История изменений
Исправление MariaRTI, (текущая версия) :
Что можно сказать об этом? Делаю такой curl запрос на upserver:8888
curl -H "Origin: https://upserver:8888" \
-H "Access-Control-Request-Method: GET" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-X OPTIONS --verbose \
https://upserver:8888/upload
выхлоп:
* Expire in 0 ms for 6 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Trying 192.168.0.66...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x562bea5fefb0)
* Connected to upserver (192.168.0.66) port 8888 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
почему требуется «local issuer certificate» и почему задействуются сертификаты в /etc/ssl/certs я недопонимаю? на этом сервере я создал собственный центр сертификации CA в отдельном каталоге в приложении, сертификаты из /etc/ssl/certs при этом не используются. По крайней мере их некуда приткнуть при создании корневого сертификата и в инструкциях по этому поводу ничего не сказано.
Неофициальная инструкция: https://coderoad.ru/34807073/%D0%9A%D0%B0%D0%BA-%D1%81%D0%B3%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D1%82%D1%8C-%D1%81%D0%B5%D1%80%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%82%D1%8B-cowboy-SSL
подключение сертификатов в исходнике сервера
start(_Type, _Args) ->
Dispatch = cowboy_router:compile([
{'_', [
{"/" , cowboy_static, {priv_file, upserver, "index.html"}},
{"/assets/[...]", cowboy_static, {priv_dir , upserver, "assets"}},
{"/upload" , upload_handler, []}
]}
]),
PrivDir = code:priv_dir(upserver),
{ok, _} = cowboy:start_tls(https, [
{port, 8888},
{cacertfile, PrivDir ++ "/ssl/end_cert/end.csr"},
{certfile, PrivDir ++ "/ssl/end_cert/end.crt"},
{keyfile, PrivDir ++ "/ssl/end_cert/end.key"}
], #{env => #{dispatch => Dispatch}}),
upserver_sup:start_link().
Исправление MariaRTI, :
Что можно сказать об этом? Делаю такой curl запрос на upserver:8888
curl -H "Origin: https://upserver:8888" \
-H "Access-Control-Request-Method: GET" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-X OPTIONS --verbose \
https://upserver:8888/upload
выхлоп:
* Expire in 0 ms for 6 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Trying 192.168.0.66...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x562bea5fefb0)
* Connected to upserver (192.168.0.66) port 8888 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
почему требуется «local issuer certificate» и почему задействуются сертификаты в /etc/ssl/certs я недопонимаю? на этом сервере я создал собственный центр сертификации CA в отдельном каталоге в приложении, сертификаты из /etc/ssl/certs при этом не используются. По крайней мере их некуда приткнуть при создании корневого сертификата и в инструкциях по этому поводу ничего не сказано.
не официальная инструкция: https://coderoad.ru/34807073/%D0%9A%D0%B0%D0%BA-%D1%81%D0%B3%D0%B5%D0%BD%D0%B5%D1%80%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D1%82%D1%8C-%D1%81%D0%B5%D1%80%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%82%D1%8B-cowboy-SSL
подключение сертификатов в исходнике сервера
start(_Type, _Args) ->
Dispatch = cowboy_router:compile([
{'_', [
{"/" , cowboy_static, {priv_file, upserver, "index.html"}},
{"/assets/[...]", cowboy_static, {priv_dir , upserver, "assets"}},
{"/upload" , upload_handler, []}
]}
]),
PrivDir = code:priv_dir(upserver),
{ok, _} = cowboy:start_tls(https, [
{port, 8888},
{cacertfile, PrivDir ++ "/ssl/end_cert/end.csr"},
{certfile, PrivDir ++ "/ssl/end_cert/end.crt"},
{keyfile, PrivDir ++ "/ssl/end_cert/end.key"}
], #{env => #{dispatch => Dispatch}}),
upserver_sup:start_link().
Исходная версия MariaRTI, :
Что можно сказать об этом? Делаю такой curl запрос на upserver:8888
curl -H "Origin: https://upserver:8888" \
-H "Access-Control-Request-Method: GET" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-X OPTIONS --verbose \
https://upserver:8888/upload
выхлоп:
* Expire in 0 ms for 6 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 1 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Expire in 0 ms for 1 (transfer 0x562bea5fefb0)
* Trying 192.168.0.66...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x562bea5fefb0)
* Connected to upserver (192.168.0.66) port 8888 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
почему требуется «local issuer certificate» и почему задействуются сертификаты в /etc/ssl/certs я недопонимаю? на этом сервере я создал собственный центр сертификации CA в отдельном каталоге в приложении, сертификаты из /etc/ssl/certs при этом не используются. По крайней мере их некуда приткнуть при создании корневого сертификата и в инструкциях по этому поводу ничего не сказано.