在 localhost 上设置 (https) SSL 以进行流星开发 [英] Setup (https) SSL on localhost for meteor development

问题描述

如何创建自签名 SSL 证书以在 mac 10.9 上的本地服务器上使用?

How do you create a self signed SSL certificate to use on local server on mac 10.9?

我需要我的本地主机作为 https://localhost

I require my localhost serving as https://localhost

我正在使用linkedin API.这里解释了需要本地主机上的 ssl 的功能.https://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens

I am using the linkedin API. The feature which requires the ssl on local host is explained here. https://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens

简而言之，在客户端授权我的应用访问他们的数据后，linkedin 将向客户端发送一个不记名令牌.linkedin 内置的 javascript 库会自动将此 cookie 发送到我的服务器/后端.此 json 文件信息用于用户身份验证.

In brief, linkedin will send the client a bearer token after the client authorises my app to access their data. The built in javascript library by linkedin will automatically send this cookie to my server / backend. This json file info is used for user authentication.

但是，如果服务器不是 https，linkedin 不会发送私有 cookie.

However, linkedin will not send the private cookie if the server is not https.

推荐答案

在开发/生产模式下工作的快速简单的解决方案，在您的应用上使用 http-proxy.

Quick and easy solution that works in dev/prod mode, using http-proxy ontop of your app.

1) 添加tarang:ssl包

meteor add tarang:ssl

2) 将您的证书和密钥添加到您的应用程序 /private 的目录中，例如 /private/key.pem 和 /private/cert.pem

2) Add your certificate and key to a directory in your app /private, e.g /private/key.pem and /private/cert.pem

然后在你的/server 代码中

Then in your /server code

Meteor.startup(function() {
    SSLProxy({
       port: 6000, //or 443 (normal port/requires sudo)
       ssl : {
            key: Assets.getText("key.pem"),
            cert: Assets.getText("cert.pem"),

            //Optional CA
            //Assets.getText("ca.pem")
       }
    });
});

然后启动您的应用程序并加载 https://localhost:6000.确保不要将您的端口与 https 和 http 混淆，因为它们是分开提供的.

Then fire up your app and load up https://localhost:6000. Be sure not to mix up your ports with https and http as they are served seperately.

有了这个，我假设您知道如何创建自己的自签名证书，有很多资源可以说明如何做到这一点.以防万一这里有一些链接.

With this I'm assuming you know how to create your own self signed certificate, there are loads of resources on how to do this. Just in case here are some links.

• http://www.akadia.com/services/ssh_test_certificate.html
• https://devcenter.heroku.com/articles/ssl-certificate-self

自签名证书的替代方案:最好为您的应用程序域使用官方证书并使用 /etc/hosts 也可以在本地计算机上创建环回.这是因为必须在 dev 和 prod 之间切换证书很乏味.

An alternative to self signed certs: it may be better to use an official certificate for your apps domain and use /etc/hosts to create a loopback on your local computer too. This is because its tedious to have to switch certs between dev and prod.

这篇关于在 localhost 上设置 (https) SSL 以进行流星开发的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！