mac中apache開啟https功能,本地釋出安裝app
最近app進入收尾階段,發包比較頻繁。很多手機都不在測試證書中,是以使用的是企業證書打包。
每次上傳到外網伺服器都很慢,需要15分鐘左右。想想還是自己本地mac做個伺服器下載下傳比較快一點。
是以學了下apache開啟https的内容,本文記錄了自己的學習過程。
1-先制作自己的簽名證書
在前面的apache相關中,已經在mac上開啟了apache,為了後面手機安裝證書友善,我是在 /Library/WebServer/Documents/目錄中制作簽名證書的。
a-生成私鑰,指令: sudo openssl genrsa -des3 -out app.key 1024
b-生成簽署申請,指令: sudo openssl req -new -key app.key -out app.csr
c-生成伺服器的私鑰,指令: sudo openssl rsa -in app.key -out server.key
d-生成給網站伺服器簽署的證書,指令: sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt
(這一步和a差不多,需要注意的是Common Name一定要填對)
以下是我自己在mac 10.10上處理的指令記錄:
zhuruhongdeMacBook-Pro:~ zhuruhong$ cd /Library/WebServer/Documents/
zhuruhongdeMacBook-Pro:Documents zhuruhong$ ls
PoweredByMacOSX.gif index.html.en php
PoweredByMacOSXLarge.gif ios
zhuruhongdeMacBook-Pro:Documents zhuruhong$ cd ios/
zhuruhongdeMacBook-Pro:ios zhuruhong$ ls
KDaijiaDriver_1.0.0_9291.ipa app.csr ipa.html server.key
KDaijiaDriver_enter.plist app.key server.crt
zhuruhongdeMacBook-Pro:ios zhuruhong$
zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl genrsa -des3 -out app.key 1024
Generating RSA private key, 1024 bit long modulus
.....++++++
.........++++++
e is 65537 (0x10001)
Enter pass phrase for app.key:[這裡是輸入密碼]
Verifying - Enter pass phrase for app.key:[這裡再次輸入密碼确認]
zhuruhongdeMacBook-Pro:ios zhuruhong$
zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl req -new -key app.key -out app.csr
Enter pass phrase for app.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN[這裡是國家,CN中國]
State or Province Name (full name) [Some-State]:hangzhou[這裡是省份,城市]
Locality Name (eg, city) []:hangzhou[這裡是城市]
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd[這裡是公司]
Organizational Unit Name (eg, section) []:rh[這裡是組織名稱]
Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1[這個必須填正确,是你的伺服器的域名,或者ip]
Email Address []:[email protected][這裡是我的郵箱]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456[這裡是密碼]
An optional company name []:rh[這裡是名字]
zhuruhongdeMacBook-Pro:ios zhuruhong$
zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl rsa -in app.key -out server.key
Enter pass phrase for app.key:[這裡輸入密碼]
writing RSA key
zhuruhongdeMacBook-Pro:ios zhuruhong$
zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:hangzhou
Locality Name (eg, city) []:hangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hz ltd
Organizational Unit Name (eg, section) []:rh
Common Name (e.g. server FQDN or YOUR name) []:192.168.2.1
Email Address []:[email protected]
zhuruhongdeMacBook-Pro:ios zhuruhong$
zhuruhongdeMacBook-Pro:ios zhuruhong$ sudo cp server.* /etc/apache2/
zhuruhongdeMacBook-Pro:ios zhuruhong$
zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl configtest
Syntax OK
zhuruhongdeMacBook-Pro:apache2 zhuruhong$ sudo apachectl restart
zhuruhongdeMacBook-Pro:apache2 zhuruhong$
2-配置apache,開啟ssl
編輯/etc/apache2/httpd.conf檔案,去掉下面三行前面的#号
(/etc/apache2/httpd.conf和/private/etc/apache2/httpd.conf其實是同一個内容)
LoadModule ssl_module libexec/apache2/mod_ssl.so
Include /etc/apache2/extra/httpd-ssl.conf
Include /etc/apache2/extra/httpd-vhosts.conf
編輯/etc/apache2/extra/httpd-ssl.conf檔案,去掉下面兩行前面的#号
SSLCertificateFile "/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/server.key"
編輯/etc/apache2/extra/httpd-vhosts.conf檔案,在NameVirtualHost*:80後面添加一段如下内容:
<VirtualHost *:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
ServerName 192.168.2.1
DocumentRoot "/Library/WebServer/Documents"
</VirtualHost>
其中server.crt和server.key就是最開始制作的簽名證書。
我這邊是放在apache的安裝目錄(/etc/apache2/)中的,以上不同的配置各自自己注意目錄。
到這裡就配置完成了,運作sudo apachectl configtest指令,檢查配置。
沒有問題就可以重新開機apache,讓配置生效了。
碰到的問題:
用sudo apachectl configtest指令檢查配置時,出現下面的提示:
Could not reliably determine the server's fully qualified domain name
是因為httpd.conf檔案中的ServerName沒有配置,處于預設狀态。
隻需要在apache安裝目錄/etc/apache2/httpd.conf檔案中啟用ServerName配置指令即可。
加上:ServerName localhost:80
apache的配置檔案httpd.conf中預設是存在類似的指令的,不過在該指令前添加了#号,注釋掉了該句,我們隻需要模仿着增加一行,然後重新開機apache即可。
3-配置ipa下載下傳
靜态html頁面,内容如下:
ipa.html檔案:
zhuruhongdeMacBook-Pro:ios zhuruhong$ cat ipa.html
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
</head>
<ul>
<li>
<a href="itms-services://?action=download-manifest&url=https://192.168.2.1/ios/KDaijiaDriver_enter.plist" target="_blank" rel="external nofollow" >local-iOS代駕司機1.0體驗版</a>
</li>
</ul>
</html>
plist檔案:
zhuruhongdeMacBook-Pro:ios zhuruhong$ cat KDaijiaDriver_enter.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>https://192.168.2.1:443/ios/KDaijiaDriver_1.0.0_10020.ipa</string>
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>com.kuaidi.liangjian</string>
<key>bundle-version</key>
<string>1.0</string>
<key>kind</key>
<string>software</string>
<key>title</key>
<string>快的代駕司機端_體驗版_10020</string>
</dict>
</dict>
</array>
</dict>
</plist>
以下是相關檔案資訊:
zhuruhongdeMacBook-Pro:ios zhuruhong$ pwd
/Library/WebServer/Documents/ios
zhuruhongdeMacBook-Pro:ios zhuruhong$ ls -lrt
total 38112
-rw-r--r--@ 1 zhuruhong wheel 412 6 18 19:25 ipa.html
-rw-r--r-- 1 root wheel 963 6 19 15:49 app.key
-rw-r--r-- 1 root wheel 757 6 19 15:51 app.csr
-rw-r--r-- 1 root wheel 887 6 19 15:51 server.key
-rw-r--r-- 1 root wheel 1294 6 19 15:51 server.crt
-rw-r--r-- 1 zhuruhong wheel 19486293 6 19 17:33 KDaijiaDriver_1.0.0_10020.ipa
-rw-r--r--@ 1 zhuruhong wheel 775 6 19 17:36 KDaijiaDriver_enter.plist
zhuruhongdeMacBook-Pro:ios zhuruhong$
注意:在點選下載下傳前,需要點選server.crt,并信任在手機上安裝。