带开发服务器的 Django https
Django https with a dev server
我正在尝试在我的网站中使用 SpeechRecognition/webkitSpeechRecognition,因此需要 运行 使用 https 的 django 开发服务器。
我已采取以下步骤:
- 从
django-extensions 安装和配置 runserver_plus
把这个生成的证书添加到我的cas中ubuntu.
# run server
python3 manage.py runserver_plus --cert-file certs/localhost --reloader-interval 2 0.0.0.0:8000
然后
# to copy certificates:
sudo mkdir /usr/share/ca-certificates/extra
sudo cp certs/localhost.crt /usr/share/ca-certificates/extra/localhost.crt
sudo chmod -R 755 /usr/share/ca-certificates/extra/
sudo chmod 644 /usr/share/ca-certificates/extra/localhost.crt
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates
然后我重新启动一切以确保更改已被考虑在内,但该网站在 https://127.0.0.1:8000 和 https://localhost:8000
我做错了什么?
注:
awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
# gives:
...
subject=CN = localhost
subject=CN = *.localhost/CN=localhost, O = Dummy Certificate
这是我的chrome证书invlaid截图:
注二:我在 Firefox 中也遇到了同样的问题
注三:
我已通过将以下内容复制到浏览器并选择启用来启用 Allow invalid certificates for resources loaded from localhost.:
chrome://flags/#allow-insecure-localhost
这不是一个快速修复。我将在此处概述我为解决此问题所采取的步骤。作为参考,我正在使用:
- Django 2.2.1
- Ubuntu 18.04.02
- Google Chrome 75.0.3770.142
我的解决方案深受 this article 的影响。
# in /System/Library/OpenSSL/openssl.cnf
# comment
# RANDFILE = $ENV::HOME/.rnd
# uncomment
req_extensions = v3_req
# your domain can be whatever for a local dev server, i chose company.dev
[ v3_req ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = company.dev
DNS.2 = *.company.dev
[ v3_ca ]
# update
basicConstraints = critical, CA:TRUE, pathlen:3
# uncomment
keyUsage = critical, cRLSign, keyCertSign
nsCertType = sslCA, emailCA
# in your project root, make a dir for certs:
mkdir certs
# Create CA certificate
openssl genrsa -aes256 -out certs/ca.key.pem 2048
# gen key
openssl req -new -x509 -subj "/CN=companydev" -extensions v3_ca -days 3650 -key certs/ca.key.pem -sha256 -out certs/ca.pem -config /usr/lib/ssl/openssl.cnf
# Create Server certificate signed by CA
openssl genrsa -out certs/local.key.pem 2048
openssl req -subj "/CN=local" -extensions v3_req -sha256 -new -key certs/local.key.pem -out certs/local.csr
openssl x509 -req -extensions v3_req -days 3650 -sha256 -in certs/local.csr -CA certs/ca.pem -CAkey certs/ca.key.pem -CAcreateserial -out certs/local.crt -extfile /usr/lib/ssl/openssl.cnf
cat certs/local.crt certs/local.key.pem > certs/local-ca-full.pem
# move certificate to ca certs
sudo cp certs/local.crt /usr/share/ca-certificates/extra/local.crt
sudo chmod -R 755 /usr/share/ca-certificates/extra/
sudo chmod 644 /usr/share/ca-certificates/extra/local.crt
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates
# update /etc/hosts
127.0.0.1 localhost local.company.dev
将证书添加到 chrome:
- 转到设置
- 搜索HTTPS/SSL
- 转到权限选项卡
- 导入certs/ca.pem
# Finally run server with
python3 manage.py runserver_plus --cert-file certs/local.crt --key-file certs/local.key.pem --reloader-interval 2 0.0.0.0:8000
在 https://local.company.dev:8000/ 打开浏览器,喝杯当之无愧的咖啡
如果我遗漏了什么,请不要犹豫发表评论,我会更新答案
我正在尝试在我的网站中使用 SpeechRecognition/webkitSpeechRecognition,因此需要 运行 使用 https 的 django 开发服务器。
我已采取以下步骤:
- 从
django-extensions 安装和配置 把这个生成的证书添加到我的cas中ubuntu.
# run server python3 manage.py runserver_plus --cert-file certs/localhost --reloader-interval 2 0.0.0.0:8000然后
# to copy certificates: sudo mkdir /usr/share/ca-certificates/extra sudo cp certs/localhost.crt /usr/share/ca-certificates/extra/localhost.crt sudo chmod -R 755 /usr/share/ca-certificates/extra/ sudo chmod 644 /usr/share/ca-certificates/extra/localhost.crt sudo dpkg-reconfigure ca-certificates sudo update-ca-certificates然后我重新启动一切以确保更改已被考虑在内,但该网站在
https://127.0.0.1:8000和https://localhost:8000 上仍然不受信任
runserver_plus
我做错了什么?
注:
awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
# gives:
...
subject=CN = localhost
subject=CN = *.localhost/CN=localhost, O = Dummy Certificate
这是我的chrome证书invlaid截图:
注二:我在 Firefox 中也遇到了同样的问题
注三:
我已通过将以下内容复制到浏览器并选择启用来启用 Allow invalid certificates for resources loaded from localhost.:
chrome://flags/#allow-insecure-localhost
这不是一个快速修复。我将在此处概述我为解决此问题所采取的步骤。作为参考,我正在使用:
- Django 2.2.1
- Ubuntu 18.04.02
- Google Chrome 75.0.3770.142
我的解决方案深受 this article 的影响。
# in /System/Library/OpenSSL/openssl.cnf
# comment
# RANDFILE = $ENV::HOME/.rnd
# uncomment
req_extensions = v3_req
# your domain can be whatever for a local dev server, i chose company.dev
[ v3_req ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = company.dev
DNS.2 = *.company.dev
[ v3_ca ]
# update
basicConstraints = critical, CA:TRUE, pathlen:3
# uncomment
keyUsage = critical, cRLSign, keyCertSign
nsCertType = sslCA, emailCA
# in your project root, make a dir for certs:
mkdir certs
# Create CA certificate
openssl genrsa -aes256 -out certs/ca.key.pem 2048
# gen key
openssl req -new -x509 -subj "/CN=companydev" -extensions v3_ca -days 3650 -key certs/ca.key.pem -sha256 -out certs/ca.pem -config /usr/lib/ssl/openssl.cnf
# Create Server certificate signed by CA
openssl genrsa -out certs/local.key.pem 2048
openssl req -subj "/CN=local" -extensions v3_req -sha256 -new -key certs/local.key.pem -out certs/local.csr
openssl x509 -req -extensions v3_req -days 3650 -sha256 -in certs/local.csr -CA certs/ca.pem -CAkey certs/ca.key.pem -CAcreateserial -out certs/local.crt -extfile /usr/lib/ssl/openssl.cnf
cat certs/local.crt certs/local.key.pem > certs/local-ca-full.pem
# move certificate to ca certs
sudo cp certs/local.crt /usr/share/ca-certificates/extra/local.crt
sudo chmod -R 755 /usr/share/ca-certificates/extra/
sudo chmod 644 /usr/share/ca-certificates/extra/local.crt
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates
# update /etc/hosts
127.0.0.1 localhost local.company.dev
将证书添加到 chrome:
- 转到设置
- 搜索HTTPS/SSL
- 转到权限选项卡
- 导入certs/ca.pem
# Finally run server with
python3 manage.py runserver_plus --cert-file certs/local.crt --key-file certs/local.key.pem --reloader-interval 2 0.0.0.0:8000
在 https://local.company.dev:8000/ 打开浏览器,喝杯当之无愧的咖啡
如果我遗漏了什么,请不要犹豫发表评论,我会更新答案