[英]Do I have to buy a domain in order to run my app that is using an EC2 instance on AWS server in order to use HTTPS?
I have an iOS app on TestFlight that is using a LAMP server running on an EC2 Instance on AWS. 我在TestFlight上有一个iOS应用,该应用正在运行在AWS的EC2实例上运行的LAMP服务器。 It has an elastic IP, and therefore has a Public DNS: ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com
它具有弹性IP,因此具有公用DNS:ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com
So currently from the app itself I run commands directly through the elastic IP like so: 因此,目前我从应用程序本身直接通过弹性IP运行命令,如下所示:
let url = URL(string: "http://xx.xx.xx.xx/API/SignIn.php?username=\(username)");
Now this works great, however I want to start moving everything to HTTPS. 现在这很好用,但是我想开始将所有内容转移到HTTPS。
So I was hoping to go about it like so, using the public DNS: 因此,我希望使用公共DNS这样处理:
let url = URL(string: "https://ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com/API/SignIn.php?username=\(username)");
But this method keeps shouting at me: 但是这种方法一直在高喊我:
"An SSL error has occurred and a secure connection to the server cannot be made"
“发生了SSL错误,无法建立与服务器的安全连接”
So far what I've done is the openSSL process, I created a certificate and key, and I put it in the apache config file: 到目前为止,我已经完成了openSSL流程,创建了证书和密钥,并将其放入apache配置文件中:
<VirtualHost _default_:443>
ServerName ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com
ServerAlias www.ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com
DocumentRoot /var/www/htdocs
SSLEngine on
SSLCertificateFile /home/ubuntu/cert.pem
SSLCertificateKeyFile /home/ubuntu/key.pem
</VirtualHost>
And of course I have the security groups set to HTTPS port 443. 当然,我将安全组设置为HTTPS端口443。
The HTTPS is in fact accessible from say Safari, but obviously it is still not a trusted website. 该HTTPS 其实从Safari浏览器称可访问,但显然它仍然不是一个值得信赖的网站。
I tried going through the CertBot free path - but they cannot allow an SSL certificate for AWS created domains (understandable, they aren't too reliable and change often). 我尝试通过CertBot自由途径进行尝试-但是它们不能为AWS创建的域允许SSL证书(可以理解,它们不太可靠,并且经常更改)。
I also tried going through AWS itself, created a certificate in the Certificate Manager (it was approved and Issued to me), but then when I tried to use it in the Load Balancer - but the certificate just doesn't show up there (maybe I'm doing it wrong, I tried many ways but it just doesn't seem to work) 我还尝试过AWS本身,在证书管理器中创建了一个证书(该证书已被批准并颁发给我),但是后来当我尝试在负载均衡器中使用它时-证书只是没有显示在其中(也许我做错了,我尝试了很多方法,但似乎不起作用)
I would really love to go about this without having to purchase a domain, but right now I don't see any other way. 我真的很想在无需购买域名的情况下进行此操作,但是现在我看不到其他任何方式。 Does anyone know of another way?
有人知道另一种方式吗?
Also I'd rather AVOID the part where I tell iOS to ignore the security, because I don't want Apple to reject my app: 另外,我宁愿避免让iOS忽略安全性的部分,因为我不希望Apple拒绝我的应用程序:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
Use 采用
URLSessionDelegate
URLSessionDelegate
to trust the certificate if you are using URLSession to perfomr the request and implement the following func 如果您使用URLSession来执行请求并实现以下功能,则信任证书
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
print("delegate call")
if challenge.protectionSpace.host == "ec2-xx-xx-xx-xx.us-east-2.compute.amazonaws.com" {
completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
} else {
completionHandler(.performDefaultHandling, nil)
}
}
to trust the certification since SSl Ocurred because the sing of the certificaction has a mistmatch. 自从出现SS1以来就信任该证书,因为证书的名称存在不匹配。 if your are using Alamofire to perform the request ten use version 4.7 because version 5 is not posible yet to truth a not valid certificate.
如果您使用Alamofire来执行请求,则十个使用4.7版,因为版本5尚不可行,实际上这是无效的证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.