[英]SSL on Google Compute Engine with nodejs
I'm trying to set-up a Node.js server on Google's Compute Engine ( GCE ) to work with HTTPS, but the remote server doesn't seem to respond when accessed through https://...
. 我正在尝试在Google的计算引擎( GCE )上设置Node.js服务器以使用HTTPS,但是当通过
https://...
访问时,远程服务器似乎没有响应。
I've acquired a certificate from Comodo, put it on the backend, included it in the code, and created an HTTPS server as follows: 我从Comodo获得了一个证书,将它放在后端,将其包含在代码中,并创建了一个HTTPS服务器,如下所示:
var app = express();
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.crt'),
};
...
https.createServer(options,app).listen('443',function(){
console.log('https ready')
});
I've also added the following firewall rule: 我还添加了以下防火墙规则:
gcloud compute firewall-rules create allow-https --description "https server" --allow tcp:443
--format json
When I run the server on my local machine and try accessing it using https://localhost:443
through Chrome, I get the expected: 当我在本地计算机上运行服务器并尝试使用
https://localhost:443
通过Chrome访问它时,我得到了预期的结果:
This server could not prove that it is localhost;
此服务器无法证明它是localhost; its security certificate is from www.domain_name.com.
其安全证书来自www.domain_name.com。 This may be caused by a misconfiguration or an attacker intercepting your connection.
这可能是由于配置错误或攻击者拦截您的连接造成的。
Meaning the server is properly configured to be able to recognize the https
request, but since the certificate does not belong to localhost, it results in a warning. 这意味着服务器已正确配置为能够识别
https
请求,但由于证书不属于localhost,因此会导致警告。
When I run the same code on my GCE instance, which runs on the domain name associated with the certificate, I get no response from the server. 当我在与证书关联的域名上运行的GCE实例上运行相同的代码时,我得不到服务器的响应。 Moreover, according to
tcpdump
there is incoming https
traffic on the correct port: 此外,根据
tcpdump
有传入https
正确的端口上的流量:
I ran netstat -ltnp
with the following results: 我使用以下结果运行
netstat -ltnp
:
When I run the server with https
configuration shown above, there is no record for the 443 port. 当我使用上面显示的
https
配置运行服务器时,没有443端口的记录。
When I run the server with http
configuration on port 8080 there is a record for that port and everything is working fine. 当我在端口8080上使用
http
配置运行服务器时,该端口有一条记录,一切正常。
When I run the server with http
AND https
configurations (listening to port 8080 and port 443), there is no records for either and there is no response from the server at all... 当我使用
http
和 https
配置(侦听端口8080和端口443)运行服务器时,两者都没有记录,并且根本没有来自服务器的响应...
My question is : How can I get my GCE instance to respond to https
requests? 我的问题是 :如何让我的GCE实例响应
https
请求? What else should I do or test? 我还应该做什么或测试什么?
I found several questions on this topic ( q1 , q2 , q3 , q4 ), and it seems I did everything that was recommended there, yet my problem still remains. 我发现了关于这个主题的几个问题( q1 , q2 , q3 , q4 ),似乎我做了那里推荐的所有事情,但我的问题仍然存在。
您可能以非root用户身份运行服务器,但无法绑定到端口443(这是一个特权端口)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.