本地 https 开发环境
13 Jun 2022为了保证本地开发调试环境和线上生产环境尽可能一致,在本地也使用 HTTPS 很有必要。
安装
brew install mkcert
安装成功后,应该可以使用mkcert命令了:
$ mkcert
Usage of mkcert:
$ mkcert -install
Install the local CA in the system trust store.
$ mkcert example.org
Generate "example.org.pem" and "example.org-key.pem".
$ mkcert example.com myapp.dev localhost 127.0.0.1 ::1
Generate "example.com+4.pem" and "example.com+4-key.pem".
$ mkcert "*.example.it"
Generate "_wildcard.example.it.pem" and "_wildcard.example.it-key.pem".
$ mkcert -uninstall
Uninstall the local CA (but do not delete it).
mkcert 基本使用
首先在 CA 根证书系统中安装本地 CA.
$ brew install nss # Install "certutil" ,if you use Firefox
$ mkcert -install
使用 mkcert 生成本地受信任的 SSL 证书
mkcert cybh5.mynatapp.cc "*.mynatapp.cc" localhost 127.0.0.1 ::1
您也可以查看证书的内容:
cat cybh5.mynatapp.cc+4.pem
测试 mkcert 证书
nginx 配置:
vim /usr/local/etc/nginx/servers/cybh5.conf
server {
listen 80;
server_name cybh5.mynatapp.cc;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen *:443 ssl http2;
server_name cybh5.mynatapp.cc;
ssl_certificate /Users/andrew/surforce/certs/cybapi.mynatapp.cc+4.pem;
ssl_certificate_key /Users/andrew/surforce/certs/cybapi.mynatapp.cc+4-key.pem;
location / {
proxy_pass http://127.0.0.1:8082;
}
}
确保您的 /etc/hosts 文件包含已使用域的记录。
127.0.0.1 cybh5.mynatapp.cc