{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 闹够了就滚 的问题《Giving Node.js access to certificate/private key》','https://www.manongdao.com/q-353285.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to use HTTPS on my Node.js app, just as it is already enabled for anything else. I have the keys and certificates already installed, but I get a Error: EACCES, permission denied when I tried to point to them on the app.
Both the key and the certificate are in subfolder of /etc/pki/tls, and I attempted pointing to them like this:
var privateKey = fs.readFileSync('/etc/pki/tls/private/serverKey.key').toString(),
certificate = fs.readFileSync('/etc/pki/tls/certs/2_mikewarren.me.crt').toString();
var options = {
key: privateKey,
cert: certificate
}
Do I need to adjust the permissions of the keys and certificates (via chown)? If so, is it safe to do?
I got my code access.
What I did
certAccesscertAccessby sayingsudo useradd ec2-user -G certAccesscertAccesssudo chown ec2-user.certAccess /etc/pki/tls/private/serverKey.keyTesting...
To test, I simply print
optionsto the console, right after using it. Indeed, I saw the contents of private key and certificate (try it yourself). I also restarthttpdserver, and requested static files. I saw them, protected with TLS, without fault.The problem is that these certificates are only readable by root (and maybe an other user).
You could use chmod to give read access to all users, but that means… that all users would have access to it. So, bad idea.
An other solution would be to either
chownthese files to the user running node.js, but if there is already a user with an application using these, it will break it. In that case, create a new group that owns the file, give read permissions to that group, and add the users that should access the files in that group.