我正在尝试在我的本地系统中设置 ssl。我正在使用带有sails js应用程序的Windows机器。
这是我所做的配置。
/**
* Production environment settings
* (sails.config.*)
*
* What you see below is a quick outline of the built-in settings you need
* to configure your Sails app for production. The configuration in this file
* is only used in your production environment, i.e. when you lift your app using:
*
* ```
* NODE_ENV=production node app
* ```
*
* > If you're using git as a version control solution for your Sails app,
* > this file WILL BE COMMITTED to your repository by default, unless you add
* > it to your .gitignore file. If your repository will be publicly viewable,
* > don't add private/sensitive data (like API secrets / db passwords) to this file!
*
* For more best practices and tips, see:
* https://sailsjs.com/docs/concepts/deployment
*/
// returns an instance of greenlock.js with additional helper methods
const glx = require('greenlock-express').create({
server: 'https://acme-staging-v02.api.letsencrypt.org/directory',
version: 'draft-12', // Let's Encrypt v2 (ACME v2)
telemetry: true,
configDir: 'D:\\cert\\localhost',
email: 'xuz@gmail.com',
agreeTos: true,
servername: 'localhost.com',
domains: ['localhost', 'www.localhost'],
debug: true
});
// handles acme-challenge and redirects to https
// require('http')
// .createServer(glx.middleware(require('redirect-https')()))
// .listen(80, function() {
// console.log('Listening for ACME http-01 challenges on', this.address());
// });
module.exports = {
/**************************************************************************
* *
* Tell Sails what database(s) it should use in production. *
* *
* (https://sailsjs.com/config/datastores) *
* *
**************************************************************************/
datastores: {
/***************************************************************************
* *
* Configure your default production database. *
* *
* 1. Choose an adapter: *
* https://sailsjs.com/plugins/databases *
* *
* 2. Install it as a dependency of your Sails app. *
* (For example: npm install sails-mysql --save) *
* *
* 3. Then set it here (`adapter`), along with a connection URL (`url`) *
* and any other, adapter-specific customizations. *
* (See https://sailsjs.com/config/datastores for help.) *
* *
***************************************************************************/
default: {
adapter: 'sails-mysql',
url: 'mysql://root:gs8jh3kj3w48xudf@35.197.96.87:3306/fulfil_db'
// adapter: 'sails-mysql',
// url: 'mysql://user:password@host:port/database',
//--------------------------------------------------------------------------
// /\ To avoid checking it in to version control, you might opt to set
// || sensitive credentials like `url` using an environment variable.
//
// For example:
// ```
// sails_datastores__default__url=mysql://admin:myc00lpAssw2D@db.example.com:3306/my_prod_db
// ```
//--------------------------------------------------------------------------
/****************************************************************************
* *
* More adapter-specific options *
* *
* > For example, for some hosted PostgreSQL providers (like Heroku), the *
* > extra `ssl: true` option is mandatory and must be provided. *
* *
* More info: *
* https://sailsjs.com/config/datastores *
* *
****************************************************************************/
// ssl: true,
}
},
models: {
/***************************************************************************
* *
* To help avoid accidents, Sails automatically sets the automigration *
* strategy to "safe" when your app lifts in production mode. *
* (This is just here as a reminder.) *
* *
* More info: *
* https://sailsjs.com/docs/concepts/models-and-orm/model-settings#?migrate *
* *
***************************************************************************/
migrate: 'safe'
/***************************************************************************
* *
* If, in production, this app has access to physical-layer CASCADE *
* constraints (e.g. PostgreSQL or MySQL), then set those up in the *
* database and uncomment this to disable Waterline's `cascadeOnDestroy` *
* polyfill. (Otherwise, if you are using a databse like Mongo, you might *
* choose to keep this enabled.) *
* *
***************************************************************************/
// cascadeOnDestroy: false,
},
/**************************************************************************
* *
* Always disable "shortcut" blueprint routes. *
* *
* > You'll also want to disable any other blueprint routes if you are not *
* > actually using them (e.g. "actions" and "rest") -- but you can do *
* > that in `config/blueprints.js`, since you'll want to disable them in *
* > all environments (not just in production.) *
* *
***************************************************************************/
blueprints: {
shortcuts: false
},
/***************************************************************************
* *
* Configure your security settings for production. *
* *
* IMPORTANT: *
* If web browsers will be communicating with your app, be sure that *
* you have CSRF protection enabled. To do that, set `csrf: true` over *
* in the `config/security.js` file (not here), so that CSRF app can be *
* tested with CSRF protection turned on in development mode too. *
* *
***************************************************************************/
security: {
/***************************************************************************
* *
* If this app has CORS enabled (see `config/security.js`) with the *
* `allowCredentials` setting enabled, then you should uncomment the *
* `allowOrigins` whitelist below. This sets which "origins" are allowed *
* to send cross-domain (CORS) requests to your Sails app. *
* *
* > Replace "https://example.com" with the URL of your production server. *
* > Be sure to use the right protocol! ("http://" vs. "https://") *
* *
***************************************************************************/
cors: {
allRoutes: true,
allowOrigins: '*',
allowCredentials: false
}
},
/***************************************************************************
* *
* Configure how your app handles sessions in production. *
* *
* (https://sailsjs.com/config/session) *
* *
* > If you have disabled the "session" hook, then you can safely remove *
* > this section from your `config/env/production.js` file. *
* *
***************************************************************************/
session: {
/***************************************************************************
* *
* Production session store configuration. *
* *
* Uncomment the following lines to finish setting up a package called *
* "@sailshq/connect-redis" that will use Redis to handle session data. *
* This makes your app more scalable by allowing you to share sessions *
* across a cluster of multiple Sails/Node.js servers and/or processes. *
* *
* *
* > While @sailshq/connect-redis is a popular choice for Sails apps, many *
* > other compatible packages (like "connect-mongo") are available on NPM. *
* > (For a full list, see https://sailsjs.com/plugins/sessions) *
* *
***************************************************************************/
// adapter: '@sailshq/connect-redis',
// url: 'redis://user:password@localhost:6379/databasenumber',
//--------------------------------------------------------------------------
// /\ OR, to avoid checking it in to version control, you might opt to
// || set sensitive credentials like this using an environment variable.
//
// For example:
// ```
// sails_session__url=redis://admin:myc00lpAssw2D@bigsquid.redistogo.com:9562/0
// ```
//
//--------------------------------------------------------------------------
/***************************************************************************
* *
* Production configuration for the session ID cookie. *
* *
* Tell browsers (or other user agents) to ensure that session ID cookies *
* are always transmitted via HTTPS, and that they expire 24 hours after *
* they are set. *
* *
* Note that with `secure: true` set, session cookies will _not_ be *
* transmitted over unsecured (HTTP) connections. Also, for apps behind *
* proxies (like Heroku), the `trustProxy` setting under `http` must be *
* configured in order for `secure: true` to work. *
* *
* > While you might want to increase or decrease the `maxAge` or provide *
* > other options, you should always set `secure: true` in production *
* > if the app is being served over HTTPS. *
* *
* Read more: *
* https://sailsjs.com/config/session#?the-session-id-cookie *
* *
***************************************************************************/
cookie: {
// secure: true,
maxAge: 24 * 60 * 60 * 1000 // 24 hours
}
},
/**************************************************************************
* *
* Set up Socket.io for your production environment. *
* *
* (https://sailsjs.com/config/sockets) *
* *
* > If you have disabled the "sockets" hook, then you can safely remove *
* > this section from your `config/env/production.js` file. *
* *
***************************************************************************/
sockets: {
onlyAllowOrigins: []
/***************************************************************************
* *
* Uncomment the `onlyAllowOrigins` whitelist below to configure which *
* "origins" are allowed to open socket connections to your Sails app. *
* *
* > Replace "https://example.com" etc. with the URL(s) of your app. *
* > Be sure to use the right protocol! ("http://" vs. "https://") *
* *
***************************************************************************/
// onlyAllowOrigins: [
// 'https://example.com',
// 'https://staging.example.com',
// ],
/***************************************************************************
* *
* If you are deploying a cluster of multiple servers and/or processes, *
* then uncomment the following lines. This tells Socket.io about a Redis *
* server it can use to help it deliver broadcasted socket messages. *
* *
* > Be sure a compatible version of @sailshq/socket.io-redis is installed! *
* > (See https://sailsjs.com/config/sockets for the latest version info) *
* *
* (https://sailsjs.com/docs/concepts/deployment/scaling) *
* *
***************************************************************************/
// adapter: '@sailshq/socket.io-redis',
// url: 'redis://user:password@bigsquid.redistogo.com:9562/databasenumber',
//--------------------------------------------------------------------------
// /\ OR, to avoid checking it in to version control, you might opt to
// || set sensitive credentials like this using an environment variable.
//
// For example:
// ```
// sails_sockets__url=redis://admin:myc00lpAssw2D@bigsquid.redistogo.com:9562/0
// ```
//--------------------------------------------------------------------------
},
/**************************************************************************
* *
* Set the production log level. *
* *
* (https://sailsjs.com/config/log) *
* *
***************************************************************************/
log: {
level: 'debug'
},
http: {
serverOptions: glx.httpsOptions,
/***************************************************************************
* *
* The number of milliseconds to cache static assets in production. *
* (the "max-age" to include in the "Cache-Control" response header) *
* *
***************************************************************************/
cache: 365.25 * 24 * 60 * 60 * 1000 // One year
/***************************************************************************
* *
* Proxy settings *
* *
* If your app will be deployed behind a proxy/load balancer - for example, *
* on a PaaS like Heroku - then uncomment the `trustProxy` setting below. *
* This tells Sails/Express how to interpret X-Forwarded headers. *
* *
* This setting is especially important if you are using secure cookies *
* (see the `cookies: secure` setting under `session` above) or if your app *
* relies on knowing the original IP address that a request came from. *
* *
* (https://sailsjs.com/config/http) *
* *
***************************************************************************/
// trustProxy: true,
},
/**************************************************************************
* *
* Lift the server on port 80. *
* (if deploying behind a proxy, or to a PaaS like Heroku or Deis, you *
* probably don't need to set a port here, because it is oftentimes *
* handled for you automatically. If you are not sure if you need to set *
* this, just try deploying without setting it and see if it works.) *
* *
***************************************************************************/
host: '127.0.0.1',
port: 443,
ssl: true,
/**************************************************************************
* *
* Configure an SSL certificate *
* *
* For the safety of your users' data, you should use SSL in production. *
* ...But in many cases, you may not actually want to set it up _here_. *
* *
* Normally, this setting is only relevant when running a single-process *
* deployment, with no proxy/load balancer in the mix. But if, on the *
* other hand, you are using a PaaS like Heroku, you'll want to set up *
* SSL in your load balancer settings (usually somewhere in your hosting *
* provider's dashboard-- not here.) *
* *
* > For more information about configuring SSL in Sails, see: *
* > https://sailsjs.com/config/*#?sailsconfigssl *
* *
**************************************************************************/
// ssl: undefined,
lifejacket: {
// Disabled by default. (e.g. for local dev)
// So you'll want to override this in your config/env/production.js file,
// setting it to `true`.
ensureHttps: true
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// If you don't already have the conventional `sails.config.custom.baseUrl` set,
// then uncomment the following `host` config. This must be set manually if `ensureHttps`
// is enabled.
// > Should be provided as a string, like `foo.example.com`.
// host: 'mysweetsite.com',
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
}
};
当我在命令下方启动时,它会显示这样的图像, 但是当我在浏览器https://localhost中运行此应用程序时,它会显示错误。
错误:
[gl/index.js] gl.getCertificates called for localhost with certs for NONE
[gl/index.js] gl.approveDomains called with certs for NONE and options:
[gl/index.js] { domain: 'localhost',
domains: [ 'localhost' ],
certs: null,
certificate: {},
account: {},
wildname: '*.' }
[gl/index.js] gl getting from disk or registering new
[le-store-certbot]
[le-store-certbot]
[greenlock/lib/core.js] checkAsync failed to find certificates
[le-store-certbot] success reading arg.accountsDir
[le-store-certbot] regrs.length 1
[le-store-certbot] accountId: 7deec612c26a9f3163c582e4ea6a972d
[greenlock/lib/core.js] calling greenlock.acme.getCertificateAsync localhost [ 'localhost' ]
[acme-v2] DEBUG get cert 1
[acme-v2] accounts.create
[acme-v2] agreeToTerms
[acme-v2] accounts.create JSON body:
{ protected:
'eyJub25jZSI6IjAwMDJOU2o2eXpYRlB6SWhMekRLT1lwc1R6bTdlcXhtMWVBMzBNdFJqZ3VFSlU4IiwiYWxnIjoiUlMyNTYiLCJ1cmwiOiJodHRwczovL2FjbWUtc3RhZ2luZy12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1hY2N0IiwiandrIjp7Imt0eSI6IlJTQSIsIm4iOiJ4ZXB4b2RyempSdi1nUERpaUg3ZFhFQklYR3pvXy16bXkyNzNDeEN6TFRIUkx4ZFBpb29idXRtNzZHbkxpRzV4QzN0eHoyS1k2Tk1qSXNERWJRNk1mM1BCc3RLVnp1V01HLWxvZ0ducDZqOXFyVHVpSloyRk1VYkQwRVk2R3R6ZzRNQzVRNnJqM1BqUDIyOXNnQjJ3UWlGLWtNMzBHSU9KOE14T1c0RGhlMHRaQ1JpVHpnQmt0Qy1EUFRMUGdDMTRYR0RfTC10QVN6OW5SUlBGbDZNdGljWjkwQktNbG16OUFQalNiajBpclloV3VJVmNyN1l6SnhBakFod015OE9BRVFjbTJXbldjN3YyZXVPa2RZSkZpNEpEelM5cmppZWlSZTItR05kNmFpbHdhdzZVdkRnZVFFY2N3VllqblVJcUdGUlFMNE55RlZQVEZlT2lDT1FGelEiLCJlIjoiQVFBQiJ9fQ',
payload:
'eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6dHJ1ZSwib25seVJldHVybkV4aXN0aW5nIjpmYWxzZX0',
signature:
'niurbbdEwbyPPXdLEWw_Qi1iQSHQ2otsqZPUEUAZ4HN3BNDo2ugknJMQdvPEzMrsfyntxMyX6hqiM5sgYcbaPX5TErolPebmITXC3lqgBn8nZaMx2JInqD0s8OQM71l-N95PqAmbOpTykGPaEASwN95acm47gQdbjLu6nBsnF6sfzFghRDTVhk8xpGhUTqhKjQ7vIrH6QlpPVi8N5WTabfCQDWeaNCFjq6vKiCvbfjFPmLZn2junDwAe4utIpuP3FqZYMlCvXFCmr_o7qyyQZWxWWZbajHJO75HBkrqKx_fbI5ogj3wuLikddQmzDqPARV0F8coEaYqmQsfh24h43A' }
[DEBUG] new account location:
https://acme-staging-v02.api.letsencrypt.org/acme/acct/11074181
{ statusCode: 200,
body:
{ key:
{ kty: 'RSA',
n:
'xepxodrzjRv-gPDiiH7dXEBIXGzo_-zmy273CxCzLTHRLxdPioobutm76GnLiG5xC3txz2KY6NMjIsDEbQ6Mf3PBstKVzuWMG-logGnp6j9qrTuiJZ2FMUbD0EY6Gtzg4MC5Q6rj3PjP229sgB2wQiF-kM30GIOJ8MxOW4Dhe0tZCRiTzgBktC-DPTLPgC14XGD_L-tASz9nRRPFl6MticZ90BKMlmz9APjSbj0irYhWuIVcr7YzJxAjAhwMy8OAEQcm2WnWc7v2euOkdYJFi4JDzS9rjieiRe2-GNd6ailwaw6UvDgeQEccwVYjnUIqGFRQL4NyFVPTFeOiCOQFzQ',
e: 'AQAB' },
contact: [ 'mailto:baj9032@gmail.com' ],
initialIp: '103.238.110.39',
createdAt: '2019-09-20T08:07:38Z',
status: 'valid' },
headers:
{ server: 'nginx',
date: 'Fri, 20 Sep 2019 08:11:39 GMT',
'content-type': 'application/json',
'content-length': '551',
connection: 'close',
'cache-control': 'public, max-age=0, no-cache',
link:
'<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"',
location:
'https://acme-staging-v02.api.letsencrypt.org/acme/acct/11074181',
'replay-nonce': '00027sSdL_GbUp842Yw5P-69vfX0wI1vzkxBJGo6_9o6jwY',
'x-frame-options': 'DENY',
'strict-transport-security': 'max-age=604800' },
request:
{ uri:
Url {
protocol: 'https:',
slashes: true,
auth: null,
host: 'acme-staging-v02.api.letsencrypt.org',
port: null,
hostname: 'acme-staging-v02.api.letsencrypt.org',
hash: null,
search: null,
query: null,
pathname: '/acme/new-acct',
path: '/acme/new-acct',
href: 'https://acme-staging-v02.api.letsencrypt.org/acme/new-acct' },
method: 'POST',
headers:
{ 'Content-Type': 'application/jose+json',
'Content-Length': 1155 } } }
[acme-v2] DEBUG get cert 1
[greenlock/lib/core.js] setChallenge called for 'localhost'
[DEBUG] waitChallengeDelay 500
[acme-v2] handled(?) rejection as errback:
Error: connect ECONNREFUSED 127.0.0.1:80
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1097:14)
Error loading/registering certificate for 'localhost':
{ Error: connect ECONNREFUSED 127.0.0.1:80
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1097:14)
errno: 'ECONNREFUSED',
code: 'ECONNREFUSED',
syscall: 'connect',
address: '127.0.0.1',
port: 80 }