概述
https相對於http,在TCP之上增加了一個SSL/TLS層。用於對傳輸的數據加解密,防止數據泄露和被篡改。
Nginx起HTTPS
下面的配置是cerbort生成的,照貓畫虎,基本一樣
server {
server_name baidu.com;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
root /var/www/web/;
index index.php, index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
listen 443 ssl; #managed by Certbot
ssl_certificate /etc/letsencrypt/live/baidu.com/fullchain.pem; #managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/baidu.com/privkey.pem; #managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; #managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #managed by Certbot
}
Node起HTTPS
基本以下代碼,綁定域名即可訪問
// https
const https = require('https');
const sslify = require('koa-sslify').default;//http強制HTTPS
var options = {
key: fs.readFileSync('....key'),
cert: fs.readFileSync('....pem')
}
// https
app.use(sslify());
https.createServer(options, app.callback()).listen(443, () => {
console.log(`server https running success at 443`)
});
遇到的問題
今天遇到一個以前的問題,常識性問題:node起了https服務之後,使用了443端口,在nginx裏又起了一個443的https server,結果Nginx的服務無法訪問。
使用curl的時候報錯,說server的證書跟域名不匹配。
原因當然是一個進程只能佔用一個端口,node服務先起的,nginx的server bind port失敗了。附一個查看端口占用的cmd:
netstat -apn | grep [port]