Amazon web services 如何在AWS Elastic Beanstalk环境中为解析服务器示例启用HTTPS?
我试图在AWS上的解析服务器上启用SSL/TLS,以便从Stripe接收Webhook 我使用openssl在我的服务器上创建了一个自签名证书,但是当我尝试发送带有条带的web钩子时,我收到了以下错误Amazon web services 如何在AWS Elastic Beanstalk环境中为解析服务器示例启用HTTPS?,amazon-web-services,ssl,stripe-payments,webhooks,parse-server,Amazon Web Services,Ssl,Stripe Payments,Webhooks,Parse Server,我试图在AWS上的解析服务器上启用SSL/TLS,以便从Stripe接收Webhook 我使用openssl在我的服务器上创建了一个自签名证书,但是当我尝试发送带有条带的web钩子时,我收到了以下错误 Invalid TLS 我的解析服务器index.js是 var express = require('express'); var ParseServer = require('parse-server').ParseServer; var path = require('path'); v
Invalid TLS
我的解析服务器index.js是
var express = require('express');
var ParseServer = require('parse-server').ParseServer;
var path = require('path');
var databaseUri = process.env.DATABASE_URI || process.env.MONGODB_URI;
if (!databaseUri) {
console.log('DATABASE_URI not specified, falling back to localhost.');
}
var api = new ParseServer({
databaseURI: databaseUri || 'mongodb://localhost:27017/dev',
cloud: process.env.CLOUD_CODE_MAIN || __dirname + '/cloud/main.js',
appId: process.env.APP_ID || 'myAppId',
masterKey: process.env.MASTER_KEY || '', //Add your master key here. Keep it secret!
serverURL: process.env.SERVER_URL || 'http://localhost:1337/parse', // Don't forget to change to https if needed
// push: pushConfig,
// filesAdapter: filesAdapter,
push:{
ios:{
pfx:'xxxxxxxxxxxxxxxxxx', // P12 file only
bundleId: 'xxxxxxxxxxxxxxxx', // change to match bundleId
production: false // dev certificate
}
},
liveQuery: {
classNames: ["Posts", "Comments"] // List of classes to support for query subscriptions
}
});
// Client-keys like the javascript key or the .NET key are not necessary with parse-server
// If you wish you require them, you can set them as options in the initialization above:
// javascriptKey, restAPIKey, dotNetKey, clientKey
var app = express();
// Serve static assets from the /public folder
app.use('/public', express.static(path.join(__dirname, '/public')));
// Serve the Parse API on the /parse URL prefix
var mountPath = process.env.PARSE_MOUNT || '/parse';
app.use(mountPath, api);
// Parse Server plays nicely with the rest of your web routes
app.get('/', function(req, res) {
res.status(200).send('I dream of being a website. Please star the parse-server repo on GitHub!');
});
// There will be a test page available on the /test path of your server url
// Remove this before launching your app
app.get('/test', function(req, res) {
res.sendFile(path.join(__dirname, '/public/test.html'));
});
var port = process.env.PORT || 1337;
var httpServer = require('http').createServer(app);
httpServer.listen(port, function() {
console.log('parse-server-example running on port ' + port + '.');
});
ParseServer.createLiveQueryServer(httpServer);
如何启用https?您需要从可信来源获取证书。否则,即使是浏览器也会将其标记为不受信任。此外,在设置https服务器时,您还需要包含以下代码行:
https.createServer({
key: fs.readFileSync('Your-private-key.pem'),
cert: fs.readFileSync('your-crt-file.crt')
}, app).listen(3001,function(){
console.log('https server started on port 3001');
});
另外,如果您想强制使用https,我建议您查看express sslify,您需要从可信来源获取证书。否则,即使是浏览器也会将其标记为不受信任。此外,在设置https服务器时,您还需要包含以下代码行:
https.createServer({
key: fs.readFileSync('Your-private-key.pem'),
cert: fs.readFileSync('your-crt-file.crt')
}, app).listen(3001,function(){
console.log('https server started on port 3001');
});
此外,如果您想强制使用https,我建议您查看express sslifyStripe几乎肯定不会接受自签名https证书。它必须是受信任的证书。也就是说,如果您可以在没有安全警告的情况下将其加载到浏览器中,那么它将正常工作。感谢您的评论@vcsjone您是否使用负载平衡的弹性Beanstalk环境?换句话说,你有弹性负载平衡器吗?如果是这样,请忘记创建证书和配置您的服务器,只需从AWS ACM服务获取免费SSL证书并将其安装在ELB上。我应该为AWS ACM使用哪个域?谢谢你的回答@MarkB@J.P你已经买了一个。在您购买自己的域名之前,您永远无法创建有效的SSL证书,该证书不会在浏览器中生成错误或警告。Stripe几乎肯定不会接受自签名HTTPS证书。它必须是受信任的证书。也就是说,如果您可以在没有安全警告的情况下将其加载到浏览器中,那么它将正常工作。感谢您的评论@vcsjone您是否使用负载平衡的弹性Beanstalk环境?换句话说,你有弹性负载平衡器吗?如果是这样,请忘记创建证书和配置您的服务器,只需从AWS ACM服务获取免费SSL证书并将其安装在ELB上。我应该为AWS ACM使用哪个域?谢谢你的回答@MarkB@J.P你已经买了一个。在您购买自己的域名之前,您永远无法创建有效的SSL证书,该证书不会在浏览器中生成错误或警告。