos+ZL+G4
HPvyyoEih3LBDKDyM4yiZfnh9WnXlxz1XQZBpm1yAiyMwymwNc1/fhmmFAl8IO5v
HB6lQ7u+EbsGk3hXGFmDPIj+8/Lv1WbdJMRm2xQLuFMPsV9D31Uq/46EQF6lPRO7
Znz1dQKBgQDaiWrDAEZbsj+Zz9n4WDEwY43L673y1JBAaoMt1JcqmYqXHNrd1/YF
U7M71mpB7pZTZGUjXJZakjPZ5MHqCq2ZmdTp9THb8tPnJHFSx0yCLwJD+gkLPDBt
RFU6tqAJIa1+29SWsrF3XkIXCLJwrIUFYYyCA+iCSi4N/svbZZFkIw==
-----END RSA PRIVATE KEY-----
代码里面的cert.pem
-----BEGIN CERTIFICATE-----
MIIDETCCAfkCFHy8QMeOi8eJ4K+ElfrPZgNtOqkCMA0GCSqGSIb3DQEBCwUAMEUx
CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
cm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMjAwODI2MTM1NjQzWhcNMjMwNTI0MTM1
NjQzWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA+PxIR+iPq2uZj8+IGMNQRZg8AyTjBiqMHK/iPbrA3jtoNY5/
t5al501zyzjepANQ1nDmRLs/O45//RnXlSXLD63+RK8DxBCzPysC7LB1D4lEPuQV
VCmRxpnJLkN2gsku7sYPlYRno3isGSLbAj3Kmr33xAcXpzd4iMv3hQL8C3/QzUh0
GhHRY91O66/vMSU7SanwTJ0uT/ePjsMqVQsxhByYdvYzKEqbaSqN7QPdUAjAx8IF
VVkPhW5m2XXGJegf1+tfXD4jztB9B4vEWDnscdX8oG4GWkRrycuExnflPY/S9eVv
iTsmhJZKGNjrAhXlXH62A6t8m+oHg8betBqBDwIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQAllrDUL4il7eQBOQ+5vJ94VQcwefRPm8b9dLebvFAcEJVPSJWwABGPAGfI
vwhn37TlDDQmToAyNv9b/PG8HM+31zOxPdnbKF6ChltBfctWBMhQH9q2xa5yKP7j
ifrnKcl+1QOF70UDU0mRe7xBHBSPEr5wlGEPxapYgQd9c1LcRyC8H0Go3MAHscF8
xWih/IQDwhQy/fJ9dCLEzJEVxDQakMAj4HnvFVU1u5RdXnkp7LlHreVhMv0SBNsF
6ko2rUwae6kjkCfHohQfcUiIZCrUQ0ahNlB1iafVHGPjy6P2WhLrzB1q+NYNttKs
DVV8W440jfhfKjc2bmfDArsTICBa
-----END CERTIFICATE-----
整块代码去掉空行总共20行,原生Python3.0库即可支持。
解释
http和https的本质区别就只有如下一行,但从信息安全的角度看,这个cert.pem在没有key.pem是无法伪造的,cert.pem通常都是用PEM的X.501格式写。
httpd.socket = ssl.wrap_socket (httpd.socket, keyfile="key.pem", certfile='cert.pem', server_side=True)
有兴趣的同学可以在Ubuntu上用如下几行去生成自己的key.pem和cert.pem
openssl req -new > cert.csr
openssl rsa -in privkey.pem -out key.pem
openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001
对于不了解网络开发的同学解释一下:
localhost == 127.0.0.1叫做Loop back网络,只能本机访问。
如果想要跨电脑测试,首先必须两台电脑IP可以互相访问(这里有坑),然后将localhost改成自己的IP,或者有多个IP的电脑(有线和WiFi不同IP)的情况,可以直接使用:0.0.0.0
测试
服务端
首先在当前文件夹内执行
python https_server.py
Postman测试
无非是想验证服务端是否能收到网络中来自于https的访问。直接打开Postman创建一个新的request
在Request里的配置如下
第一次使用Postman会出现如下错误:
点击红框的禁用SSL验证,因为这个证数是自己生成的,所以无法认证。
测试成功。