node.js 如何创建安全(TLS/SSL)Websocket 服务器
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31338927/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to Create Secure(TLS/SSL) Websocket Server
提问by Sahil
I am using WS websocketlibrary of node.js. Currently I'm running ws server. Now I want to secure this connection by using secure connections i.e by implementing wss protocol and also library support TLS connection. I searched a little and found this plain to secure: wssand this wss with self signed certificate.
我正在使用node.js 的WS websocket库。目前我正在运行 ws 服务器。现在我想通过使用安全连接来保护这个连接,即通过实现 wss 协议和库支持 TLS 连接。我搜索了一下,发现这个很 简单: wss和这个带有自签名证书的 wss。
Both are not very detailed and the article on the second link describes wss with self signed certificate. What i want to know is if it is enough to just create the self signed certificate and deploy to my production environment or do I need to buy a certificate as we need to do while creating HTTPS servers?
两者都不是很详细,第二个链接上的文章描述了带有自签名证书的 wss。我想知道的是,仅创建自签名证书并部署到我的生产环境就足够了,还是我需要像创建 HTTPS 服务器时那样购买证书?
回答by aexl
Your question #1
你的问题#1
How to Create Secure(TLS/SSL) Websocket Server?
如何创建安全(TLS/SSL)Websocket 服务器?
I found your question while searching online for a guide on how to make websockets work over a secured connection. Since this came up in search results, there is a chance I'm not the only one who ended up on this page. To save everyone (including future me) some time, here goes.
我在网上搜索有关如何使 websockets 通过安全连接工作的指南时发现了您的问题。由于这出现在搜索结果中,因此我可能不是唯一一个出现在此页面上的人。为了拯救每个人(包括未来的我)一些时间,这里是。
The Problem
问题
I had a simple node.js websocket server, powered by einaros/ws, listening on port 80 over an unsecured connection. Had to switch it to secure connection.
我有一个简单的 node.js websocket 服务器,由einaros/ws提供支持,通过不安全的连接侦听端口 80。不得不将其切换到安全连接。
The Solution
解决方案
Basically, the second link you provided covers pretty much everything I needed to know. Here are few things that took me some time to figure out though:
基本上,您提供的第二个链接几乎涵盖了我需要知道的所有内容。以下是我花了一些时间才弄明白的几件事:
I needed the
.pemfiles for this, but all I got from the cert provider was a simple.crt/.certfile, and I also had a private.keyI got after generating the initial.csrrequest. So here's how to convert(creditto slf):openssl rsa -in server.key -text > private.pem openssl x509 -inform PEM -in server.crt > public.pemIt was unclear to me how to make
wsuse the secured connection. Since I was trying to add SSL to an existing application, I wanted to avoid having to re-do things. Turns out, all I had to do was replace the{port:80}parameter with a reference to thehttpsinstance (see the links for more info on how to initialise it).var ws = require('ws').Server; var wss = new ws({ server: httpsServer });
我需要这些
.pem文件,但我从证书提供者那里得到的只是一个简单的.crt/.cert文件,并且.key在生成初始.csr请求后我还有一个私有文件。所以这里是如何转换(信用到slf):openssl rsa -in server.key -text > private.pem openssl x509 -inform PEM -in server.crt > public.pem我不清楚如何
ws使用安全连接。由于我试图将 SSL 添加到现有应用程序中,因此我想避免必须重新执行某些操作。结果,我所要做的就是用对实例{port:80}的引用替换参数https(有关如何初始化它的更多信息,请参阅链接)。var ws = require('ws').Server; var wss = new ws({ server: httpsServer });
References
参考
- github.com/websockets/ws/blob/master/examples/ssl.js
- chovy.com/web-development/self-signed-certs-with-secure-websockets-in-node-js
- github.com/websockets/ws/blob/master/examples/ssl.js
- chovy.com/web-development/self-signed-certs-with-secure-websockets-in-node-js
Your question #2
你的问题#2
What i want to know is if it is enough to just create the self signed certificateand deploy to my productionenvironment, or do I need to buy a certificate as we need to do while creating HTTPS servers?
我想知道的是,仅创建自签名证书并部署到我的生产环境就足够了,还是我需要像创建 HTTPS 服务器时一样购买证书?
Emphasis mine. Yes, I would advise you to buy a certificate from a trusted authority. This will ensure your users won't be getting any browser security warnings, or just leaving without even knowing what went wrong.
强调我的。是的,我建议您从受信任的机构购买证书。这将确保您的用户不会收到任何浏览器安全警告,或者甚至不知道出了什么问题就离开。
