httpsã®ã¢ã¯ã»ã¹ãnginxã§ãããã·ãã¦node.jsã«æ¸¡ã
httpsã¢ã¯ã»ã¹ãåé¢ã«ç«ã¦ãnginxã§åãåã£ã¦ãnode.jsã«æ¸¡ãã¨ããã®ããã£ã¦ã¿ã¾ããã
ããªãé¢åããã ãªã¼ã¨æã£ã¦ããã®ã§ãããããã»ã©ã§ããªãã£ãã§ãã
ç°å¢ï¼OS X 10.8.2 / node.js 0.8.17 / nginx 1.3.12
証ææ¸ã®ä½æ
httpsサーバを実行してみたよ - 四角革命前夜ãåèã«ããã£ã½ãä½ãã¾ãã
$ head -c 20 /dev/random > seed.data $ openssl genrsa -rand seed.data -des3 1024 > secret-key.pem $ openssl req -new -key secret-key.pem -out csr.pem $ openssl x509 -in csr.pem -out server.cert -req -signkey secret-key.pem $ openssl rsa -in secret-key.pem -out secret-key-nopass.pem
ã©ã®ãã¡ã¤ã«ããªããªã®ãã¨ãå
¨ç¶ããã£ã¦ã¾ããã
nginxã®ã¤ã³ã¹ãã¼ã«
ã¾ãã¯nginxãã¤ã³ã¹ãã¼ã«ãã¾ãã
$ curl -O http://nginx.org/download/nginx-1.3.12.tar.gz $ tar xvfz nginx-1.3.12.tar.gz $ cd nginx-1.3.12/ $ ./configure --prefix=$HOME/Work/nginx/bin --with-http_ssl_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --without-http_rewrite_module $ make $ make install
ãããªæãã§ã¤ã³ã¹ãã¼ã«ãã¾ãããhttpsãæ±ãã®ã§ãã®ã¢ã¸ã¥ã¼ã«ãå
¥ãã¦ããã®ã¨ãã¡ã¼ã«é¢é£ã®ã¢ã¸ã¥ã¼ã«ãå¤ãã¦ããã®ã¨ãPCREãå
¥ããã®ãé¢åã ã£ãã¨ããçç±ã§rewriteã¢ã¸ã¥ã¼ã«ãå¤ãã¦ããã¾ãã
nginxã®è¨å®ãã¡ã¤ã«ãè¨è¿°ãã
次ã«nginxã«ãããã·ãã¦ãããããè¨å®ãã¡ã¤ã«ãæ¸ãã¾ãã
$ cd $HOME/Work/nginx/bin/conf $ cp nginx.conf{,.bak} $ vim nginx.conf
nginx.conf
worker_processes 1; events { worker_connections 1024; } http { server { listen 8080; server_name localhost; ssl on; ssl_certificate ï¼ãã¹ï¼/server.cert; ssl_certificate_key ï¼ãã¹ï¼/secret-key-nopass.pem; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; location /aaa { proxy_pass https://localhost:3000; } location /bbb { proxy_pass https://localhost:3001; } } }
éµã®è¨å®ã¯ä½åº¦ã試ãããã¨ã©ã¼ãåºãªãã£ãã®ã§ããã§ã
ãããã·ãããnode.jsã®ã¹ã¯ãªãããæ¸ã
nginxãã渡ãããã¢ã¯ã»ã¹ãå¦çããnode.jsã®ã¹ã¯ãªãããæ¸ãã¾ãã
2ã¤æ¸ãã¾ãã大ãã¦ãããã¾ããã
index.js
#!/usr/bin/env node var fs = require('fs'), https = require('https'), server; server = https.createServer({ key: fs.readFileSync('./secret-key-nopass.pem'), cert: fs.readFileSync('./server.cert') }, function(req, res) { res.writeHead(200); res.end('/aaa'); }).listen(3000, function() { console.log('server running port at 3000'); });
index2.js
#!/usr/bin/env node var fs = require('fs'), https = require('https'), server; server = https.createServer({ key: fs.readFileSync('./secret-key-nopass.pem'), cert: fs.readFileSync('./server.cert') }, function(req, res) { res.writeHead(200); res.end('/bbb'); }).listen(3001, function() { console.log('server running port at 3001'); });
nginxã¨node.jsãèµ·åããã
ãã¨ã¯èµ·åããã¦ã¢ã¯ã»ã¹ããã ãï¼
$ ./nginx $ node index.js & $ node index2.js &
ããã§Firefoxããhttps://localhost:8080/aaaã¨https://localhost:8080/bbbã«ã¢ã¯ã»ã¹ããã¨ããããã®åºåã表示ããã¾ãã
nginxã®ãã¨ãã¾ã ã¾ã å ¨ç¶ç¥ããªãã®ã§ãå°ãã§ãæ £ããããã«ä½¿ã£ã¦ããããnode-http-proxyã§ãããã·ãæ¸ãã¦ãã¾ããâ¦â¦