问题
I am new to linux (PI) and mono, applogies for the newbie question
How do I run NancyFx, shelf host, over https, on mono/linux/pi?
If i am able to create a certificate using OpenSsl (cer file), how do I assign it to a port?
in the docs show how to do this for windows (here https://github.com/NancyFx/Nancy/wiki/Accessing-the-client-certificate-when-using-SSL#configuration-of-hostingself)
thanks
回答1:
I have no knowledge of PI at all, but I assume it's not much different than hosting on any other variant of linux.
There's two ways. The first is documented on the Wiki:
https://github.com/NancyFx/Nancy/wiki/Hosting-Nancy-with-Nginx-on-Ubuntu
Basically the idea is to use nginx web server to delegate calls to a self-hosted app.
The second is to use nginx, with mono-fastcgi-server4 to handle the requests. This works more like a traditional website rather than a website delegating requests to another service.
I've blogged the process here:
http://www.philliphaydon.com/2013/06/setting-up-mono-on-nginx/
http://www.philliphaydon.com/2013/07/setting-up-a-nancyfx-website/
In theory the first solution should allow you to use OWIN and host other things such as SignalR, while my solution does not, since nginx doesn't support integrated pipeline there's no way for OWIN to work, and I haven't successfully got SignalR to work with it.
回答2:
Use httpcfg
to bind your certificate to a port, e.g.:
httpcfg -add -cert my_certificate.cer -pvk my_privatekey.pvk -port 443
But unfortunately there seems to be a problem with current Mono version requiring client certificates, see:
https://github.com/mono/mono/pull/1202
and (more recent follow-up)
https://github.com/mono/mono/pull/2817
The last Mono version that works (I tested this) is 3.10.0 (which shouldn't be used in production environment, because of missing security updates).
Take a look at my answer to this question for a way to use a recent Mono version by patching the source code and compiling it yourself.
回答3:
The internet is still mostly littered with 2016-ish articles and comments about httpListener bug with SSL in Mono (and this causes problems for the OP's question about Nancy on Linux). The problem may have been resolved in the latest Mono releases, but I have not seen that information. However, it may not even matter, because many users who looked into this seem to report that using Nginx as a frontend and as reverse-proxy is a much better solution anyway.
The primary question discussing this problem can be found here: Mono HttpListener client certificate
The Nancy instructions for hosting with Nginx can be found here: https://github.com/NancyFx/Nancy/wiki/Hosting-Nancy-with-Nginx-on-Ubuntu
来源:https://stackoverflow.com/questions/20996498/ssl-nancyfx-selfhost-mono-linux-pi