我的環(huán)境
生成證書
輸入如下命令會(huì)在你的當(dāng)前文件夾生成localhost.key和localhost.cert.
openssl genrsa -out localhost.key 2048openssl req -new -x509 -key localhost.key -out localhost.cert -days 3650 -subj /CN=localhost
其中l(wèi)ocalhost為域名. 想要換成別的域名就直接把上面的所有l(wèi)ocalhost替換成你的域名.
以我為例, 我的虛擬機(jī)的域名是xxx.compute.amazonaws.com, 就以這個(gè)域名替換上面所有的localhost, 會(huì)生成, ec2-34-220-96-9.us-west-2.compute.amazonaws.com.key 和 ec2-34-220-96-9.us-west-2.compute.amazonaws.com.cert兩個(gè)文件.
更新
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
如果不想用密碼保護(hù)私鑰, 加上-nodes.
加上-subj '/CN=localhost'可以設(shè)置certificate的內(nèi)容. 將其中的localhost替換成你的域名.
參考:How to create a self-signed certificate with openssl?
代碼
想要運(yùn)行如下代碼, 需要先安裝包
npm initnpm i -S https express
創(chuàng)建文件index.js, 內(nèi)容如下.
#!/usr/bin/env nodevar https = require('https');var fs = require('fs');var express = require('express');var host = 'xxx.compute.amazonaws.com'; // Input you domain name here.var options = { key: fs.readFileSync( './' + host + '.key' ), cert: fs.readFileSync( './' + host + '.cert' ), requestCert: false, rejectUnauthorized: false};var httpApp = express();var app = express();app.get('/', function (req, res) { res.send('hi HTTPS');});httpApp.get('/', function (req, res) { res.send('hi HTTP');});httpApp.listen(80, function () { console.log('http on 80');});var server = https.createServer( options, app );server.listen( 443, function () { console.log( 'https on 443' );} );啟動(dòng)服務(wù)器
sudo node index.js
訪問(wèn)
瀏覽器中輸入http://xxx.compute.amazonaws.com/就會(huì)以80端口訪問(wèn)HTTP服務(wù)器. 顯示hi HTTP.
輸入https://xxx.compute.amazonaws.com/就會(huì)以443端口訪問(wèn)HTTPS服務(wù)器, 顯示hi HTTPS.
參考
Self-Signed, Trusted Certificates for Node.js & Express.js
