- 浏览: 2493537 次
- 性别:
- 来自: 成都
文章分类
最新评论
-
nation:
你好,在部署Mesos+Spark的运行环境时,出现一个现象, ...
Spark(4)Deal with Mesos -
sillycat:
AMAZON Relatedhttps://www.godad ...
AMAZON API Gateway(2)Client Side SSL with NGINX -
sillycat:
sudo usermod -aG docker ec2-use ...
Docker and VirtualBox(1)Set up Shared Disk for Virtual Box -
sillycat:
Every Half an Hour30 * * * * /u ...
Build Home NAS(3)Data Redundancy -
sillycat:
3 List the Cron Job I Have>c ...
Build Home NAS(3)Data Redundancy
AMAZON API Gateway(2)Client Side SSL with NGINX or NodeJS
1 API Gateway to Connect to AWS API
https://aws.amazon.com/api-gateway/faqs/
Can Amazon API Gateway work within an Amazon VPC?
Can I verify that it is API Gateway calling my backend?
SSL for LB
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-update-ssl-cert.html#us-update-lb-SSLcert-console
Client side SSL
http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html
Client SSL for NodeJS
http://www.graemeboy.com/validating-https-nodejs
Client Side SSL for Nginx
http://nategood.com/client-side-certificate-authentication-in-ngi
https://rynop.wordpress.com/2012/11/26/howto-client-side-certificate-auth-with-nginx/
https://gist.github.com/mtigas/952344
2 Stop the Apache on my Local for 80 Port
sudo apachectl stop
3 Start with NGINX
Start the nginx server
> sudo sbin/nginx
I install the latest stable version of nginx nginx-1.6.3
Error Message 1:
nginx: [emerg] unknown directive "ssl_client_certificate" in /home/carl/tool/nginx-1.6.3/conf/nginx.conf:43
Solution:
http://sillycat.iteye.com/blog/2074417
> ./configure --with-http_stub_status_module --with-http_ssl_module --prefix=/home/carl/tool/nginx-1.6.3
http://suoranciata.github.io/ssl-client-auth.html
4 Configure the Client Side Certificate Validation
http://suoranciata.github.io/ssl-client-auth.html
http://stackoverflow.com/questions/11840873/how-to-proxy-http-x-ssl-client-s-dn-header
This is the mock server output all the headers:
require('http').createServer(function(req, res) {
res.writeHead(200)
res.write("<pre>")
res.write(req.method + " " + req.url + " HTTP/" + req.httpVersion + "\n")
for (var name in req.headers) {
res.write(name + ": " + req.headers[name] + "\n")
}
res.end("</pre>")
}).listen(8080)
This is the output
GET / HTTP/1.0
x-ssl-client-verify: NONE
host: 127.0.0.1:8080
connection: close
cache-control: max-age=0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36
accept-encoding: gzip, deflate, sdch
accept-language: en-US,en;q=0.8,zh-TW;q=0.6,zh;q=0.4
This is the nginx.conf file, it seems that I need to make the ssl on to make it work.
ssl on;
ssl_certificate /home/carl/install/keys/ca.crt;
ssl_certificate_key /home/carl/install/keys/ca.key;
ssl_client_certificate /opt/nginx/conf/certs/ca.crt;
ssl_verify_depth 1;
ssl_verify_client optional;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-SSL-client-serial $ssl_client_serial;
proxy_set_header X-SSL-client-s-dn $ssl_client_s_dn;
proxy_set_header X-SSL-client-i-dn $ssl_client_i_dn;
proxy_set_header X-SSL-client-session-id $ssl_session_id;
proxy_set_header X-SSL-client-verify $ssl_client_verify;
}
If I need client side certificate validation, I need to to have ssl on, it is a little complex than I thought. Reading more documents.
If I want to do that within nodeJS.
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('/home/carl/install/keys/ca.key'),
cert: fs.readFileSync('/home/carl/install/keys/ca.crt'),
// This is necessary only if using the client certificate authentication.
requestCert: true,
// This is necessary only if the client uses the self-signed certificate.
ca: [ fs.readFileSync('ssl/ca.crt') ]
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.write("Hello.\n");
if(req.client.authorized) {
res.write('Access granted.\n');
}
else {
res.write('Access denied.\n');
}
res.end();
}).listen(8081);
Hello.
Access denied.
References:
https://gist.github.com/mtigas/952344
http://stackoverflow.com/questions/8431528/nginx-ssl-certificate-authentication-signed-by-intermediate-ca-chain
1 API Gateway to Connect to AWS API
https://aws.amazon.com/api-gateway/faqs/
Can Amazon API Gateway work within an Amazon VPC?
Can I verify that it is API Gateway calling my backend?
SSL for LB
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-update-ssl-cert.html#us-update-lb-SSLcert-console
Client side SSL
http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html
Client SSL for NodeJS
http://www.graemeboy.com/validating-https-nodejs
Client Side SSL for Nginx
http://nategood.com/client-side-certificate-authentication-in-ngi
https://rynop.wordpress.com/2012/11/26/howto-client-side-certificate-auth-with-nginx/
https://gist.github.com/mtigas/952344
2 Stop the Apache on my Local for 80 Port
sudo apachectl stop
3 Start with NGINX
Start the nginx server
> sudo sbin/nginx
I install the latest stable version of nginx nginx-1.6.3
Error Message 1:
nginx: [emerg] unknown directive "ssl_client_certificate" in /home/carl/tool/nginx-1.6.3/conf/nginx.conf:43
Solution:
http://sillycat.iteye.com/blog/2074417
> ./configure --with-http_stub_status_module --with-http_ssl_module --prefix=/home/carl/tool/nginx-1.6.3
http://suoranciata.github.io/ssl-client-auth.html
4 Configure the Client Side Certificate Validation
http://suoranciata.github.io/ssl-client-auth.html
http://stackoverflow.com/questions/11840873/how-to-proxy-http-x-ssl-client-s-dn-header
This is the mock server output all the headers:
require('http').createServer(function(req, res) {
res.writeHead(200)
res.write("<pre>")
res.write(req.method + " " + req.url + " HTTP/" + req.httpVersion + "\n")
for (var name in req.headers) {
res.write(name + ": " + req.headers[name] + "\n")
}
res.end("</pre>")
}).listen(8080)
This is the output
GET / HTTP/1.0
x-ssl-client-verify: NONE
host: 127.0.0.1:8080
connection: close
cache-control: max-age=0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36
accept-encoding: gzip, deflate, sdch
accept-language: en-US,en;q=0.8,zh-TW;q=0.6,zh;q=0.4
This is the nginx.conf file, it seems that I need to make the ssl on to make it work.
ssl on;
ssl_certificate /home/carl/install/keys/ca.crt;
ssl_certificate_key /home/carl/install/keys/ca.key;
ssl_client_certificate /opt/nginx/conf/certs/ca.crt;
ssl_verify_depth 1;
ssl_verify_client optional;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-SSL-client-serial $ssl_client_serial;
proxy_set_header X-SSL-client-s-dn $ssl_client_s_dn;
proxy_set_header X-SSL-client-i-dn $ssl_client_i_dn;
proxy_set_header X-SSL-client-session-id $ssl_session_id;
proxy_set_header X-SSL-client-verify $ssl_client_verify;
}
If I need client side certificate validation, I need to to have ssl on, it is a little complex than I thought. Reading more documents.
If I want to do that within nodeJS.
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('/home/carl/install/keys/ca.key'),
cert: fs.readFileSync('/home/carl/install/keys/ca.crt'),
// This is necessary only if using the client certificate authentication.
requestCert: true,
// This is necessary only if the client uses the self-signed certificate.
ca: [ fs.readFileSync('ssl/ca.crt') ]
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.write("Hello.\n");
if(req.client.authorized) {
res.write('Access granted.\n');
}
else {
res.write('Access denied.\n');
}
res.end();
}).listen(8081);
Hello.
Access denied.
References:
https://gist.github.com/mtigas/952344
http://stackoverflow.com/questions/8431528/nginx-ssl-certificate-authentication-signed-by-intermediate-ca-chain
评论
1 楼
sillycat
2016-02-09
AMAZON Related
https://www.godaddy.com/help/generating-a-certificate-signing-request-csr-apache-2x-5269
https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html
https://www.godaddy.com/help/generating-a-certificate-signing-request-csr-apache-2x-5269
https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html
发表评论
-
Stop Update Here
2020-04-28 09:00 270I will stop update here, and mo ... -
NodeJS12 and Zlib
2020-04-01 07:44 438NodeJS12 and Zlib It works as ... -
Docker Swarm 2020(2)Docker Swarm and Portainer
2020-03-31 23:18 319Docker Swarm 2020(2)Docker Swar ... -
Docker Swarm 2020(1)Simply Install and Use Swarm
2020-03-31 07:58 331Docker Swarm 2020(1)Simply Inst ... -
Traefik 2020(1)Introduction and Installation
2020-03-29 13:52 297Traefik 2020(1)Introduction and ... -
Portainer 2020(4)Deploy Nginx and Others
2020-03-20 12:06 383Portainer 2020(4)Deploy Nginx a ... -
Private Registry 2020(1)No auth in registry Nginx AUTH for UI
2020-03-18 00:56 382Private Registry 2020(1)No auth ... -
Docker Compose 2020(1)Installation and Basic
2020-03-15 08:10 337Docker Compose 2020(1)Installat ... -
VPN Server 2020(2)Docker on CentOS in Ubuntu
2020-03-02 08:04 406VPN Server 2020(2)Docker on Cen ... -
Buffer in NodeJS 12 and NodeJS 8
2020-02-25 06:43 343Buffer in NodeJS 12 and NodeJS ... -
NodeJS ENV Similar to JENV and PyENV
2020-02-25 05:14 424NodeJS ENV Similar to JENV and ... -
Prometheus HA 2020(3)AlertManager Cluster
2020-02-24 01:47 370Prometheus HA 2020(3)AlertManag ... -
Serverless with NodeJS and TencentCloud 2020(5)CRON and Settings
2020-02-24 01:46 302Serverless with NodeJS and Tenc ... -
GraphQL 2019(3)Connect to MySQL
2020-02-24 01:48 215GraphQL 2019(3)Connect to MySQL ... -
GraphQL 2019(2)GraphQL and Deploy to Tencent Cloud
2020-02-24 01:48 401GraphQL 2019(2)GraphQL and Depl ... -
GraphQL 2019(1)Apollo Basic
2020-02-19 01:36 285GraphQL 2019(1)Apollo Basic Cl ... -
Serverless with NodeJS and TencentCloud 2020(4)Multiple Handlers and Running wit
2020-02-19 01:19 274Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(3)Build Tree and Traverse Tree
2020-02-19 01:19 270Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(2)Trigger SCF in SCF
2020-02-19 01:18 259Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(1)Running with Component
2020-02-19 01:17 246Serverless with NodeJS and Tenc ...
相关推荐
Vue项目结果build编译后,放在Nginx的html文件夹内,替换该配置文件,就可以在Nginx服务器上运行Vue项目
apigateway 基于Openresty和NGINX的高性能API网关。目录地位当前项目被认为可以投入生产。快速开始单机版$ docker run --name= " apigateway " \ -p 80:80 \ -e " LOG_LEVEL=info " \ adobeapiplatform/apigateway:...
nginx-ssl-client 使用nginx创建用于客户端证书身份验证的简单测试服务器。 脚步 检查certs / README.md以了解如何创建证书。 (选择)。 将nginx / ssl-client.conf设置为ssl_verify_client optional; 测试服务器...
主要介绍了Nginx配置SSL自签名证书的方法,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
linux安装nginx并支持ssl,使得服务器支持证书签名,提升应用的安全性
NULL 博文链接:https://hlee.iteye.com/blog/569381
ssl自制全套证书(包含服务器端、客户端、ca端的证书,格式有.crt,.key,.truststore,.keystore,.p12,.cer,.pem等类型),当时要配置webservice接口、tomca、nginx通过ssl访问的证书,弄了好久才生成了一套能使用的。...
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-ipv6 集成了SSL的编译好的nginx文件,放在/usr/local/nginx/sbin/目录下(nginx需停止状态),启动nginx
Nginx基于SSL协议下,利用http basic身份验证,可以实现简单访问WebApi,达到集群负载均衡的效果。通过简单的设计,在局域网上应用还是够用的。当然,身份认证方式有很多种,使用redis、token都是可以的。WebApi基于...
squid和nginx配置正向代理访问API接口
Nginx完整配置说明,入门级的,高级指令不在这,得自己买书看,别下错了,基本部署用的
Windows下Nginx配置SSL实现Https访问(包含证书生成)
2023最新SSL证书在线申请系统源码 | 支持API接口 SSL证书保证网络安全的基本保障。向您介绍我们的在线生成SSL证书系统 支持在线生成SSL证书系统,用户登录可在线申请SSL,后台对接ssl证书API接口 测试运行环境:...
nginx+php-fpm解决502 Bad Gateway.zip
linux下nginx配置ssl,配置内网ip访问,配置内网域名访问。配置相同网站http重定向到https
Nginx双向SSL认证配置详细步骤
Nginx配置SSL,Nginx使用SSL模块配置https支持
NULL 博文链接:https://hlee.iteye.com/blog/559361
契约锁 配合ssl nginx
windows下编译的nginx,添加了nginx-http-flv-module,可用作实时流媒体服务器使用,具体是使用和配置方面可参照https://github.com/winshining/nginx-http-flv-module进行使用和配置。