wpstudio
/
hiring-test-one
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
337 Commits
1 Branch
0 Tags
14 MiB
Tree: 7a958a68ec
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7a958a68ec'
${ noResults }
hiring-test-one/doc/https.md

59 lines
2.7 KiB
Raw Normal View History

docs
8 years ago
  1. ## HTTPS Server
  3. Some modern techs (ServiceWorker, any `MediaDevices.getUserMedia()` request etc.) *must* be served from a secure origin (HTTPS). To launch an HTTPS server, supply a `--key` and `--cert` to local-web-server, for example:
  5. ```
  6. $ ws --key localhost.key --cert localhost.crt
  7. ```
  9. If you don't have a key and certificate it's trivial to create them. You do not need third-party verification (Verisign etc.) for development purposes. To get the green padlock in the browser, the certificate..
  11. * must have a `Common Name` value matching the FQDN of the server
  12. * must be verified by a Certificate Authority (but we can overrule this - see below)
  14. First create a certificate:
  16. 1. Install openssl.
  18. `$ brew install openssl`
  20. 2. Generate a RSA private key.
  22. `$ openssl genrsa -des3 -passout pass:x -out ws.pass.key 2048`
  24. 3. Create RSA key.
  26. ```
  27. $ openssl rsa -passin pass:x -in ws.pass.key -out ws.key
  28. ```
  30. 4. Create certificate request. The command below will ask a series of questions about the certificate owner. The most imporant answer to give is for `Common Name`, you can accept the default values for the others. **Important**: you **must** input your server's correct FQDN (`dev-server.local`, `laptop.home` etc.) into the `Common Name` field. The cert is only valid for the domain specified here. You can find out your computers host name by running the command `hostname`. For example, mine is `mba3.home`.
  32. `$ openssl req -new -key ws.key -out ws.csr`
  34. 5. Generate self-signed certificate.
  36. `$ openssl x509 -req -days 365 -in ws.csr -signkey ws.key -out ws.crt`
  38. 6. Clean up files we're finished with
  40. `$ rm ws.pass.key ws.csr`
  42. 7. Launch HTTPS server. In iTerm, control-click the first URL (with the hostname matching `Common Name`) to launch your browser.
  44. ```
  45. $ ws --key ws.key --cert ws.crt
  46. serving at https://mba3.home:8010, https://127.0.0.1:8010, https://192.168.1.203:8010
  47. ```
  49. Chrome and Firefox will still complain your certificate has not been verified by a Certificate Authority. Firefox will offer you an `Add an exception` option, allowing you to ignore the warning and manually mark the certificate as trusted. In Chrome on Mac, you can manually trust the certificate another way:
  51. 1. Open Keychain
  52. 2. Click File -> Import. Select the `.crt` file you created.
  53. 3. In the `Certificates` category, double-click the cert you imported.
  54. 4. In the `trust` section, underneath `when using this certificate`, select `Always Trust`.
  56. Now you have a valid, trusted certificate for development.
  58. ### Built-in certificate
  59. As a quick win, you can run `ws` with the `https` flag. This will launch an HTTPS server using a [built-in certificate](https://github.com/75lb/local-web-server/tree/master/ssl) registered to the domain 127.0.0.1.