Giter VIP home page Giter VIP logo

guirong.github.io's People

Contributors

guirong avatar

Watchers

avatar

guirong.github.io's Issues

Https下基于证书的前端调试

TSL/SSL 通讯简化过程

  1. 浏览器连接服务器,服务器把SSL证书发送给浏览器(证书里包含公钥)
  2. 浏览器验证此证书中的域是否和访问的域一致,有没有过期等,那么浏览器随机生成一个对称密钥(pre-master key)并使用接收到的SSL证书的公钥进行加密并发送给服务器
  3. 服务器通过SSL证书的私钥对收到的信息进行解密并得到浏览器随机生成的对称密钥
  4. 最后服务器和浏览器都通过这个对称密钥进行通讯了

image
黄线部分为可选客户端认证

证书生成

前端开发一般需要将线上文件代理到本地服务器调试文件,https下本地服务器便需要提供证书,证书生成步骤简化:

生成根CA证书

# 生成私钥
openssl genrsa -out ca.key 2048
# 生成证书请求
openssl req -new -out ca.csr -key ca.key -config openssl.cnf
# 生成自认证根证书
openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt

生成实际server证书

openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key -config openssl.cnf
# 使用前面根证书签发证书
openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt -extensions v3_req -extfile openssl.cnf

openssl.cnf 参考

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
# 不让用户输入,使用cnf设置内容
prompt = no

[ req_distinguished_name ]
countryName                    = CN
stateOrProvinceName      = xxx
localityName                     = xxx
organizationName            = xxx
organizationalUnitName   = xxx
commonName                  = xxx

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:false
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.xxx.com
  1. v3_req部分仅用于最后CA签发sever证书时使用
  2. openssl req examples

为什么不直接使用根证书,还单独再签发证书

单独使用根证书直接绑定host没问题,但当被 charels等代理工具代理时,charels本身会有根证书用于客户端验证,此时charels将前面根证书重新签发再送到客户端,客户端会验证失败(chrome,部分android)

refs

  1. SSL/TLS协议运行机制的概述 比较透彻
  2. SSL/TLS证书生成及验证
  3. openssl documentation

深入Gulp

深入GULP

  1. 基于Stream及Transform Stream 机制形成 gulp的插件体系(pipe & transform stream)
  2. stream中传递的是 vinyl File
  3. vinylFile content 可以是 Buffer 也可以是Stream(node base Stream:String | Buffer)
  4. 一般通过gulp.dest创建writable stream,将vinylFile写入文件,file content是stream时通过writeStream写入
  5. through2 是个transform Stream的简单封装,用于创建 transform Stream
  6. 理解以上就可读懂 vinyl-source-stream(将简单stream转为vinyl File Stream)

参考

  1. gulp 的一些概念:https://medium.com/@contrahacks/gulp-3828e8126466
  2. @todo stream handbook:https://github.com/substack/stream-handbook
  3. @todo http://ejohn.org/blog/node-js-stream-playground/#postcomment

MAC查看端口占用 

## 不加sudo 查看不到 sudo执行的程序,之后可以通过kill pid 杀掉
sudo lsof -i:80

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.