AutojsPro9311服务器端部署教程

安卓转发请求

  • 打开文件
    /system/etc/hosts
  • 修改内容

    127.0.0.1       localhost
    ::1             ip6-localhost
    
    # 下面这个ip如果不是本地服务器,则需要修改成接口服务器的ip
    127.0.0.1 pro.autojs.org
    
    127.0.0.1 data.flurry.com
    127.0.0.1 c.sayhi.360.cn
    127.0.0.1 android.bugly.qq.com
    127.0.0.1 recaptcha.net

Linux安装openssl

1、下载对应版本:openssl-1.1.1v.tar.gz

2、解压openssl包:

tar -xzf openssl-1.1.1n.tar.gz

2、得到openssl-1.1.1n目录,然后进入openssl-1.1.1n目录中,安装openssl到 /usr/local/openssl 目录,安装之后,编译:

cd openssl-1.1.1
./config shared zlib  --prefix=/usr/local/openssl && make && make install

3、安装结束后执行以下命令:

./config -t
make depend

4、进入/usr/local目录下,执行以下命令:

ln -s openssl ssl

5、在/etc/ld.so.conf文件的最后面,添加如下内容:

/usr/local/openssl/lib

更新缓存

ldconfig

6、添加OPESSL的环境变量,在etc/的profile的最后一行,添加:

export OPENSSL=/usr/local/openssl/bin
export PATH=$OPENSSL:PATH:$HOME/bin

7、重新加载环境变量:

source /etc/profile

8、检查OPENSSL是否安装成功:

openssl version -a

openssl生成证书

生成过程

创建文件夹ca

  • 生成CA私钥

    openssl genpkey -algorithm RSA -out myCA.key -pkeyopt rsa_keygen_bits:2048

    生成如下:

    [root@VM-4-15-centos ca]# openssl genpkey -algorithm RSA -out myCA.key -pkeyopt rsa_keygen_bits:2048
    ....................+++++
    ...........................................+++++
  • 生成CA证书
    注意此处更新了个-days 3650,将ca证书有效期设置成10年,不加的话都是默认一个月

    openssl req -new -x509 -sha384 -key myCA.key -out myCA.crt -days 3650

    生成如下:

    [root@VM-4-15-centos ca]# openssl req -new -x509 -sha384 -key myCA.key -out myCA.crt
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    ----
    Country Name (2 letter code) [AU]:CN
    State or Province Name (full name) [Some-State]:.
    Locality Name (eg, city) []:.
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
    Organizational Unit Name (eg, section) []:.
    Common Name (e.g. server FQDN or YOUR name) []:pro.autojs.org
    Email Address []:123456@qq.com
  • 获取证书哈希值,

    openssl x509 -subject_hash -in myCA.crt

    生成如下:

    [root@VM-4-15-centos ca]# openssl x509 -subject_hash -in myCA.crt
    32a0c59b
    -----BEGIN CERTIFICATE-----
    MIID/zCCAuegAwIBAgIUHptUbjm8YgPGqUdfRUFfFeV1CIkwDQYJKoZIhvcNAQEM
    BQAwgY4xCzAJBgNVBAYTAkNOMQ8wDQYDVQQIDAZGVUpJQU4xDzANBgNVBAcMBlBV
    VElBTjERMA8GA1UECgwIV1VZQUtFSkkxEDAOBgNVBAsMB1hJQU5ZT1UxFzAVBgNV
    BAMMDnByby5hdXRvanMub3JnMR8wHQYJKoZIhvcNAQkBFhA5NDIwMDE4NjBAcXEu
    Y29tMB4XDTIzMDgxOTE0MTUzMFoXDTIzMDkxODE0MTUzMFowgY4xCzAJBgNVBAYT
    AkNOMQ8wDQYDVQQIDAZGVUpJQU4xDzANBgNVBAcMBlBVVElBTjERMA8GA1UECgwI
    V1VZQUtFSkkxEDAOBgNVBAsMB1hJQU5ZT1UxFzAVBgNVBAMMDnByby5hdXRvanMu
    b3JnMR8wHQYJKoZIhvcNAQkBFhA5NDIwMDE4NjBAcXEuY29tMIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwB/1EMfdNYTrmD0WlUK+PqDkezMj7iOABhLv
    YEZ0RevCJ9XaBmS54JrklONljII4R3BjcZTb+gVzx6HmpsDm+9NN4xo2VpDXDMBx
    dGxA9ZPuthRJsaOt9iHoV77Q9Z5JByj7qZS3ftkEfpd6N82IWDIwWSICd2/Akneb
    Sk2IJnhB61aLvVpvvBKQKUBpSM753X85Msd8wWgZ5DI/DZEtBSRIyDr/PTK0mLS7
    sOVUKLDan9G1H1UYK0zinVeJqPWc2IgvrhqlMgDutIQotzoY994zTejQ7Pp4mOVJ
    iti2yY9DDVARYUjBbC8SiPSjX9TosEkgrfyQNruarkZs2uUJgQIDAQABo1MwUTAd
    BgNVHQ4EFgQUFH6Iwyn8tqNR5mpn53VTta/WT+swHwYDVR0jBBgwFoAUFH6Iwyn8
    tqNR5mpn53VTta/WT+swDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQwFAAOC
    AQEAEXKGgsd0fvVCeVetCDJF9IUWVrvOEeYmjI1T4gHJcpDJKf6X1EPH91HMDNS0
    p7rwj2hYHPrFfWL31VVyEk8WFcMs0i3hVLIk2+NcoRlHCnxzPwinqe8u91XDrh6w
    qS6ywHj7vzR0fnRM92513WBfTmGEFsWKqVNr36MQ1wWP8iOSbMV55u/hG5Hxo6yn
    fleMkY4L59PKMLURRNu8a5ek94vCcMhibIXUdjhsfsh9MfOTumovvzNnNBDsh/PN
    WdTiXATuJSxvEtJiglnyKe/7jnIApclc7ofiMWmUXFHi8LABGt8pOPTgXyQR+ID3
    dP8xfDFM2dx/j4H3OFuLRRLYGg==
    -----END CERTIFICATE-----

    生成的哈希值为32a0c59b,新建 32a0c59b.0,并将 myCA.crt 的内容复制进去

创建文件夹certs

  • 生成ssl证书私钥

    openssl genrsa -out localhost.key 2048

    生成如下:

    [root@VM-4-15-centos certs]# openssl genrsa -out localhost.key 2048
    Generating RSA private key, 2048 bit long modulus (2 primes)
    ..............................................................................+++++
    ...................................................................................................................................................................................................................................+++++
    e is 65537 (0x010001)
  • 创建ssl证书私钥

    openssl req -new -key localhost.key -out localhost.csr

    生成如下:

    [root@VM-4-15-centos certs]# openssl req -new -key localhost.key -out localhost.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:CN
    State or Province Name (full name) [Some-State]:.
    Locality Name (eg, city) []:.
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
    Organizational Unit Name (eg, section) []:.
    Common Name (e.g. server FQDN or YOUR name) []:pro.autojs.org
    Email Address []:123456@qq.com
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:autojs
    An optional company name []:autojs
  • 创建cert.ext,文件内容:

    authorityKeyIdentifier=keyid,issuer
    basicConstraints=CA:FALSE
    keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
    subjectAltName = @alt_names
    
    [alt_names]
    DNS.1 = pro.autojs.org
  • 创建ssl证书CSR

    openssl x509 -req -in localhost.csr -out localhost.crt -days 3650 \
    -CAcreateserial -CA ../ca/myCA.crt -CAkey ../ca/myCA.key \
    -CAserial serial -extfile cert.ext

    生成如下:

    [root@VM-4-15-centos certs]# openssl x509 -req -in localhost.csr -out localhost.crt -days 3650 \
    > -CAcreateserial -CA ../ca/myCA.crt -CAkey ../ca/myCA.key \
    > -CAserial serial -extfile cert.ext
    Signature ok
    subject=C = CN, ST = ., L = ., O = ., OU = ., CN = pro.autojs.org, emailAddress = 123456@qq.com
    Getting CA Private Key
  • 使用CA验证一下证书是否通过

    openssl verify -CAfile ../ca/myCA.crt localhost.crt

    生成如下:

    [root@VM-4-15-centos certs]#  openssl verify -CAfile ../ca/myCA.crt localhost.crt
    localhost.crt: OK

生成结果

  • --ca

    • ----myCA.key
    • ----myCA.crt
    • ----32a0c59b.0
  • --certs

    • ----localhost.crt
    • ----localhost.csr
    • ----localhost.key
    • ----cert.ext
    • ----serial

附检查证书有效期的命令

两个都要检查(localhost.crt|myCA.crt)

openssl x509 -noout -dates -in crt文件路径

证书导入安卓机

  • 将 32a0c59b.0 移动到:
    /system/etc/security/cacerts
  • 修改属性:
    • 权限:644
    • 用户组:root
    • 所有者:root

证书部署

新建项目

  • 网站-Node项目-添加Node项目
  • 项目目录:接口文件夹目录
  • 项目名称:ajlocal
  • 启动选项:自定义启动命令-选择项目的接口运行文件路径
  • 项目端口:接口文件运行端口
  • 运行用户:root

部署SSl证书

  • 域名管理 —> 添加域名
    pro.autojs.org
  • 外网映射 —> 开启
  • SSL
    • 左侧输入框内容:localhost.key
    • 右侧输入框内容:localhost.crt + myCA.crt

自启引导项

  • 创建引导启动项文件:/etc/rc.local

  • 修改属性:

    • 权限:644
    • 用户组:root
    • 所有者:root
  • 文件内容

    export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    export MYVAR=example
    
    echo "reStarting bt"
    bt 1
    
    echo "Starting Nginx"
    /www/server/nginx/sbin/nginx
    
    echo "Starting Ajlocal_Server"
    node /www/wwwroot/ajlocal/main.js
    
    echo "Starting CodeServer"
    /www/wwwroot/code-server/bin/code-server --port 8088 --host 0.0.0.0 --auth password
    

附录

安卓用户证书安装后的存储位置

  • 用户证书安装后的存储位置(root权限):
    /data/misc/user/0/cacerts-added/
  • 系统证书路径
    /system/etc/security/cacerts/

    将安装用户证书后 ,将用户证书路径下的证书复制到系统证书路径下 即可变成系统证书 解决安装7.0后系统默认不信任用户证书

安卓证书导入显示需要提供私钥

安卓可以导入自签名的CA证书,但不可以导入没有CA签署的自签名SSL证书。
因此解决思路是:

  1. 生成一个自签名的CA证书,安卓手机导入这个CA证书
  2. 使用CA证书签署一个新的SSL证书,在服务器上使用这个新的SSL证书提供HTTPS服务这样安卓手机就可以通过HTTPS访问服务器了。

终端运行命令显示xx command not find

在root/.bashrc添加如下命令设置默认的系统环境变量

export PATH=/usr/bin:/bin:/usr/local/bin:/sbin:/usr/sbin:$PATH

etc/rc.local运行命令显示xx command not find

在文件头部添加如下命令设置默认的系统环境变量

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export MYVAR=example

作 者:道无涯
来 源:道无涯博客
链 接: https://www.daowuya.love/autojspro9311服务器端部署教程/
版 权 声 明:本博客所有文章除特别声明外,均采用CC BY-NC-SA 4.0许可协议。文章版权归作者所有,未经允许请勿转载!


评论

  1. 111
    Windows Edge 121.0.0.0
    10 月前
    2023-11-27 9:41:00

    有人成功了吗?

  2. W
    Windows Edge 119.0.0.0
    11 月前
    2023-11-19 19:55:51

    纯小白,证书部署怎么搞

  3. HW
    Windows Edge 118.0.2088.76
    11 月前
    2023-11-03 13:58:02

    有人部署成功嘛?

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇