Afnetworking+nginx+https Server Communication

Camp David Education original articles, reproduced please indicate the source. Our dream is to do the best iOS development training!

Summary

1. Describes the iOS platform with afnetworking and HTTPS background interface for secure communication. 2. Introduce the background self-signed certificate making steps. 3. And the Linux platform Nginx configuration HTTPS protocol interface of the Web site.

The problem with HTTPS secure communication for afnetworking is that many people who have not had their first experience and have even had one experience will be somewhat uncertain. Actually very simple:-A. For background server configured dynamic certificate if it is issued by CA agency certification, then users with afnetworking to access the background interface completely no sense, and HTTP the same way. -B. But an HTTPS certificate if it is a well-known CA agency certification issued, then there will be problems, afnetworking default and such a background server communication, because the verification pass, and everyone on the Web page to open 12306 of tickets, the certificate is not issued by the CA, but the Ministry of Railways itself signed a A certificate. Therefore, for small and medium-sized start-ups or growth companies, the purchase of an HTTPS certificate will also cost a lot. So everyone in the background communication when the general self-signed a certificate to implement the HTTPS interface. A certificate of your own signature can be generated using the following OpenSSL command:

OpenSSL req-new-x509-nodes-days 365-newkey rsa:1024-out tv.diveinedu.com.crt-keyout Tv.diveinedu.com.key

country name  (2  Letter code)  [AU]:CNState or Province Name  (full name)  [some-state]: hunanlocality name  (eg, city)  :ChangshaOrganization Name  (Eg, company)  [Internet Widgits Pty Ltd]:tv.diveinedu.comOrganizational Unit Name  (eg,  section)  :MarketCommon Name  (e.g. server fqdn or your name)  :tv.diveinedu.comemail address :[email protected] 

If you are interested in building a Linux background HTTPS service, you need to upload the certificate and private key to the server or directly to the server, the certificate is configured to the background server, nginx as an example of the following settings:-1. Add an Nginx virtual host configuration file First,

sudo touch/etc/nginx/sites-available/tv.diveinedu.com

• 2. Then make this configuration file effective:

sudo ln-sf/etc/nginx/sites-available/tv.diveinedu.com/etc/nginx/sites-enabled/tv.diveinedu.com

• 3. Edit the file:

sudo vim/etc/nginx/sites-enabled/tv.diveinedu.com

• 4. Type I into VIM edit mode, enter this configuration:

server {    listen 80; #HTTP默认端口80     server_name  tv.diveinedu.com; #主机名, matches the host of the HTTP request header domain     access_log  /var/log/nginx/ Tv.diveinedu.com.log, #访问日志路径     return 301 https://$server _name$request_uri;# Force all HTTP access to https}server {    listen 443; #HTTPS默认端口443      ssl on; #打开SSL安全Socket     ssl_certificate      /etc/ NGINX/TV.DIVEINEDU.COM.CRT, #证书文件路径     ssl_certificate_key  /etc/nginx/ Tv.diveinedu.com.key; #私钥文件路径     server_name tv.diveinedu.com; #主机名, matches the host of the HTTP request header domain     access_log  /var/log/nginx/tv.diveinedu.com.log; #访问日志路径      location / {        root /var/www/ tv.diveinedu.com/, #网站文档根目录       &NBsp; index index.php index.html; #默认首页     }} 

• 5. After hitting ESC, exit Vim's edit mode, then type X to enter in Vim to save the exit. Then execute the Nginx config file Syntax check command to check for errors in configuration:

Nginx-t

If there is no error, the output is:

Nginx:the configuration file/etc/nginx/nginx.conf syntax is oknginx:configuration file/etc/nginx/nginx.conf test is su Ccessful

• 6. Then you just need to restart the Nginx server.

sudo service nginx restart

Then go to your domain service provider backstage to resolve your domain name to the server to the IP address can be freely accessible, but the browser access will be automatically organized and display a warning, manually added to the trust.

If the company is rich to provide users with better service and experience, it is best to go to a well-known CA Certification Body to register for a valid certificate for the wonderful! Otherwise the browser (chome) will:

650) this.width=650; "src=" Https://static.oschina.net/uploads/img/201511/27120143_7hvl.png "alt=" Enter the picture description "title=" We just had the self-signed certificate "/>

650) this.width=650; "src=" Https://static.oschina.net/uploads/img/201511/27134919_OW6L.png "alt=" Enter the picture description "title=" 12306 self-signed certificate ""/>

Camp David Academy (Advanced Development Video): http://v.diveinedu.com

The club of Great concentration (iOS interview required): Http://divein.club

650) this.width=650; "src=" http://io.diveinedu.com/images/qrcode-diveinedu-mp-weixin.jpg "style=" width:200px; height:200px; "/>

Afnetworking+nginx+https Server Communication