gpt4 book ai didi

node.js - 使用 Express.js 的多个 SSL 证书和 HTTP/2

转载 作者:太空宇宙 更新时间:2023-11-03 13:02:42 24 4
gpt4 key购买 nike

场景:

我有一个 express.js 服务器,它根据 req.headers.host 提供相同静态登录页面的变体。表示用户来自 - 有点像 A/B 测试。

GET tulip.flower.com服务 pages/flower.com/tulip.html

GET rose.flower.com服务 pages/flower.com/rose.html

同时,这个IP还负责:

GET potato.vegetable.com服务 pages/vegetable.com/potato.html

这些页面以FAST 的方式提供很重要,因此它们会被预编译和优化 in all sorts of ways .

服务器现在需要:

  1. *.vegetables.com 提供单独的证书, *.fruits.com , *.rocks.net
  2. 可选择不为 *.flowers.com 提供证书
  3. 提供 HTTP2

问题是 HTTP2 要求证书,而现在有多个证书在起作用。

看起来 it's possible在一个 Node.js(可能是扩展名 Express.js)服务器上使用多个证书,但是否可以将它与像 spdy 这样的模块结合起来? ,如果是,怎么做?

与其破解 Node ,不如把整理 http2 和 SSL 的任务交给 nginx 会更聪明吗?像 Imperva 或 Akamai 这样的缓存网络应该处理这个问题吗?

最佳答案

您也可以使用 tls.createSecureContext,Nginx 不是必需的。

我这里的例子:

const https = require("https");
const tls = require("tls");

const certs = {
"localhost": {
key: "./certs/localhost.key",
cert: "./certs/localhost.crt",
},
"example.com": {
key: "./certs/example.key",
cert: "./certs/example.cert",
ca: "./certs/example.ca",
},
}

function getSecureContexts(certs) {

if (!certs || Object.keys(certs).length === 0) {
throw new Error("Any certificate wasn't found.");
}

const certsToReturn = {};

for (const serverName of Object.keys(certs)) {
const appCert = certs[serverName];

certsToReturn[serverName] = tls.createSecureContext({
key: fs.readFileSync(appCert.key),
cert: fs.readFileSync(appCert.cert),
// If the 'ca' option is not given, then node.js will use the default
ca: appCert.ca ? sslCADecode(
fs.readFileSync(appCert.ca, "utf8"),
) : null,
});
}

return certsToReturn;
}

// if CA contains more certificates it will be parsed to array
function sslCADecode(source) {

if (!source || typeof (source) !== "string") {
return [];
}

return source.split(/-----END CERTIFICATE-----[\s\n]+-----BEGIN CERTIFICATE-----/)
.map((value, index: number, array) => {
if (index) {
value = "-----BEGIN CERTIFICATE-----" + value;
}
if (index !== array.length - 1) {
value = value + "-----END CERTIFICATE-----";
}
value = value.replace(/^\n+/, "").replace(/\n+$/, "");
return value;
});
}

const secureContexts = getSecureContexts(certs)

const options = {
// A function that will be called if the client supports SNI TLS extension.
SNICallback: (servername, cb) => {

const ctx = secureContexts[servername];

if (!ctx) {
log.debug(`Not found SSL certificate for host: ${servername}`);
} else {
log.debug(`SSL certificate has been found and assigned to ${servername}`);
}

if (cb) {
cb(null, ctx);
} else {
return ctx;
}
},
};


var https = require('https');
var httpsServer = https.createServer(options, (req, res) => { console.log(res, req)});
httpsServer.listen(443, function () {
console.log("Listening https on port: 443")
});

如果你想测试它:

  1. 编辑/etc/hosts 并添加记录 127.0.0.1 example.com

  2. 打开浏览器,输入 url https://example.com:443

关于node.js - 使用 Express.js 的多个 SSL 证书和 HTTP/2,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42522805/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com