为 node.js 服务器公开 ssl 证书
[英]getting public ssl certificate for node.js server
问题描述
I am running a node.js express server on my aws ac2 linux instance.
我在我的 aws ac2 linux 实例上运行 node.js 快速服务器。 I need to expose it through https to work properly with the react app that pulls data from it.我需要通过 https 公开它,以便与从中提取数据的 React 应用程序正常工作。 I was able to generate my own ssl certificate but it will not be recognized by other users and the client app will through an error.我能够生成我自己的 ssl 证书,但它不会被其他用户识别,客户端应用程序将通过错误。
Could you please explain how can i get a public ssl certificate just for the node server.您能否解释一下我如何才能获得仅用于节点服务器的公共 ssl 证书。 The server uses an ip address like xxx.xx.xx.xx:4500/endpoint.服务器使用 ip 地址,如 xxx.xx.xx.xx:4500/endpoint。 Aws seems to offer ssl but only if you pay for its load balancer and I do not want to do that. Aws 似乎提供 ssl,但前提是您为其负载均衡器付费,而我不想那样做。
Is there a way to verify the certificate that i generated with openssl so i can use it publicly?有没有办法验证我用 openssl 生成的证书,以便我可以公开使用它?
Here is my basic setup:这是我的基本设置:
const express = require('express');
const cors = require('cors');
const mysql = require('mysql');
const moment = require('moment');
var fs = require('fs');
const https = require('https')
const app = express();
xxx
https.createServer({key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.cert')}, app).listen(4500, () => {
console.log('Listening...')
})
Thank you in advance!先感谢您!
3 个解决方案
解决方案1
3 已采纳 2019-11-28 21:23:56
OpenSSL itself is a tool to create self-signed certificates. OpenSSL 本身是一个创建自签名证书的工具。 Those certificates are never trusted by the browser.浏览器永远不会信任这些证书。
Instead, you can use Let's Encrypt with this command:相反,您可以通过以下命令使用 Let's Encrypt:
apt install certbot
certbot certonly --standalone -d example.com
Let's Encrypt is a trusted entity, so their certificates are valid. Let's Encrypt 是一个受信任的实体,因此他们的证书是有效的。
Your new certificates will be on a path like this:您的新证书将在这样的路径上:
/etc/letsencrypt/live/example.com
As others suggested, you will need one domain.正如其他人所建议的,您将需要一个域。 You can get one free on sites like Freenom .您可以在Freenom等网站上免费获得一个。
解决方案2
0 2019-11-28 20:54:21
If you in a region where Amazon Certificate Manager is suported, You can get a SSL certificate for free.如果您在支持Amazon Certificate Manager的地区,您可以免费获得 SSL 证书。 https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
In order to apply ssl certificate, The easiest way is to use it on a load balancer.为了申请 ssl 证书,最简单的方法是在负载均衡器上使用它。 Check my answer to this question Apollo Server on Ubuntu 18.04 EC2 instance with HTTPS .检查我对这个问题的回答Apollo Server on Ubuntu 18.04 EC2 instance with HTTPS 。
If you want to use the certificate directly on EC2.如果你想直接在 EC2 上使用证书。 try the following.尝试以下操作。 I haven't tried this myself.我自己没有试过这个。 https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-export-private.html https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-export-private.html
Also i have seen people using https://letsencrypt.org/ to get certs.我也看到人们使用https://letsencrypt.org/来获取证书。
解决方案3
0 2019-11-28 20:54:44
Your self-signed certificate won't be trusted by the browser.浏览器不会信任您的自签名证书。
One solution would be to get yourself a domain and then a free SSL certificate issued by Let's Encrypt.一种解决方案是为自己获取域,然后获取由 Let's Encrypt 颁发的免费 SSL 证书。 This would remove the error because Let's Encrypt certificates are trusted by all major browsers.这将消除错误,因为所有主流浏览器都信任 Let's Encrypt 证书。
Another solution is to get the free plan of Cloudflare, which includes an SSL certificate.另一种解决方案是获取 Cloudflare 的免费计划,其中包括 SSL 证书。 More info here .更多信息在这里。
There is the possibility to secure your IP with an SSL certificate but there are no free solutions for this.可以使用 SSL 证书保护您的 IP,但没有免费的解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.