领域对象服务器的 HTTPS 代理不工作
Https Proxy for Realm Object Server not working
我似乎无法为我的领域对象服务器获取 https 代理 运行。我已经按照文档中的每个步骤进行操作,其中包括编辑 configuration.yml 文件以更改:
proxy.https.enable: true
proxy.https.listen_address: ::
proxy.https.listen_port: 9443
proxy.https.certificate_path: 'cert_path'
proxy.https.private_key_path: 'private_key_path'
当我访问 http://example.com:9080 it's fine, but visiting https://example.com:9443 时不起作用 - 我已验证路径正确,并且 cert/private 组合键有效。
如能提供任何配置方面的帮助,我们将不胜感激,因为我正在努力使该应用程序符合 Apple 的 ATS 要求!
领域对象服务器由 "realm" 用户启动,您应该检查该用户是否有访问证书的权限。
这是使用 letsencrypt 设置 https 的说明列表!在 Ubuntu 16.04 上,也许它有助于确定您的问题:
- 安装ROS,加密并生成证书
curl -s https://packagecloud.io/install/repositories/realm/realm/script.deb.sh | sudo bash
apt-get install realm-object-server-developer
apt-get install letsencrypt
letsencrypt certonly --standalone -d ${mydomain.com}
# set up permissions for the realm user on /etc/letsencrypt.
sudo groupadd ssl
sudo usermod -a -G ssl realm
sudo chgrp -R ssl /etc/letsencrypt
sudo chmod -R g=rX /etc/letsencrypt
- 编辑配置以在 "proxy" 部分启用 ssl
/etc/realm/configuration.yml 中的部分:
https:
## Whether or not to enable the HTTPS proxy module. It enables multiplexing requests
## by forwarding incoming requests on a single port to all services.
## Note that even if it enabled, the HTTPS proxy will only start if supplied
## with a valid pair of certificates through certificate_path and private_key_path below.
enable: true
## The path to the certificate and private keys (in PEM format) that will be used
## to set up the HTTPS server accepting connections.
## These configuration options are MANDATORY to start the HTTPS proxy module.
certificate_path: '/etc/letsencrypt/live/${mydomain.com}/cert.pem'
private_key_path: '/etc/letsencrypt/live/${mydomain.com}/privkey.pem'
## The address/interface on which the HTTPS proxy module should listen. This defaults
## to 127.0.0.1. If you wish to listen on all available interfaces,
## uncomment the following line.
listen_address: '::'
## The port that the HTTPS proxy module should bind to.
# listen_port: 9443
连接到仪表板并创建一个帐户。 (转到 https://${mydomain.com}:9443 )
转到浏览器并选择 "Connect to Object Server"
输入 realms://${mydomain.com}:9443 作为服务器 Url 以及您刚刚创建的用户名和密码。
您应该会看到一个领域列表。
我似乎无法为我的领域对象服务器获取 https 代理 运行。我已经按照文档中的每个步骤进行操作,其中包括编辑 configuration.yml 文件以更改:
proxy.https.enable: true
proxy.https.listen_address: ::
proxy.https.listen_port: 9443
proxy.https.certificate_path: 'cert_path'
proxy.https.private_key_path: 'private_key_path'
当我访问 http://example.com:9080 it's fine, but visiting https://example.com:9443 时不起作用 - 我已验证路径正确,并且 cert/private 组合键有效。
如能提供任何配置方面的帮助,我们将不胜感激,因为我正在努力使该应用程序符合 Apple 的 ATS 要求!
领域对象服务器由 "realm" 用户启动,您应该检查该用户是否有访问证书的权限。
这是使用 letsencrypt 设置 https 的说明列表!在 Ubuntu 16.04 上,也许它有助于确定您的问题:
- 安装ROS,加密并生成证书
curl -s https://packagecloud.io/install/repositories/realm/realm/script.deb.sh | sudo bash
apt-get install realm-object-server-developer
apt-get install letsencrypt
letsencrypt certonly --standalone -d ${mydomain.com}
# set up permissions for the realm user on /etc/letsencrypt.
sudo groupadd ssl
sudo usermod -a -G ssl realm
sudo chgrp -R ssl /etc/letsencrypt
sudo chmod -R g=rX /etc/letsencrypt
- 编辑配置以在 "proxy" 部分启用 ssl
/etc/realm/configuration.yml 中的部分:
https:
## Whether or not to enable the HTTPS proxy module. It enables multiplexing requests
## by forwarding incoming requests on a single port to all services.
## Note that even if it enabled, the HTTPS proxy will only start if supplied
## with a valid pair of certificates through certificate_path and private_key_path below.
enable: true
## The path to the certificate and private keys (in PEM format) that will be used
## to set up the HTTPS server accepting connections.
## These configuration options are MANDATORY to start the HTTPS proxy module.
certificate_path: '/etc/letsencrypt/live/${mydomain.com}/cert.pem'
private_key_path: '/etc/letsencrypt/live/${mydomain.com}/privkey.pem'
## The address/interface on which the HTTPS proxy module should listen. This defaults
## to 127.0.0.1. If you wish to listen on all available interfaces,
## uncomment the following line.
listen_address: '::'
## The port that the HTTPS proxy module should bind to.
# listen_port: 9443
连接到仪表板并创建一个帐户。 (转到
https://${mydomain.com}:9443)转到浏览器并选择 "Connect to Object Server" 输入
realms://${mydomain.com}:9443作为服务器 Url 以及您刚刚创建的用户名和密码。 您应该会看到一个领域列表。