如何创建安全(TLS/SSL)Websocket 服务器 [英] How to Create Secure(TLS/SSL) Websocket Server

问题描述

我正在使用 node.js 的 WS websocket 库.目前我正在运行 ws 服务器.现在我想通过使用安全连接来保护这个连接，即通过实现 wss 协议和库支持 TLS 连接.我稍微搜索了一下，发现这个很简单:wss和这个 带有自签名证书的 wss.

两者都不是很详细，第二个链接上的文章描述了带有自签名证书的 wss.我想知道的是，仅创建自签名证书并部署到我的生产环境就足够了，还是我需要像创建 HTTPS 服务器时那样购买证书?

解决方案

你的问题 #1

<块引用>

如何创建安全(TLS/SSL)Websocket 服务器?

我在网上搜索有关如何使 websockets 通过安全连接工作的指南时发现了您的问题.由于这出现在搜索结果中，因此我可能不是唯一一个出现在此页面上的人.为了拯救大家(包括未来的我)一些时间，这里是.

问题

我有一个简单的 node.js websocket 服务器，由 einaros/ws 提供支持，监听端口 80通过不安全的连接.不得不将其切换到安全连接.

解决方案

基本上，您提供的第二个链接几乎涵盖了我需要知道的所有内容.以下是我花了一些时间才弄明白的几件事:

• 为此我需要 .pem 文件，但我从证书提供者那里得到的只是一个简单的 .crt/.cert 文件，我还有一个私有的 .key 在生成初始 .csr 请求后得到.所以这里是如何转换 (归功于 slf):

   openssl rsa -in server.key -text >私人.pemopenssl x509 -inform PEM -in server.crt >公共文件

• 我不清楚如何让 ws 使用安全连接.由于我试图将 SSL 添加到现有应用程序中，因此我想避免必须重新执行某些操作.结果，我所要做的就是用对 https 实例的引用替换 {port:80} 参数(有关如何初始化它的更多信息，请参阅链接).

   var ws = require('ws').Server;var wss = 新 ws({服务器:httpsServer});

参考文献

• github.com/websockets/ws/blob/master/examples/ssl.js
• chovy.com/web-development/self-signed-certs-with-secure-websockets-in-node-js

你的问题 #2

<块引用>

我想知道的是，是否仅创建自签名证书并部署到我的生产环境就足够了，还是需要像创建 HTTPS 服务器时一样购买证书?

对于公共服务器，您需要来自广受信任的CA.使用免费的Let's Encrypt，或来自已知发行商的任何付费证书.这将确保您的用户不会收到任何浏览器安全警告，或者甚至不知道出了什么问题就离开.

对于您的本地开发环境，或者所有连接客户端都已知并在您的控制之下，您可以创建自己的 CA，请参阅 deliciousbrains.com/ssl-certificate-authority-for-local-https-development.

I am using WS websocket library of node.js. Currently I'm running ws server. Now I want to secure this connection by using secure connections i.e by implementing wss protocol and also library support TLS connection. I searched a little and found this plain to secure: wss and this wss with self signed certificate .

Both are not very detailed and the article on the second link describes wss with self signed certificate. What i want to know is if it is enough to just create the self signed certificate and deploy to my production environment or do I need to buy a certificate as we need to do while creating HTTPS servers?

解决方案

Your question #1

How to Create Secure(TLS/SSL) Websocket Server?

I found your question while searching online for a guide on how to make websockets work over a secured connection. Since this came up in search results, there is a chance I'm not the only one who ended up on this page. To save everyone (including future me) some time, here goes.

The Problem

I had a simple node.js websocket server, powered by einaros/ws, listening on port 80 over an unsecured connection. Had to switch it to secure connection.

The Solution

Basically, the second link you provided covers pretty much everything I needed to know. Here are few things that took me some time to figure out though:

• I needed the .pem files for this, but all I got from the cert provider was a simple .crt/.cert file, and I also had a private .key I got after generating the initial .csr request. So here's how to convert (credit to slf):

   openssl rsa -in server.key -text > private.pem
   openssl x509 -inform PEM -in server.crt > public.pem
  

• It was unclear to me how to make ws use the secured connection. Since I was trying to add SSL to an existing application, I wanted to avoid having to re-do things. Turns out, all I had to do was replace the {port:80} parameter with a reference to the https instance (see the links for more info on how to initialise it).

   var ws = require('ws').Server;
   var wss = new ws({
       server: httpsServer
   });
  

References

• github.com/websockets/ws/blob/master/examples/ssl.js
• chovy.com/web-development/self-signed-certs-with-secure-websockets-in-node-js

Your question #2

What i want to know is if it is enough to just create the self signed certificate and deploy to my production environment, or do I need to buy a certificate as we need to do while creating HTTPS servers?

For a public server, you will need a certificate from a widely trusted CA. Use the free Let's Encrypt, or any paid certificate from a known issuer. This will ensure your users won't be getting any browser security warnings, or just leaving without even knowing what went wrong.

For your local development environment, or where all connecting clients are known and under your control, you can create your own CA, see deliciousbrains.com/ssl-certificate-authority-for-local-https-development.

这篇关于如何创建安全(TLS/SSL)Websocket 服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！