多姿势起HTTPS服务

概述

https相对于http,在TCP之上增加了一个SSL/TLS层。用于对传输的数据加解密,防止数据泄露和被篡改。

Nginx起HTTPS

下面的配置是cerbort生成的,照猫画虎,基本一样

server {
    server_name  baidu.com;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;
    root         /var/www/web/;
    index index.php, index.html;

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

 
    # redirect server error pages to the static page /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    } 

    listen 443 ssl; #managed by Certbot
    ssl_certificate /etc/letsencrypt/live/baidu.com/fullchain.pem; #managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/baidu.com/privkey.pem; #managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; #managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #managed by Certbot

}

Node起HTTPS

基本以下代码,绑定域名即可访问

// https
const https = require('https');
const sslify = require('koa-sslify').default;//http强制HTTPS

 var options = {
    key: fs.readFileSync('....key'),
    cert: fs.readFileSync('....pem')
  }
  // https
  app.use(sslify());
  https.createServer(options, app.callback()).listen(443, () => {
    console.log(`server https running success at 443`)
  });

遇到的问题

今天遇到一个以前的问题,常识性问题:node起了https服务之后,使用了443端口,在nginx里又起了一个443的https server,结果Nginx的服务无法访问。

使用curl的时候报错,说server的证书跟域名不匹配。

原因当然是一个进程只能占用一个端口,node服务先起的,nginx的server bind port失败了。附一个查看端口占用的cmd:

netstat -apn  | grep [port]
posted @ 2021-03-24 14:22  ViCanary  阅读(75)  评论(0编辑  收藏  举报