我尝试使用Nginx代理对localhost:3000的请求为HTTP和HTTPS设置通配符* .localhost. DNSmasq用于将* .localhost解析为127.0.0.1.
一切都适用于HTTP,但HTTPS连接在Google Chrome中收到以下错误:
There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).
该证书是我通过设置添加到Chrome的自签名证书,并使用以下命令生成:
openssl req -x509 -sha256 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -days 3650 -nodes
主题如下:
Subject: C=AU,ST=Western Australia,L=Perth,O=Zephon,CN=*.localhost
我的Nginx配置如下:
server {
listen 80;
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/Nginx/ssl/localhost.crt;
ssl_certificate_key /etc/Nginx/ssl/localhost.key;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
}
}
最佳答案
因此,最终答案似乎是您无法为Chrome将接受的* .localhost创建证书.
我的解决方案是改为使用* .dev.localhost代替,这是一种享受.