Sim*_*mer 6 ssl https node-red raspberry-pi3
大家好,我一直在为我的树莓派设置对 node-red 的远程访问。我已经修改了 settings.js 并安装了 node-red-admin 但是当我去启动 node-red 我收到以下错误:
Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
at Object.createSecureContext (_tls_common.js:131:17)
at Server.setSecureContext (_tls_wrap.js:1152:27)
at Server (_tls_wrap.js:1030:8)
at new Server (https.js:65:14)
at Object.createServer (https.js:89:10)
at Object.<anonymous> (/usr/lib/node_modules/node-red/red.js:141:20)
at Module._compile (internal/modules/cjs/loader.js:945:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:962:10)
at Module.load (internal/modules/cjs/loader.js:798:32)
at Function.Module._load (internal/modules/cjs/loader.js:711:12) {
library: 'SSL routines',
function: 'SSL_CTX_use_certificate',
reason: 'ee key too small',
code: 'ERR_SSL_EE_KEY_TOO_SMALL'
}
nodered.service: Main process exited, code=exited, status=1/FAILURE
nodered.service: Failed with result 'exit-code'.
nodered.service: Service RestartSec=100ms expired, scheduling restart.
nodered.service: Scheduled restart job, restart counter is at 1.
Stopped Node-RED graphical event wiring tool.
Started Node-RED graphical event wiring tool.
_tls_common.js:131
c.context.setCert(cert);
这是在我成功创建 privatekey.pem 和 certificate.pem 之后发生的。要创建这些文件,我使用:
openssl genrsa -out privatekey.pem 1024
然后使用
openssl req -new -key privatekey.pem -out private-csr.pem
之后我输入了相关信息,然后收到了验证“签名没问题”
openssl x509 -req -days 365 -in private-csr.pem -signkey privatekey.pem -out certificate.pem
由于上面返回了 ls -la 下的 privatekey.pem 和 certificate.pem 文件,我继续取消注释以下内容:
// The `https` setting requires the `fs` module. Uncomment the
following
// to make it available:
var fs = require("fs");
module.exports = {
// the tcp port that the Node-RED web server is listening on
uiPort: process.env.PORT || 1880,
并且
adminAuth: {
type: "credentials",
users: [
{
username: "admin",
password: "$2a$08$9Miva2AQEFlXQ3S7emXlIuLkLzNzi9yzgqxGYMY5dzK4FzNQa7dCu",
permissions: "*"
}
]
},
加载 fs 模块
https: {
key: fs.readFileSync('/home/pi/.node-red/privatekey.pem'),
cert: fs.readFileSync('/home/pi/.node-red/certificate.pem')
},
完成此配置后,我收到开头所述的错误消息。更新:我确实删除了 .node-red/settings.js 的内容并替换为https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js 和节点红色开始!呜呼!但是,当再次尝试重新配置 settings.js 文件时,它遇到了同样的错误。仅供参考,我正在小心地取消注释行,但是问题可能存在于我从 node-red-admin 收到的 hash-pw 中吗?因为当我通过“su”以 root 身份登录后尝试使用“npm install -g node-red-admin”安装 node-red-admin 时,它会出现以下内容:
pi@padrejuan:~ $ su
Password:
root@padrejuan:/home/pi# npm install -g node-red-admin
/usr/local/bin/node-red-admin -> /usr/local/lib/node_modules/node-red-
admin/node-red-admin.js
> bcrypt@3.0.6 install /usr/local/lib/node_modules/node-red-
admin/node_modules/bcrypt
> node-pre-gyp install --fallback-to-build
node-pre-gyp WARN Using request for node-pre-gyp https download
node-pre-gyp WARN Pre-built binaries not installable for bcrypt@3.0.6
and node@12.11.1 (node-v72 ABI, glibc) (falling back to source compile
with node-gyp)
node-pre-gyp WARN Hit error EACCES: permission denied, mkdir
'/usr/local/lib/node_modules/node-red-admin/node_modules/bcrypt/lib'
gyp WARN EACCES user "nobody" does not have permission to access the
dev dir "/root/.cache/node-gyp/12.11.1"
gyp WARN EACCES attempting to reinstall using temporary dev dir
"/usr/local/lib/node_modules/node-red-admin/node_modules/bcrypt/.node-
gyp"
gyp WARN install got an error, rolling back install
gyp WARN install got an error, rolling back install
gyp ERR! configure error
等等。
任何帮助将不胜感激
har*_*llb 12
问题是最新版本的 openssl 现在认为位长为 1024 的密钥是不安全的。
重新生成大小为 2048 的私钥,然后重新创建证书。
openssl genrsa -out privatekey.pem 2048
| 归档时间: |
|
| 查看次数: |
7753 次 |
| 最近记录: |