授予 Node.js 访问证书/私钥的权限 [英] Giving Node.js access to certificate/private key
问题描述
我正在尝试在我的 Node.js 应用程序上使用 HTTPS,就像它已经为其他任何应用启用一样.我已经安装了密钥和证书,但是当我试图在应用程序上指向它们时,我收到一个 Error: EACCES, permission denied
.
I am trying to use HTTPS on my Node.js app, just as it is already enabled for anything else. I have the keys and certificates already installed, but I get a Error: EACCES, permission denied
when I tried to point to them on the app.
密钥和证书都在 /etc/pki/tls
的子文件夹中,我尝试像这样指向它们:
Both the key and the certificate are in subfolder of /etc/pki/tls
, and I attempted pointing to them like this:
var privateKey = fs.readFileSync('/etc/pki/tls/private/serverKey.key').toString(),
certificate = fs.readFileSync('/etc/pki/tls/certs/2_mikewarren.me.crt').toString();
var options = {
key: privateKey,
cert: certificate
}
我是否需要调整密钥和证书的权限(通过 chown
)?如果是这样,这样做是否安全?
Do I need to adjust the permissions of the keys and certificates (via chown
)? If so, is it safe to do?
推荐答案
我获得了代码访问权限.
I got my code access.
我做了什么
- 创建了名为
certAccess
的新用户组 - 通过说
sudo useradd ec2-user -G certAccess
将自己添加到 - 在
certAccess
中添加了 root 用户(他是唯一可以访问这些文件的用户) - 更改了私钥的所有者:
sudo chown ec2-user.certAccess/etc/pki/tls/private/serverKey.key
certAccess
测试...
为了测试,我只是在使用后将 options
打印到控制台.确实看到了私钥和证书的内容(自己试试).我还重新启动 httpd
服务器,并请求静态文件.我看到了它们,受 TLS 保护,没有故障.
To test, I simply print options
to the console, right after using it. Indeed, I saw the contents of private key and certificate (try it yourself). I also restart httpd
server, and requested static files. I saw them, protected with TLS, without fault.
这篇关于授予 Node.js 访问证书/私钥的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!