Skip to content

Instantly share code, notes, and snippets.

@vaxilicaihouxian

vaxilicaihouxian/nginx-dev-ssl.md

Forked from baryon/nginx-dev-ssl.md
Created March 11, 2022 08:45
Show Gist options
  • Save vaxilicaihouxian/b8816f5e8f8b4f0e88b7b2438cb5723c to your computer and use it in GitHub Desktop.
Save vaxilicaihouxian/b8816f5e8f8b4f0e88b7b2438cb5723c to your computer and use it in GitHub Desktop.
Download ZIP
配合nginx在本地开发https后端服务器
Raw
nginx-dev-ssl.md

在开发后端服务时, APP中已经写好了服务器地址, 如何在本地开发机器调试呢? 首先,需要设置本地机器的hosts。 最方便的工具是gas masks https://github.com/2ndalpha/gasmask

添加类似如下代码

127.0.0.1		dev.example.com

生成本地证书 copy default OpenSSL config

cp /usr/local/etc/openssl/openssl.cnf .

make changes according to https://fbcs.co.uk/self-signed-multiple-domain-ssl-certificates/

vim openssl.cnf

在openssl.cnf的[ v3_ca ]字段下面添加

subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = dev.example.io
IP.1 = 0.0.0.0
IP.2 = 127.0.0.1

generate certificate openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout project.key -out project.crt -config openssl.cnf

Generating a 2048 bit RSA private key
......................+++
..................................................................................................................+++

writing new private key to 'project.key'

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:.
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:dummy.dev
Email Address []:.

将生成的两个文件copy到etc/nginx/ssl目录下, 如下配置nginx.conf

add https endpoint vim nginx.conf

server {
  listen 443;
  server_name ~^(.+)$;
 
  ssl                  on;
  ssl_certificate      ssl/project.crt;
  ssl_certificate_key  ssl/project.key;

  location / {
    add_header Content-Type text/plain;
    return 200 'secure gangnam style!';
  }
}

sudo brew services restart nginx

visit https://localhost & make the certificate trustworthy by adding to keychain http://www.robpeck.com/2010/10/google-chrome-mac-os-x-and-self-signed-ssl-certificates/

将project.crt文件拖入keychain_access.app的system分区,双击这个文件 选择trust信赖,设置ssl和x509为一直信赖

这时打开 https://localhost/ 会显示 secure gangnam style!

在etc/nginx/server/目录下添加开发中的服务器转向配置

server {
    listen              443 ssl;
    server_name         dev.example.com;

    ssl_certificate      ssl/project.crt;
    ssl_certificate_key  ssl/project.key;
    ssl_verify_client off;
    #...
    location / {
        proxy_pass http://127.0.0.1:8080;
        #...
    }
}

在ios虚拟机中访问本地开发网站 将project.crt拖入虚拟机,将打开safari, 选择install,将可以安装全局信任证书 但暂时无法被safari和app识别

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment