イントラネットSSL証明書の構築-OTAインストールiOSテストパッケージの構築
5995 ワード
前言
今日は新しいMacBook ProでiOSアプリをパッケージしたばかりです.会社はドックを拡張していません.WI-FIでデバッグしたいのですが、まずデータ線でパソコンにリンクする必要があります.OTA方式でインストールするしかありません.
構築OTAプロセス
イントラネットIP https証明書の生成
具体的な操作は、王王勇旭の自己署名証明書Chromeの「プライベート接続の問題ではない」を参考にしてください.
関連する構成は次のとおりです.-- LocalCA.cnf
touch LocalCA.cnf
:
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = root_ca
[ req_distinguished_name ]
# define CA
countryName = CN (2 letter code)
countryName_min = 2
countryName_max = 2
stateOrProvinceName = GuangDong
localityName = GuangZhou
0.organizationName = LocalCompany
organizationalUnitName = technology
commonName = develop
commonName_max = 64
emailAddress = [email protected]
emailAddress_max = 64
[ root_ca ]
basicConstraints = critical, CA:true
-- LocalCA.ext
touch LocalCA.ext
:
subjectAltName = @alt_names
extendedKeyUsage = serverAuth
[alt_names]
# domain
DNS.1 = domain.com
# IP
IP.1 = 192.168.2.221
IP.2 = 127.0.0.1
--
-- CA ,
openssl req -x509 -newkey rsa:2048 -out LocalCA4Device.cer -outform PEM -keyout LocalCA4Device.pvk -days 10000 -verbose -config LocalCA.cnf -nodes -sha256 -subj "/CN=LocalCompany CA"
-- SSL
openssl req -newkey rsa:2048 -keyout LocalCA4Nginx.pvk -out LocalCA4Nginx.req -subj /CN=localhost -sha256 -nodes
openssl x509 -req -CA LocalCA4Device.cer -CAkey LocalCA4Device.pvk -in LocalCA4Nginx.req -out LocalCA4Nginx.cer -days 10000 -extfile LocalCA.ext -sha256 -set_serial 0x1111
CA証明書を関連機器にインストールすればよい.Windowは指定されたディレクトリ【信頼されたルート証明書発行機関】にインストールする必要があります.
OTAダウンロードのhtmlコンテンツ
iOS-
nginx構成
user nginx;
worker_processes 2;
pid /opt/nginx-1.16.1/nginx.pid;
error_log /data/logs/nginx/error.log;
events {
use epoll;
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr $request_length $request_time [$time_local] "$request" $status $bytes_sent '
'$http_host "$proxy_add_x_forwarded_for" "$http_referer" $upstream_addr $upstream_response_time';
access_log /data/logs/nginx/access.log main;
server_tokens off;
gzip on;
gzip_proxied any;
gzip_vary on;
gzip_min_length 100k;
gzip_buffers 4 16k;
gzip_comp_level 3;
gzip_types application/x-javascript text/plain application/xml text/xml application/xhtml+xml text/css text/javascript;
sendfile on;
port_in_redirect on;
keepalive_timeout 60;
keepalive_requests 1000;
log_not_found on;
client_max_body_size 50M;
client_header_buffer_size 16k;
large_client_header_buffers 8 32k;
client_body_timeout 300;
client_body_buffer_size 3072k;
upstream ota-server {
server 192.168.2.222:8080;
}
server {
listen 80 ;
server_name 192.168.2.188;
root /home/nginx/html/;
error_page 404 502 = @fetch;
location @fetch {
default_type application/json;
return 200 '{"result":500,"state":false,"msg":"server error"}';
}
location ~ / {
proxy_pass http://ota-server;
proxy_read_timeout 7200;
proxy_connect_timeout 5;
proxy_set_header Host $Host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 443 ;
server_name 192.168.2.188;
ssl on;
ssl_certificate /opt/nginx-1.16.1/certs/LocalCA4Nginx.cer;
ssl_certificate_key /opt/nginx-1.16.1/certs/LocalCA4Nginx.pvk;
ssl_ciphers HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
root /home/nginx/html/;
error_page 404 502 = @fetch;
location @fetch {
default_type application/json;
return 200 '{"result":500,"state":false,"msg":"server error"}';
}
location ~ / {
proxy_pass http://ota-server;
proxy_read_timeout 7200;
proxy_connect_timeout 5;
proxy_set_header Host $Host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
-- LocalCA.cnf
touch LocalCA.cnf
:
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = root_ca
[ req_distinguished_name ]
# define CA
countryName = CN (2 letter code)
countryName_min = 2
countryName_max = 2
stateOrProvinceName = GuangDong
localityName = GuangZhou
0.organizationName = LocalCompany
organizationalUnitName = technology
commonName = develop
commonName_max = 64
emailAddress = [email protected]
emailAddress_max = 64
[ root_ca ]
basicConstraints = critical, CA:true
-- LocalCA.ext
touch LocalCA.ext
:
subjectAltName = @alt_names
extendedKeyUsage = serverAuth
[alt_names]
# domain
DNS.1 = domain.com
# IP
IP.1 = 192.168.2.221
IP.2 = 127.0.0.1
--
-- CA ,
openssl req -x509 -newkey rsa:2048 -out LocalCA4Device.cer -outform PEM -keyout LocalCA4Device.pvk -days 10000 -verbose -config LocalCA.cnf -nodes -sha256 -subj "/CN=LocalCompany CA"
-- SSL
openssl req -newkey rsa:2048 -keyout LocalCA4Nginx.pvk -out LocalCA4Nginx.req -subj /CN=localhost -sha256 -nodes
openssl x509 -req -CA LocalCA4Device.cer -CAkey LocalCA4Device.pvk -in LocalCA4Nginx.req -out LocalCA4Nginx.cer -days 10000 -extfile LocalCA.ext -sha256 -set_serial 0x1111
iOS-
user nginx;
worker_processes 2;
pid /opt/nginx-1.16.1/nginx.pid;
error_log /data/logs/nginx/error.log;
events {
use epoll;
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr $request_length $request_time [$time_local] "$request" $status $bytes_sent '
'$http_host "$proxy_add_x_forwarded_for" "$http_referer" $upstream_addr $upstream_response_time';
access_log /data/logs/nginx/access.log main;
server_tokens off;
gzip on;
gzip_proxied any;
gzip_vary on;
gzip_min_length 100k;
gzip_buffers 4 16k;
gzip_comp_level 3;
gzip_types application/x-javascript text/plain application/xml text/xml application/xhtml+xml text/css text/javascript;
sendfile on;
port_in_redirect on;
keepalive_timeout 60;
keepalive_requests 1000;
log_not_found on;
client_max_body_size 50M;
client_header_buffer_size 16k;
large_client_header_buffers 8 32k;
client_body_timeout 300;
client_body_buffer_size 3072k;
upstream ota-server {
server 192.168.2.222:8080;
}
server {
listen 80 ;
server_name 192.168.2.188;
root /home/nginx/html/;
error_page 404 502 = @fetch;
location @fetch {
default_type application/json;
return 200 '{"result":500,"state":false,"msg":"server error"}';
}
location ~ / {
proxy_pass http://ota-server;
proxy_read_timeout 7200;
proxy_connect_timeout 5;
proxy_set_header Host $Host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 443 ;
server_name 192.168.2.188;
ssl on;
ssl_certificate /opt/nginx-1.16.1/certs/LocalCA4Nginx.cer;
ssl_certificate_key /opt/nginx-1.16.1/certs/LocalCA4Nginx.pvk;
ssl_ciphers HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
root /home/nginx/html/;
error_page 404 502 = @fetch;
location @fetch {
default_type application/json;
return 200 '{"result":500,"state":false,"msg":"server error"}';
}
location ~ / {
proxy_pass http://ota-server;
proxy_read_timeout 7200;
proxy_connect_timeout 5;
proxy_set_header Host $Host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}