Realm对象服务器的Https代理不起作用 [英] Https Proxy for Realm Object Server not working

问题描述

我似乎无法获得我的Realm Object Server运行的https代理.我遵循了文档中的每个步骤，其中包括编辑configuration.yml文件以进行更改:

I can't seem to get the https proxy for my Realm Object Server running. I've followed every step in the docs, which include editing the configuration.yml file to change:

proxy.https.enable: true  
proxy.https.listen_address: ::  
proxy.https.listen_port: 9443  
proxy.https.certificate_path: 'cert_path'
proxy.https.private_key_path: 'private_key_path'

当我访问 http://example.com:9080 很好，但是访问 https://example.com:9443 不起作用-我已验证路径正确，并且证书/私有组合键有效.

When I visit http://example.com:9080 it's fine, but visiting https://example.com:9443 doesn't work - I've verified the paths are correct, and the cert/private key combination is valid.

任何配置此功能的帮助将不胜感激，因为我正在尝试使该应用程序符合Apple的ATS要求！

Any help configuring this would be much appreciated, as I'm trying to get the app in conformance with Apple's ATS requirements!

推荐答案

领域对象服务器由领域"用户启动，您应检查该用户是否有权访问证书.

The Realm Object Server is started by the "realm" user, you should check that the user has permissions to access the certificates.

以下是使用 letsencrypt 设置https的说明列表！在Ubuntu 16.04上，也许可以帮助您确定问题:

Here is a list of instructions for setting up https with letsencrypt! on Ubuntu 16.04, maybe it helps identify your issue:

1. 安装ROS，让其加密并生成证书

curl -s https://packagecloud.io/install/repositories/realm/realm/script.deb.sh | sudo bash

apt-get install realm-object-server-developer
apt-get install letsencrypt

letsencrypt certonly --standalone -d ${mydomain.com}

# set up permissions for the realm user on /etc/letsencrypt.
sudo groupadd ssl
sudo usermod -a -G ssl realm
sudo chgrp -R ssl /etc/letsencrypt
sudo chmod -R g=rX /etc/letsencrypt

1. 在代理"部分中编辑配置以启用ssl

/etc/realm/configuration.yml中的部分:

  https:
    ## Whether or not to enable the HTTPS proxy module. It enables multiplexing requests
    ## by forwarding incoming requests on a single port to all services.
    ## Note that even if it enabled, the HTTPS proxy will only start if supplied
    ## with a valid pair of certificates through certificate_path and private_key_path below.
    enable: true

    ## The path to the certificate and private keys (in PEM format) that will be used
    ## to set up the HTTPS server accepting connections.
    ## These configuration options are MANDATORY to start the HTTPS proxy module.
    certificate_path: '/etc/letsencrypt/live/${mydomain.com}/cert.pem'
    private_key_path: '/etc/letsencrypt/live/${mydomain.com}/privkey.pem'

    ## The address/interface on which the HTTPS proxy module should listen. This defaults
    ## to 127.0.0.1. If you wish to listen on all available interfaces,
    ## uncomment the following line.
    listen_address: '::'

    ## The port that the HTTPS proxy module should bind to.
    # listen_port: 9443

1. 连接到仪表板并创建一个帐户. (转到https://${mydomain.com}:9443)

转到浏览器，然后选择连接到对象服务器" 输入realms://${mydomain.com}:9443作为Server Url以及刚创建的用户名和密码. 您应该看到一个领域列表.

Go to the browser and choose "Connect to Object Server" Enter realms://${mydomain.com}:9443 as Server Url and the username and password you just created. You should see a list of realms.

这篇关于Realm对象服务器的Https代理不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！