问题
I'm using the npm package "http-server" (https://www.npmjs.com/package/http-server) to set up a simple webserver, but I cannot get it to use SSL. My command in package.json is
http-server -p 8000 -o -S
with a cert.pem and key.pem in my root directory (for now). The "-o" option opens a browser to the default page, but the page is served using HTTP and not even accessible through HTTPS. I don't get any errors or warnings. I've also tried adding the "-C" and "-K" options without luck. Has any one had any success with this package?
回答1:
First, make sure that you have key.pem and cert.pem files. You can generate them using this command:
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
You will be prompted with a few questions after entering the command. Use 127.0.0.1 as value for "Common name" if you want to be able to install the certificate in your OS's root certificate store or browser so that it is trusted.
This generates a cert-key pair and it will be valid for roughly 10 years (3650 days to be exact).
Then you need to run the server with -S for enabling SSL and -C for your certificate file:
$ http-server -S -C cert.pem -o
Starting up http-server, serving ./ through https
Available on:
https:127.0.0.1:8080
https:192.168.1.101:8080
https:192.168.1.104:8080
Hit CTRL-C to stop the server
回答2:
Just for future reference, my problem was solved by updating the package to the latest version in package.json. I copy-pasted an old example file without updating the version numbers.
回答3:
Firefox didn't accept self-signed certs, so a bit more effort was required. First create a CA:
openssl req -batch -new -newkey ec:<(openssl ecparam -name prime256v1) -nodes -keyout ca-key.pem -x509 -out ca.pem -days 3650 -subj "/CN=A localhost CA"
Add ca.pem (A localhost CA) to trusted certs of your OS and/or Firefox (other browsers use system CAs). Keep the ca* files in a secure location for future use, so you never have to do this again.
Then, for any site that you are running, and whenever you wish to change settings, create cert.pem and key.pem with:
openssl req -batch -new -newkey ec:<(openssl ecparam -name prime256v1) -nodes -keyout key.pem -subj /CN=localhost | openssl x509 -req -CAkey ca-key.pem -CA ca.pem -CAcreateserial -out cert.pem -days 365 -extfile <(echo subjectAltName=DNS:localhost)
The same commands in multiple lines for readability:
# Create CA
openssl req -batch -new -newkey ec:<(openssl ecparam -name prime256v1) -nodes \
-keyout ca-key.pem -x509 -out ca.pem -days 3650 -subj "/CN=A localhost CA"
# Create a CSR for localhost, then sign it by CA
openssl req -batch -new -newkey ec:<(openssl ecparam -name prime256v1) -nodes \
-keyout key.pem -subj /CN=localhost | \
openssl x509 -req -CAkey ca-key.pem -CA ca.pem -CAcreateserial -out cert.pem \
-days 365 -extfile <(echo subjectAltName=DNS:localhost)
来源:https://stackoverflow.com/questions/35127383/npm-http-server-with-ssl