如何访问OpenShift通配符SSL证书和私钥

时间:2023-01-22 16:36:40

On the OpenShift website here: https://help.openshift.com/hc/en-us/articles/202535440-How-do-I-get-SSL-for-my-domains-, it states

在OpenShift网站上:https://help.openshift.com/hc/en-us/articles/202535440-How-do-I-get-SSL-for-my-domains-,它说明

You can always take advantage of our *.rhcloud.com wildcard certificate in order 
to securely connect to any application via it's original, OpenShift-provided 
hostname URL.

However, Node's HTTPS server requires a file path to a certificate and private key in order to use HTTPS:

但是,Node的HTTPS服务器需要证书和私钥的文件路径才能使用HTTPS:

var privateKey  = fs.readFileSync('sslcert/server.key', 'utf8');
var certificate = fs.readFileSync('sslcert/server.crt', 'utf8');
var credentials = {key: privateKey, cert: certificate};
var express = require('express');
var app = express();
var httpsServer = https.createServer(credentials, app);
httpsServer.listen(443);

None of the OpenShift environment variables (https://www.openshift.com/developers/openshift-environment-variables) appear to be related to SSL certificates, and the documentation does not mention it other than at the above link, which provides no technical information in actually using it.

OpenShift环境变量(https://www.openshift.com/developers/openshift-environment-variables)似乎都与SSL证书无关,除了上述链接之外,文档没有提及它。实际使用它的技术信息。

How do I access the privateKey and certificate file on an OpenShift Node.js gear/cartridge?

如何访问OpenShift Node.js gear / cartridge上的privateKey和证书文件?

2 个解决方案

#1


10  

It turns out that all SSL certificates are handled by OpenShift routers before they reach the gear/cartridge. There is no need to setup an HttpsServer at all, the normal HttpServer listening on port 8080 will receive both HTTP and HTTPS traffic transparently.

事实证明,所有SSL证书都是在OpenShift路由器到达齿轮/磁带之前由其处理的。根本不需要设置HttpsServer,正常的HttpServer监听端口8080将透明地接收HTTP和HTTPS流量。

This is true whether you are using a custom certificate or the wildcard certificate, which is pretty nifty.

无论您使用的是自定义证书还是通配符证书都是如此,这非常漂亮。

#2


1  

Nodejs Express application scenario is detailed at OpenShift https answer. To sum up, use the X-Forwarded-Proto header's value from the request headers given to your nodejs web server by openshift's proxy to determine if reply should redirect client to https or is client already requesting on https.

Nodejs Express应用程序场景详见OpenShift https答案。总而言之,openhift的代理使用来自nodejs web服务器的请求标头中的X-Forwarded-Proto标头值来确定是否应该将客户端重定向到https,或者客户端是否已经在https上请求。

#1


10  

It turns out that all SSL certificates are handled by OpenShift routers before they reach the gear/cartridge. There is no need to setup an HttpsServer at all, the normal HttpServer listening on port 8080 will receive both HTTP and HTTPS traffic transparently.

事实证明,所有SSL证书都是在OpenShift路由器到达齿轮/磁带之前由其处理的。根本不需要设置HttpsServer,正常的HttpServer监听端口8080将透明地接收HTTP和HTTPS流量。

This is true whether you are using a custom certificate or the wildcard certificate, which is pretty nifty.

无论您使用的是自定义证书还是通配符证书都是如此,这非常漂亮。

#2


1  

Nodejs Express application scenario is detailed at OpenShift https answer. To sum up, use the X-Forwarded-Proto header's value from the request headers given to your nodejs web server by openshift's proxy to determine if reply should redirect client to https or is client already requesting on https.

Nodejs Express应用程序场景详见OpenShift https答案。总而言之,openhift的代理使用来自nodejs web服务器的请求标头中的X-Forwarded-Proto标头值来确定是否应该将客户端重定向到https,或者客户端是否已经在https上请求。