1、https实现原理
网上找的图片,大致如下
2、本地开发场景
需要调用浏览器的隐私权限(定位,摄像头,麦克风等)时或者开发PWA应用时,必须要使用https的协议。早期微信开发中也需要用https才能调用相关接口。
3、步骤
1)通过openssl生成私钥
openssl genrsa -out server.key 1024
2)根据私钥生成证书申请文件csr
openssl req -new -key server.key -out server.csr
3)使用私钥对证书申请进行签名从而生成证书
openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650
4)部署证书
// ndoejs https config
var options = {
key: fs.readFileSync("./server.key"),
cert: fs.readFileSync("./server.crt"),
requestCert: true,
rejectUnauthorized: false,
};
const httpsServer = https.createServer(options, app);
const wssServer = httpsServer.listen(1309, () => {
// 其它代码
});
// nginx config
server {
listen 1309;
server_name localhost;
ssl on;
ssl_certificate /root/server.crt;#配置证书位置
ssl_certificate_key /root/server.key;#配置秘钥位置
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;