堆栈内存溢出
  简体   繁体   English

如何在 Node.js 应用程序中自动重新加载更新的 SSL 证书

[英]How to automatically reload updated SSL certificates in Node.js Application

 原文  2020-08-09 10:41:44       node.js/ express/ lets-encrypt

问题描述

I created nodejs application and I'm using Lets Encrypt SSL certificates.我创建了 nodejs 应用程序,并且正在使用Lets Encrypt SSL 证书。 Following is my Code以下是我的代码

var express = require(‘express’);
var https = require(‘https’);
var fs = require(‘fs’);
var option = {
    key: fs.readFileSync(‘/etc/letsencrypt/live/$DOMAIN/privkey.pem’),
    cert: fs.readFileSync(‘/etc/letsencrypt/live/$DOMAIN/fullchain.pem’)
};
const app = express();
app.use((req, res) =>
{
    res.end(‘Hello World’);
});

https.createServer(option, app).listen(8000);

I have used pm2 to start this application using following command我已使用 pm2 使用以下命令启动此应用程序

sudo pm2 start app.js --watch

I am updating SSL certificates by using following cronjob我正在使用以下 cronjob 更新 SSL 证书

0 8 * * * sudo certbot renew

I want to reload SSL certificates automatically whenever certbot renews SSL certificates.每当 certbot 更新 SSL 证书时,我想自动重新加载 SSL 证书。 How can I achieve this?我怎样才能做到这一点?

2 个解决方案

解决方案1
 4 已采纳  2020-10-26 16:51:12

You can use the flag --post-hook to restart your application after every renewal.您可以在每次续订后使用标志--post-hook重新启动您的应用程序。

certbot renew --post-hook "pm2 restart app_name"
Update #1更新#1

Please note that the command we are running is in crontab and any global program has to be referenced with the full path.请注意,我们正在运行的命令在 crontab 中,并且必须使用完整路径引用任何全局程序。 You can use the which command to find the executable file path for the command.您可以使用which命令查找该命令的可执行文件路径。

解决方案2
 0  2020-10-26 17:07:13

You can reload the new certs without restarting your server.您可以在不重新启动服务器的情况下重新加载新证书。

According to the issue Reload certificate files of https.createServer() without restarting node server #15115 , specifically this comment from mscdex:根据问题Reload certificate files of https.createServer() without restarting node server #15115 ,特别是来自 mscdex 的评论

FWIW you can already do this with SNICallback(): FWIW,您已经可以使用 SNICallback() 执行此操作:

 const https = require('https'); const tls = require('tls'); const fs = require('fs'); var ctx = tls.createSecureContext({ key: fs.readFileSync(config.sslKeyPath), cert: fs.readFileSync(config.sslCrtPath) }); https.createServer({ SNICallback: (servername, cb) => { // here you can even change up the `SecureContext` // based on `servername` if you want cb(null, ctx); } });

With that, all you have to do is re-assign ctx and then it will get used for any future requests.有了这个,你所要做的就是重新分配 ctx ,然后它将用于任何未来的请求。

Using the example above, you just need to do fs.readFileSync again on the cert path from within the SNICallback and attach them to the ctx object.使用上面的示例,您只需在SNICallback fs.readFileSync它们附加到ctx object。 But, you only want to do this when you know they've just changed.但是,当你知道它们刚刚改变时,你只想这样做。 You can watch the files from javascript for changes.您可以查看 javascript 中的文件以进行更改。 You can use fs.watch() for that or something from npm .您可以为此使用fs.watch()npm中的某些内容。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Node.js HTTPS读取SSL证书 - Node.js HTTPS reading SSL certificates Node.js 多个 SSL 证书 - Node.js Multiple SSL Certificates 创建用于与Node.js一起使用的SSL证书 - Creating SSL certificates for using with Node.js Openshift node.js:我是否需要在Web控制台或应用程序中加载ssl证书? - Openshift node.js: do I need to load ssl certificates in the web console or in the application? Webfaction中的Node.Js / Express应用程序的SSL证书? - SSL certificates for a Node.Js / Express app in Webfaction? 如何配置在Windows上运行的node.js以使用具有多个域名的多个SSL证书? - How to configure node.js running on Windows to use multiple SSL certificates with multiple domain names? node.js 我可以为同一个项目使用多个 ssl 证书和密钥吗? - node.js can i use multiple ssl certificates and keys for same project and how? 如何在node.js应用程序中正确安装SSL? - How properly install SSL in a node.js application? 如何在 AWS 上使用 SSL 创建 node.js 应用程序? - How do I create a node.js application with SSL on AWS? 节点js SSL证书问题 - node js ssl certificates issue
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM