堆栈内存溢出
  简体   繁体   English

我是否必须购买域名才能运行在AWS服务器上使用EC2实例的应用程序才能使用HTTPS?

[英]Do I have to buy a domain in order to run my app that is using an EC2 instance on AWS server in order to use HTTPS?

 原文  2019-07-25 17:03:34       ios/ amazon-web-services/ ssl/ lamp

问题描述

I have an iOS app on TestFlight that is using a LAMP server running on an EC2 Instance on AWS. 我在TestFlight上有一个iOS应用,该应用正在运行在AWS的EC2实例上运行的LAMP服务器。 It has an elastic IP, and therefore has a Public DNS: ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com 它具有弹性IP,因此具有公用DNS:ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com

So currently from the app itself I run commands directly through the elastic IP like so: 因此,目前我从应用程序本身直接通过弹性IP运行命令,如下所示: 

let url = URL(string: "http://xx.xx.xx.xx/API/SignIn.php?username=\(username)");

Now this works great, however I want to start moving everything to HTTPS. 现在这很好用,但是我想开始将所有内容转移到HTTPS。

So I was hoping to go about it like so, using the public DNS: 因此,我希望使用公共DNS这样处理: 

let url = URL(string: "https://ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com/API/SignIn.php?username=\(username)");

But this method keeps shouting at me: 但是这种方法一直在高喊我:

"An SSL error has occurred and a secure connection to the server cannot be made" “发生了SSL错误,无法建立与服务器的安全连接”

So far what I've done is the openSSL process, I created a certificate and key, and I put it in the apache config file: 到目前为止,我已经完成了openSSL流程,创建了证书和密钥,并将其放入apache配置文件中: 

<VirtualHost _default_:443>
    ServerName ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com
    ServerAlias www.ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com
    DocumentRoot /var/www/htdocs

    SSLEngine on
    SSLCertificateFile /home/ubuntu/cert.pem
    SSLCertificateKeyFile /home/ubuntu/key.pem
</VirtualHost>

And of course I have the security groups set to HTTPS port 443. 当然,我将安全组设置为HTTPS端口443。

The HTTPS is in fact accessible from say Safari, but obviously it is still not a trusted website. 该HTTPS 其实从Safari浏览器称可访问,但显然它仍然不是一个值得信赖的网站。

I tried going through the CertBot free path - but they cannot allow an SSL certificate for AWS created domains (understandable, they aren't too reliable and change often). 我尝试通过CertBot自由途径进行尝试-但是它们不能为AWS创建的域允许SSL证书(可以理解,它们不太可靠,并且经常更改)。

I also tried going through AWS itself, created a certificate in the Certificate Manager (it was approved and Issued to me), but then when I tried to use it in the Load Balancer - but the certificate just doesn't show up there (maybe I'm doing it wrong, I tried many ways but it just doesn't seem to work) 我还尝试过AWS本身,在证书管理器中创建了一个证书(该证书已被批准并颁发给我),但是后来当我尝试在负载均衡器中使用它时-证书只是没有显示在其中(也许我做错了,我尝试了很多方法,但似乎不起作用)

I would really love to go about this without having to purchase a domain, but right now I don't see any other way. 我真的很想在无需购买域名的情况下进行此操作,但是现在我看不到其他任何方式。 Does anyone know of another way? 有人知道另一种方式吗?

Edit 编辑

Also I'd rather AVOID the part where I tell iOS to ignore the security, because I don't want Apple to reject my app: 另外,我宁愿避免让iOS忽略安全性的部分,因为我不希望Apple拒绝我的应用程序: 

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
    <key>NSExceptionDomains</key>
    <dict>
        <key>example.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
</dict>

1 个解决方案

解决方案1
 0  2019-07-25 18:41:05

Use 采用

URLSessionDelegate URLSessionDelegate

to trust the certificate if you are using URLSession to perfomr the request and implement the following func 如果您使用URLSession来执行请求并实现以下功能,则信任证书 

func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
    print("delegate call")
    if challenge.protectionSpace.host == "ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com" {
        completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
    } else {
        completionHandler(.performDefaultHandling, nil)
    }
}

to trust the certification since SSl Ocurred because the sing of the certificaction has a mistmatch. 自从出现SS1以来就信任该证书,因为证书的名称存在不匹配。 if your are using Alamofire to perform the request ten use version 4.7 because version 5 is not posible yet to truth a not valid certificate. 如果您使用Alamofire来执行请求,则十个使用4.7版,因为版本5尚不可行,实际上这是无效的证书。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我是否需要将AWS S3或EC2用于我的iOS应用程序的后端? - Do I need to use AWS S3 or EC2 for backend of my iOS app? 使用 AWS EC2 Mac 实例运行 Flutter 移动应用程序:Flutter - Run Flutter Mobile App using AWS EC2 Mac Instance: Flutter 使用困猫鼬api从iPhone应用程序访问安装在AWS EC2实例上的mongodb - use sleepy mongoose api to access mongodb installed on aws ec2 instance from iphone app 是否可以在 AWS EC2 Mac 实例上运行 iOS 模拟器? - Is it possible to run iOS simulator on AWS EC2 Mac instance? iOS 通用链接:我必须发布我的应用程序才能测试通用链接吗? - iOS Universal Link: Do I have to publish my app in order to test Universal Link? 使用iRate对应用程序评分。.为了使其在我的应用程序上起作用,我需要更改什么? - using iRate to rate apps.. what do I need to change in order for this to work on my app? 如何测试ios App使用https与服务器进行通信? - How do I test ios App use https for the communication with the server? 从iOS应用访问AWS EC2服务器上SQLite数据库的最佳方法? - Best way to access SQLite database on AWS EC2 server from iOS app? 连接AWS EC2实例并从Xcode解析创建对象? - Connecting aws ec2 Instance and Creating Object in Parse from Xcode? 我是否必须加入苹果的开发人员计划才能在Xcode 5.1上运行任意代码? - Do i have to join apple's developer program in order to run anypic code on Xcode 5.1?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM