express 服务器
To be able to serve a site on HTTPS from localhost you need to create a self-signed certificate.
为了能够从本地主机通过HTTPS服务站点,您需要创建一个自签名证书。
A self-signed certificate is sufficent to establish a secure, HTTPS connection for development purposes. Although browsers will complain that the certificate is self-signed (and as such is not trusted).
自签名证书足以建立用于开发目的的安全HTTPS连接。 尽管浏览器会抱怨证书是自签名的(因此不受信任)。
To create the certificate you must have OpenSSL installed on your system.
要创建证书,您必须在系统上安装OpenSSL 。
You may have it installed already, just try typing openssl in your terminal.
您可能已经安装了它,只需尝试在终端中键入openssl 。
If not, on a Mac you can install it using brew install openssl (if you use Homebrew). Otherwise, search on Google “how to install openssl on
”.
如果没有,则可以在Mac上使用brew install openssl (如果使用Homebrew )进行brew install openssl 。 否则,请在Google上搜索“如何在以下位置安装openssl”
”。
Once OpenSSL is installed, run this command:
一旦安装了OpenSSL,请运行以下命令:
openssl req -nodes -new -x509 -keyout server.key -out server.certYou will be prompted to answer a few questions. The first is the country name:
系统将提示您回答一些问题。 第一个是国家名称:
Generating a 1024 bit RSA private key
...........++++++
.........++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:Then your state or province:
然后是您所在的州或省:
State or Province Name (full name) [Some-State]:Your city:
您的城市:
Locality Name (eg, city) []:…and your organization name:
…以及您的组织名称:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:You can leave all of these empty.
您可以将所有这些留空。
Just remember to set this to localhost:
只要记住将其设置为localhost :
Common Name (e.g. server FQDN or YOUR name) []: localhost…and to add your email address:
…并添加您的电子邮件地址:
Email Address []:That’s it! Now you have 2 files in the folder where you ran the original command:
而已! 现在,您在运行原始命令的文件夹中有2个文件:
server.certis the self-signed certificate fileserver.cert是自签名证书文件server.keyis the private key of the certificateserver.key是证书的私钥
Both files will be needed to establish the HTTPS connection, and depending on how you are going to setup your server, the process to use them will vary.
这两个文件都是建立HTTPS连接所必需的,并且取决于您如何设置服务器,使用它们的过程会有所不同。
Those files need to be put in a place reachable by the application, and then you’ll need to configure the server to use them.
这些文件需要放置在应用程序可访问的位置,然后您需要配置服务器以使用它们。
This is an example using the https core module and Express:
这是使用https核心模块和Express的示例:
const https = require('https')
const app = express()
app.get('/', (req, res) => {
res.send('Hello HTTPS!')
})
https.createServer({}, app).listen(3000, () => {
console.log('Listening...')
})Without adding the certificate, if I connect to https://localhost:3000 this is what the browser will show:
在不添加证书的情况下,如果我连接到https://localhost:3000 ,则浏览器将显示以下内容:
With the certificate in place:
有了证书后:
const fs = require('fs')
//...
https.createServer({
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.cert')
}, app).listen(3000, () => {
console.log('Listening...')
})Chrome will tell us that the certificate is invalid (since it’s self-signed), and will ask us to confirm before continuing (however, the HTTPS connection will still work):
Chrome会告诉我们该证书无效(因为它是自签名的),并且会要求我们在继续之前进行确认(但是,HTTPS连接仍然可以使用):
翻译自: https://flaviocopes.com/express-https-self-signed-certificate/
express 服务器
1499
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
