在服务器上完整配置simpleWebRTC

zangcf

1,建立信令服务器

zangcf

基于HTTPS的signalmaster
在我写上一篇博客的时候，signalmaster使用HTTP协议，Chrome还只是给出警告。写此文时，已经变成错误，导致simpleWebRTC无法使用了。

在%signalmaster%中的server.js全局定义做如下修改：

var https = require('https');

var fs = require('fs');

var privateKey = fs.readFileSync('fakekeys/privatekey.pem').toString(),

certificate = fs.readFileSync('fakekeys/certificate.pem').toString();

var yetify = require('yetify'),

    config = require('getconfig'),

    uuid = require('node-uuid'),

    crypto = require('crypto'),

    port = parseInt(process.env.PORT || config.server.port, 10),

io = require('socket.io').listen(port,{key: privateKey, cert: certificate});

当然，这之前你需要建立fakekeys文件夹，并生成privatekey.pem和certificate.pem。你也可以从simplewebRTC中复制过来。

然后在%simpleWebRTC%中打开simplewebrtc.bundle.js修改15行为

url: 'https://172.20.203.88:8888', 和60行 io.connect(this.config.url,{secure:true}); 即可。

zangcf

在配置文件中间配置启用ssl:
{
  "isDev": false,
  "server": {
    "port": 8889,
    "/* secure */": "/* whether this connects via https */",
    "secure": true,
    "key": "/etc/nginx/apprtc.91xuepai.com.key",
    "cert": "/etc/nginx/apprtc.91xuepai.com.crt",
    "password": null
  },
  "rooms": {
    "/* maxClients */": "/* maximum number of clients per room. 0 = no limit */",
    "maxClients": 0
  },
  "stunservers": [
    {
      "url": "stun:120.76.203.222:3478"
    }
  ],
  "turnservers": [
    {
      "urls": ["turn:120.76.203.222:3478"],
      "secret": "turnserversharedsecret",
      "expiry": 86400
    }
  ]
}

zangcf

但是出现错误:
root@iZ949sqo4m3Z:~/singalserver/signalmaster-master# node server.js

crypto.js:100
      c.context.setKey(options.key);
                ^
Error: error:0906D06CEM routinesEM_read_bio:no start line
    at Object.exports.createCredentials (crypto.js:100:17)
    at Server (tls.js:1130:28)
    at new Server (https.js:35:14)
    at Object.Server (https.js:29:41)
    at Object.<anonymous> (/root/singalserver/signalmaster-master/server.js:15:31)
    at Module._compile (module.js:456:26)
    at Object.Module._extensions..js (module.js:474:10)
    at Module.load (module.js:356:32)
    at Function.Module._load (module.js:312:12)
    at Function.Module.runMain (module.js:497:10)

zangcf

google搜索的可能解决方法:
Node.js https pem error: routinesEM_read_bio:no start line


up vote
7
down vote
favorite
6
I am messing with login form right now with node.js, I tried creating a pem key and csr using

openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem
However I been getting errors for running node server.js

Here is my server.js

var http = require('http'),
    express = require('express'),
UserServer = require('./lib/user-server');

var https = require('https');
var fs = require('fs');

var options = {
  key: fs.readFileSync('./key.pem', 'utf8'),
  cert: fs.readFileSync('./csr.pem', 'utf8')
};

var app = express();

app.configure(function(){
  app.use(express.bodyParser());
  app.use(app.router);
  app.use(express.static(__dirname + '/public'));
});

var httpserver = http.createServer(app).listen('3004', '127.0.0.1');
var https_server = https.createServer(options, app).listen('3005', '127.0.0.1');
UserServer.listen(https_server);
Here is the error

crypto.js:104
  if (options.cert) c.context.setCert(options.cert);
                          ^
Error: error:0906D06CEM routinesEM_read_bio:no start line
    at Object.exports.createCredentials (crypto.js:104:31)
    at Server (tls.js:1107:28)
    at new Server (https.js:35:14)
    at Object.exports.createServer (https.js:54:10)
I tried running

openssl x509 -text -inform DER -in key.pem
It gives

unable to load certificate
140735208206812:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140735208206812:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509
I am not exactly sure what does the error mean as my encryption file is .pem file already, so any help would be much appreciated.

Thanks

node.js security login https pem
shareimprove this question
edited Mar 23 '14 at 2:10
asked Mar 22 '14 at 22:08

xbd
8018
                  
Did you fix this error? – elranu May 8 '14 at 13:53
add a comment
5 Answers
active oldest votes
up vote
19
down vote
You are probably using the wrong certificate file, what you need to do is generate a self signed certificate which can be done as follows

openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem
openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out server.crt
then use the server.crt

   var options = {
      key: fs.readFileSync('./key.pem', 'utf8'),
      cert: fs.readFileSync('./server.crt', 'utf8')
   };
shareimprove this answer
answered Jun 18 '14 at 10:27

Hassaan
19116
                  
This worked for me. Thank you. – Mr Bell Nov 20 '15 at 16:02
                  
Thank you, this worked perfectly. – monarch Dec 1 '15 at 3:28
                  
I tried this, but when I reload my services I get an error "EACCES, permission denied" – harryBundles Dec 10 '15 at 18:36
                  
The node process may not have the rights to read the certificates or bind to the port. Try running through sudo if you are on linux. – Hassaan Jan 25 at 11:19
                  
This was very helpful when getting setup. Thank you so much! – Robert McMahan Feb 13 at 19:27
add a comment

up vote
0
down vote
If you are using windows, you should make sure that the certificate file csr.pem and key.pem don't have unix-style line endings. Openssl will generate the key files with unix style line endings. You can convert these files to dos format using a utility like unix2dos or a text editor like notepad++

shareimprove this answer
answered May 23 '14 at 16:35

neesh
2,79632227
add a comment
up vote
0
down vote
Generate the private key and server certificate with specific expiry date or with infinite(XXX) expiry time and self sign it.

$ openssl req -x509 -sha256 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX

$ Enter a private key passphrase...`
Then it will work!

shareimprove this answer
answered Nov 30 '15 at 17:57

Robel sharma
757720
add a comment
up vote
0
down vote
If you log the

var options = {
  key: fs.readFileSync('./key.pem', 'utf8'),
  cert: fs.readFileSync('./csr.pem', 'utf8')
};
You might notice there are invalid characters due to improper encoding.

shareimprove this answer
answered Apr 4 at 15:24

F.O.O
6161519
add a comment
up vote
0
down vote
Was facing the same problem In my case I changed the option parameter of cert to pfx & removed utf8 encoding.

before:

var options = {
    hostname : 'localhost',
    path : '/',
    method : 'POST',
    cert: fs.readFileSync(testCert, 'utf8'),
    passphrase:passphrase,
    agent:false,
    rejectUnauthorized:false
};
after:

var options = {
    hostname : 'localhost',
    path : '/',
    method : 'POST',
    pfx: fs.readFileSync(testCert),
    passphrase:passphrase,
    agent:false,
    rejectUnauthorized:false
};

zangcf

上面的方法没有解决这个问题

zangcf

使用:https://github.com/andyet/signalmaster上面的参考这个方法配置成功了

zangcf

启动服务器，
首先，启动信令服务器
:~/singalserver/signalmaster-master# forever start server.js
接着，启动turnserver
turnserver -L 120.76.203.222 -c /etc/turnserver.conf -o -a -b /etc/turnuserdb.conf -f -r 91xuepai.com
再次，启动服务程序
~/simplertc_demo# forever start server.js
最后，启动https反向代理服务器
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf