beego启用https

---

启用https的话，首先要生成ssl证书

生成ssl证书

SSL证书包括:

• 1. CA证书: 也叫根证书或者中间级证书，如果是单项https认证的话，该证书是可选的。不安装ca证书的话，浏览器默认是不安全的
• 2. 服务器证书，必选项。通过key, 证书请求文件csr，在通过ca证书签名，生成服务器证书
• 3. 客户端证书，可选项。如有客户端证书测试双向https验证

服务器证书的生成

• 1. 生成服务器私钥

  root@debian:~/https_crt/127.0.0.1# openssl genrsa -des3 -out server.key 1024
  Generating RSA private key, 1024 bit long modulus
  .......................................++++++
  ..............................................++++++
  e is 65537 (0x10001)
  Enter pass phrase for server.key:
  Verifying - Enter pass phrase for server.key:
  

• 2. 生成服务器证书请求(csr)
     在生成csr文件的过程中，有一点很重要, Common Name 填入主机名（或者服务器IP）

  root@debian:~/https_crt/127.0.0.1# openssl req -new -key server.key -out server.csr 
  Enter pass phrase for server.key:
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -----
  Country Name (2 letter code) [AU]:CN
  State or Province Name (full name) [Some-State]:Shanghai
  Locality Name (eg, city) []:Shanghai
  Organization Name (eg, company) [Internet Widgits Pty Ltd]:AAA
  Organizational Unit Name (eg, section) []:OT               
  Common Name (e.g. server FQDN or YOUR name) []:127.0.0.1
  Email Address []:
  
  Please enter the following 'extra' attributes
  to be sent with your certificate request
  A challenge password []:
  An optional company name []:
  

• 3. 删除私钥中密码
     在第一步创建私钥的过程中，由于必须制定一个密码，而这个密码的副作用是，每次启动http服务的时候，都会要求输入密码，这会带来很大的不变。可以通过以下方式删除私钥中密码

  root@debian:~/https_crt/127.0.0.1# cp server.key server.key.org
  root@debian:~/https_crt/127.0.0.1# openssl rsa -in server.key.org -out server.key
  

• 4. 生成服务器证书
     如果你不想花钱让ca签名，那么可以以下方式生成一个自签名的证书

  root@debian:~/https_crt/127.0.0.1# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out  server.crt
  Signature ok
  subject=/C=CN/ST=Shanghai/L=Shanghai/O=AAA/OU=OT/CN=127.0.0.1
  Getting Private key
  

• 5. 查看证书内容
     签名证书之后，可以通过以下方式查看服务器证书的内容

  root@debian:~/https_crt/127.0.0.1# openssl x509 -noout -text -in server.crt
  

修改beego配置

ssl证书完毕之后，修改beego里面相应配置，设置https端口，以及证书路径

• 修改配置文件
  打开conf/app.conf配置文件，加入https相关配置

  EnableDocs = true
  EnableHTTPS=true
  EnableHttpTLS = true
  HttpsPort = 8010
  HTTPSCertFile = "conf/server.crt"
  HTTPSKeyFile = "conf/server.key"
  

  证书就放在app.conf里面配置的目录就行