yaws搭建mobile app https下载服务器

需要注意的几点:

ca证书和user证书密码必须一致;
默认配置的webserver,如果是直接文件路径则必须是get请求(不能是post请求)
android、ios下载客户端文件前,需要先安装ca公钥证书

步骤:

  1. 安装并配置erlang、yaws基础环境包
  2. 制作https需要的证书

    • 建立serial文件,输入序列号值,如010000000001,16进制)6字节存储的序列号
      [root@mbank demoCA]# vim serial
    • 建立index.txt文件
      [root@mbank demoCA]# vim index.txt
    • Linux下生成需要修改配置文件:/etc/pki/tls/openssl.cnf
      [ CA_default ]
      dir = ./cert
    • 生成2048的CA证书私钥
      openssl genrsa -des3 -out ca_private.key 2048
    • 生成2048的服务器证书私钥
      openssl genrsa -des3 -out server_private.key 2048
    • 自签名生成CA根证书,有效期10年,PEM格式
      openssl req -new -x509 -days 3650 -key ca_private.key -out ca.crt
      Country Name (2 letter code) [AU]:CN
      State or Province Name (full name) [Some-State]: BeiJing
      Locality Name (eg, city) []:BeiJing
      Organization Name (eg, company) [Internet Widgits Pty Ltd]: liuweihua.com
      Organizational Unit Name (eg, section) []:Inc
      Common Name (eg, YOUR name) []:127.0.0.1
      Email Address []:weihua1986@gmail.com
    • 生成服务器的P10(csr)证书请求,PEM格式
      openssl req -new -key server_private.key -out server.csr
      Country Name (2 letter code) [AU]:CN
      State or Province Name (full name) [Some-State]:BeiJing
      Locality Name (eg, city) []:BeiJing
      Organization Name (eg, company) [Internet Widgits Pty Ltd]: blog.liuweihua.com
      Organizational Unit Name (eg, section) []:Inc
      Common Name (eg, YOUR name) []:127.0.0.1
      Email Address []:weihua1986@gmail.com
      Please enter the following ‘extra’ attributes
      to be sent with your certificate request
      A challenge password []:
      An optional company name []:
    • 使用本地模拟CA签发服务器公钥证书
      openssl ca -days 3650 -in server.csr -out server.crt -cert ca.crt -keyfile ca_private.key
  3. 编写yaws.conf配置文件

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    logdir=log
    log_wrap_size=51200000
    log_resolve_hostname=false
    <server182.119.167.184>
    port=443
    listen=0.0.0.0
    #listen_backlog=400000
    docroot=www
    partial_post_size=102400000
    auth_skip_docroot=true
    <ssl>
    keyfile=security/https/server_private.key
    certfile=security/https/server.crt
    cacertfile=security/https/ca.crt
    verify=verify_none
    password=123456
    </ssl>
    </server>
  4. 编写启动脚本start.sh

    1
    2
    #!/bin/bash
    yaws--confyaws.conf--idtest--nametest--snametest--daemon
  5. 编写具体的下载页面和文件

    1
    2
    3
    <ahref="itms-services://?action=download-manifest&url=https://127.0.0.1/ipad/test
    .plist">点击下载</a>
    <ahref="https://127.0.0.1/android/test.apk">点击下载</a>
  6. test.plist内容如下:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>items</key>
    <array>
    <dict>
    <key>assets</key>
    <array>
    <dict>
    <key>kind</key>
    <string>software-package</string>
    <key>url</key>
    <string>https://127.0.0.1/ipad/test.ipa</string>
    </dict>
    </array>
    <key>metadata</key>
    <dict>
    <key>bundle-identifier</key>
    <string>com.liuweihua.test</string>
    <key>bundle-version</key>
    <string>1.0.0</string>
    <key>kind</key>
    <string>software</string>
    <key>title</key>
    <string>TEST</string>
    </dict>
    </dict>
    </array>
    </dict>
    </plist>



坚持原创技术分享,如果觉得文章对你有帮助,给点鼓励更好!