Reference GOCN
Sometimes you need to turn the backend HTTP service into HTTPS, and you can use a proxy.
Reamark: If it is a Golang backend service, you can use the library Go-oryx-lib/https directly.
This agent supports self-signed certificates and also supports Letsencrypt certificates.
Remark:letsencrypt only support a small number of domain names, such as their own website, it will have the limit of the number of requests, the other CA is Letsencrypt, business users are not suitable.
We have an HTTP API, SRS Version:
{
"code": 0,
"server": 12504,
"data": {
"major": 2,
"minor": 0,
"revision": 243,
" Version ":" 2.0.243 "
}
}
The following shows the proxy that implements HTTPS. self-sign Certificate
Self-signed certificates can be used in tests, Mr. Server.key and certificate SERVER.CRT as the private key:
OpenSSL genrsa-out server.key 2048 &&
OpenSSL req-new-x509-key server.key-out server.crt-days 365
Remark: There will be a lot of questions when you generate a certificate, just enter it. You can also refer to the OpenSSL documentation to set these parameters directly at the command line.
After generating the private key and certificate, download the HTTPS proxy:
Go get github.com/ossrs/go-oryx/httpx-static
For Remark:golang settings, refer to the GO environment configuration.
Note: Detailed parameters can be run directly httpx-static program without parameters, will show help.
To start the service, agent to SRS Version:
sudo $GOPATH/bin/httpx-static-http 80-https 443 \
-proxy http://ossrs.net:1985/api/v1/versions \
-SSC Server.crt-ssk Server.key
To access native HTTP and HTTPS, you can: Http:http://localhost/api/v1/versions https:https://localhost/api/v1/versions
Remark: When a browser accesses a self-signed certificate, it may be unsafe, select Advanced, and then continue browsing. Letsencrypt Certificate
You can use a Letsencrypt signed certificate that displays a legitimate green in the browser without prompting for an error. Reference: Ossrs.net.
Ossrs.net also uses httpx-static, with the following parameters:
sudo $GOPATH/bin/httpx-static-http 80-https 443 \
-lets=true-domains ossrs.net
Remark: Note that the machine on the LAN is not available, because Acme will have reverse authentication, that is, your server can be accessed on the public network. Advance Proxy
What if you need to proxy all the APIs? It is fine to specify the parent directory directly, and if specified/then all requests are proxied. For example:
The following command, proxy for all/API requests:
sudo $GOPATH/bin/httpx-static-http 80-https 443 \
-proxy http://ossrs.net:1985/api \
-ssc Server.crt-ssk serve R.key
The following command, proxy for all requests, is equivalent to making a mirror:
sudo $GOPATH/bin/httpx-static-http 80-https 443 \
-proxy http://ossrs.net/\
-ssc Server.crt-ssk Server.key
Please refer to the parameters of httpx-static for other parameters.