带有nodejs的Google Compute Engine上的SSL
[英]SSL on Google Compute Engine with nodejs
问题描述
Summary: 
摘要:
I'm trying to set-up a Node.js server on Google's Compute Engine ( GCE ) to work with HTTPS, but the remote server doesn't seem to respond when accessed through https://... . 我正在尝试在Google的计算引擎( GCE )上设置Node.js服务器以使用HTTPS,但是当通过https://...访问时,远程服务器似乎没有响应。
What I tried so far: 到目前为止我尝试了什么:
I've acquired a certificate from Comodo, put it on the backend, included it in the code, and created an HTTPS server as follows: 我从Comodo获得了一个证书,将它放在后端,将其包含在代码中,并创建了一个HTTPS服务器,如下所示:
var app = express();
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.crt'),
};
...
https.createServer(options,app).listen('443',function(){
console.log('https ready')
});
I've also added the following firewall rule: 我还添加了以下防火墙规则:
gcloud compute firewall-rules create allow-https --description "https server" --allow tcp:443
--format json
When I run the server on my local machine and try accessing it using https://localhost:443 through Chrome, I get the expected: 当我在本地计算机上运行服务器并尝试使用https://localhost:443通过Chrome访问它时,我得到了预期的结果:
This server could not prove that it is localhost;
Meaning the server is properly configured to be able to recognize the https request, but since the certificate does not belong to localhost, it results in a warning. 这意味着服务器已正确配置为能够识别https请求,但由于证书不属于localhost,因此会导致警告。
The problem: 问题:
When I run the same code on my GCE instance, which runs on the domain name associated with the certificate, I get no response from the server. 当我在与证书关联的域名上运行的GCE实例上运行相同的代码时,我得不到服务器的响应。 Moreover, according to tcpdump there is incoming https traffic on the correct port: 此外,根据tcpdump 有传入https正确的端口上的流量:
I ran netstat -ltnp with the following results: 我使用以下结果运行netstat -ltnp :
When I run the server with
httpsconfiguration shown above, there is no record for the 443 port.当我使用上面显示的https配置运行服务器时,没有443端口的记录。When I run the server with
httpconfiguration on port 8080 there is a record for that port and everything is working fine.当我在端口8080上使用http配置运行服务器时,该端口有一条记录,一切正常。When I run the server with
httpANDhttpsconfigurations (listening to port 8080 and port 443), there is no records for either and there is no response from the server at all...当我使用http和https配置(侦听端口8080和端口443)运行服务器时,两者都没有记录,并且根本没有来自服务器的响应...
My question is : How can I get my GCE instance to respond to https requests? 我的问题是 :如何让我的GCE实例响应https请求? What else should I do or test? 我还应该做什么或测试什么?
I found several questions on this topic ( q1 , q2 , q3 , q4 ), and it seems I did everything that was recommended there, yet my problem still remains. 我发现了关于这个主题的几个问题( q1 , q2 , q3 , q4 ),似乎我做了那里推荐的所有事情,但我的问题仍然存在。
1 个解决方案
解决方案1
2 已采纳 2015-11-07 11:39:53
您可能以非root用户身份运行服务器,但无法绑定到端口443(这是一个特权端口)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.