带有Nginx和Chrome的通配符* .localhost SSL

前端之家收集整理的这篇文章主要介绍了带有Nginx和Chrome的通配符* .localhost SSL前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我尝试使用Nginx代理对localhost:3000的请求为HTTP和HTTPS设置通配符* .localhost. DNSmasq用于将* .localhost解析为127.0.0.1.

一切都适用于HTTP,但HTTPS连接在Google Chrome中收到以下错误

There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID).

该证书是我通过设置添加到Chrome的自签名证书,并使用以下命令生成

openssl req -x509 -sha256 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -days 3650 -nodes

主题如下:

Subject: C=AU,ST=Western Australia,L=Perth,O=Zephon,CN=*.localhost

我的Nginx配置如下:

server {
    listen       80;
    listen       443 ssl; 

    server_name  localhost;

    ssl_certificate /etc/Nginx/ssl/localhost.crt;
    ssl_certificate_key /etc/Nginx/ssl/localhost.key;

    location / {
        proxy_pass          http://localhost:3000;
        proxy_http_version  1.1;
        proxy_set_header    Host             $host;
        proxy_set_header    Upgrade          $http_upgrade;
        proxy_set_header    Connection       "upgrade";
        proxy_set_header    X-Real-IP        $remote_addr;
        proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header    X-Client-Verify  SUCCESS;
        proxy_set_header    X-Client-DN      $ssl_client_s_dn;
        proxy_set_header    X-SSL-Subject    $ssl_client_s_dn;
        proxy_set_header    X-SSL-Issuer     $ssl_client_i_dn;
        proxy_read_timeout 1800;
        proxy_connect_timeout 1800;
    }
}
最佳答案
因此,最终答案似乎是您无法为Chrome将接受的* .localhost创建证书.

我的解决方案是改为使用* .dev.localhost代替,这是一种享受.

猜你在找的Nginx相关文章