概述
https相对于http,在TCP之上增加了一个SSL/TLS层。用于对传输的数据加解密,防止数据泄露和被篡改。
Nginx起HTTPS
下面的配置是cerbort生成的,照猫画虎,基本一样
server {
server_name baidu.com;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
root /var/www/web/;
index index.php, index.html;
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
listen 443 ssl; #managed by Certbot
ssl_certificate /etc/letsencrypt/live/baidu.com/fullchain.pem; #managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/baidu.com/privkey.pem; #managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; #managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; #managed by Certbot
}
Node起HTTPS
基本以下代码,绑定域名即可访问
// https
const https = require('https');
const sslify = require('koa-sslify').default;//http强制HTTPS
var options = {
key: fs.readFileSync('....key'),
cert: fs.readFileSync('....pem')
}
// https
app.use(sslify());
https.createServer(options, app.callback()).listen(443, () => {
console.log(`server https running success at 443`)
});
遇到的问题
今天遇到一个以前的问题,常识性问题:node起了https服务之后,使用了443端口,在nginx里又起了一个443的https server,结果Nginx的服务无法访问。
使用curl的时候报错,说server的证书跟域名不匹配。
原因当然是一个进程只能占用一个端口,node服务先起的,nginx的server bind port失败了。附一个查看端口占用的cmd:
netstat -apn | grep [port]