This article consists of two parts: 1. Set up local HTTPS domain name access; 2. Part of “Setting up local HTTPS domain access” is reprinted from the article “Create your own root certificate and domain SSL certificate for HTTPS debugging under MacOS”.
The process is simple. First, implement local HTTPS domain name access, and then resolve the router’s Hosts domain name to the IP address of the device to be accessed. You need to use a router that can access SSH to modify the Hosts on the LAN so that devices on the LAN can access the HTTPS Intranet domain name.
Set up local HTTPS domain name access
Firstly, the local service can be accessed through HTTPS and customized domain name. My system is MacOS, and the steps are as follows:
- Create a root SSL certificate
- Trust certificate
- Generate a domain SSL certificate
- Nginx uses certificates and configures proxy services
- Modify the hosts test locally
1. Create an SSL certificate
The first step is to create a Secure Sockets Layer (CA SSL) root certificate. This root certificate can then be used to sign any number of certificates that may be generated for a single domain.
A CA or Catificate Authority is used to provide server certificates (including domain names, company information, serial numbers, and signature information) to enhance information exchange security between servers and clients and provide certificate operation and maintenance services.
Create root key
$ openssl genrsa -des3 -out rootCA.key 2048
Copy the codeIn this step, you will be prompted for a password, which is required each time a certificate is generated using this particular key.
Use the generated key to create a new root SSL certificate. Save it as rootca.pem. The certificate is valid for 10 years. During this process, you will also be prompted for additional optional information.
$ openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.pem
Copy the codeMost of the fields prompted to fill in can be directly entered, as long as the Common Name field needs to be filled in, which is the Name of the certificate imported into the system after the certificate is generated. I filled in Local Certification
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:Local Certification
Copy the code2. Trust certificate
Open [Keystring Access], select [System] on the left [Keystring], select [Type] [Certificate], and import the generated root certificate (rootca.pem).
Double-click the certificate, and in the Trust Settings, select Always Trust for SSL and X.509 Basic policies.
3. Generate the domain SSL certificate
Here I generate a *.lipten.link wildcard certificate.
Create a v3.ext file to create an X509 V3 certificate. Notice that we specified the subjectAltName option.
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage=digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName=@alt_names
[alt_names]
DNS.1 = *.lipten.link
Copy the codeCreate the certificate key,
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key
Copy the codeIn this step, the information required by the domain Name certificate key is displayed in the browser. The most important information is the Common Name, which must correspond to the domain Name to be accessed through HTTPS.
Country Name (2 letter code) []:CN
State or Province Name (full name) []:Province
Locality Name (eg, city) []:City
Organization Name (eg, company) []:WIZ Technology Co. Ltd.
Organizational Unit Name (eg, section) []:WIZ Technology Co. Ltd.
Common Name (eg, fully qualified host name) []:*.lipten.link
Copy the codeThe certificate signing request is issued through the root SSL certificate we created earlier, creating a *.lipten.link domain name certificate. The output is a certificate file named server.crt,
$openssl x509 -req -in server. csr-ca [rootca. pem path] -cakey [rootca.key path] -cacreateserial -out server. CRT -days 500 -sha256 -extfile v3.extCopy the codeNotice Enter the path of CA and CA Key based on actual conditions. My rootCA certificate root domain SSL certificate is separate.
Now I’m ready to use this certificate. My server is using Nginx. Here are some configurations.
server { listen 80; listen 443 ssl; Server_name ~^ WWW \.lipten\.link$; Ssl_certificate [SSL certificate path]/server.crt; Ssl_certificate_key [SSL certificate path]/server.key; index index.html index.php; Location / {proxy_pass http://localhost:8080; }... }Copy the codeRemember to restart nginx
$ nginx -s reload
Copy the codeFinally, change the local hosts to www.lipten.link to the local address
$ sudo vim /etc/hosts
Copy the codeAdd the following configuration
127.0.0.1 www.lipten.link
Copy the codeThe effect is as follows:
The above implementation of HTTPS custom domain name access to the local service, so that you can meet many need to specify the domain name to debug the situation, do not have to send a remote server every time.
However, this scheme can only be debugged locally, and some third-party SDK needs to be accessed in the corresponding APP of the mobile phone to simulate the real environment for SDK function debugging.
Other devices on the LAN can access it.
To enable other devices to debug using HTTPS domain names locally, the only way to do this is to rely on the router hosts. You need a router that has cracked SSH. How to crack SSH is not described here.
I have a router with Padavan firmware, which can be directly configured on the Web management interface:
Choose Internal Network (LAN) -> Select DHCP Server -> click the custom configuration file “hosts” at the bottom
Restart the router, connect other devices to the same LAN, and you can access the local service on the Intranet through https://www.lipten.link.