yaws搭建mobile app https下载服务器

需要注意的几点：

ca证书和user证书密码必须一致；
默认配置的webserver，如果是直接文件路径则必须是get请求（不能是post请求）
android、ios下载客户端文件前，需要先安装ca公钥证书

步骤：

安装并配置erlang、yaws基础环境包

制作https需要的证书

1. 建立serial文件，输入序列号值，如010000000001，16进制)6字节存储的序列号

   [root@mbank demoCA]# vim serial

2. 建立index.txt文件

   [root@mbank demoCA]# vim index.txt

3. Linux下生成需要修改配置文件：/etc/pki/tls/openssl.cnf

   [ CA_default ]
   dir = ./cert

4. 生成2048的CA证书私钥

   openssl genrsa -des3 -out ca_private.key 2048

5. 生成2048的服务器证书私钥

   openssl genrsa -des3 -out server_private.key 2048

6. 自签名生成CA根证书，有效期10年，PEM格式

   openssl req -new -x509 -days 3650 -key ca_private.key -out ca.crt
   Country Name (2 letter code) [AU]:CN
   State or Province Name (full name) [Some-State]: BeiJing
   Locality Name (eg, city) []:BeiJing
   Organization Name (eg, company) [Internet Widgits Pty Ltd]: liuweihua.com
   Organizational Unit Name (eg, section) []:Inc
   Common Name (eg, YOUR name) []:127.0.0.1
   Email Address []:weihua1986@gmail.com

7. 生成服务器的P10（csr）证书请求，PEM格式

   openssl req -new -key server_private.key -out server.csr
   Country Name (2 letter code) [AU]:CN
   State or Province Name (full name) [Some-State]:BeiJing
   Locality Name (eg, city) []:BeiJing
   Organization Name (eg, company) [Internet Widgits Pty Ltd]: blog.liuweihua.com
   Organizational Unit Name (eg, section) []:Inc
   Common Name (eg, YOUR name) []:127.0.0.1
   Email Address []:weihua1986@gmail.com
   Please enter the following ‘extra’ attributes
   to be sent with your certificate request
   A challenge password []:
   An optional company name []:

8. 使用本地模拟CA签发服务器公钥证书

   openssl ca -days 3650 -in server.csr -out server.crt -cert ca.crt -keyfile ca_private.key

编写yaws.conf配置文件

logdir=log
log_wrap_size=51200000
log_resolve_hostname=false
<server182.119.167.184>
port=443
listen=0.0.0.0
#listen_backlog=400000
docroot=www
partial_post_size=102400000
auth_skip_docroot=true
<ssl>
keyfile=security/https/server_private.key
certfile=security/https/server.crt
cacertfile=security/https/ca.crt
verify=verify_none
password=123456
</ssl>
</server>

编写启动脚本start.sh

#!/bin/bash
yaws--confyaws.conf--idtest--nametest--snametest--daemon

编写具体的下载页面和文件

<ahref="itms-services://?action=download-manifest&url=https://127.0.0.1/ipad/test
    .plist">点击下载</a>
<ahref="https://127.0.0.1/android/test.apk">点击下载</a>

test.plist内容如下：

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>items</key>
    <array>
        <dict>
            <key>assets</key>
            <array>
                <dict>
                    <key>kind</key>
                    <string>software-package</string>
                    <key>url</key>
                    <string>https://127.0.0.1/ipad/test.ipa</string>
                </dict>
            </array>
            <key>metadata</key>
            <dict>
                <key>bundle-identifier</key>
                <string>com.liuweihua.test</string>
                <key>bundle-version</key>
                <string>1.0.0</string>
                <key>kind</key>
                <string>software</string>
                <key>title</key>
                <string>TEST</string>
            </dict>
        </dict>
    </array>
</dict>
</plist>