問題描述
如何為通過 Kestrel 服務器託管 PWA 的 UWP 桌面橋應用配置 https (How to configure https for a UWP Desktop Bridge app hosting a PWA via a Kestrel Server)
我有一個桌面橋應用程序,它使用工作服務來託管 PWA 和帶有 Kestrel 在 https 上的 WebAPI
用戶運行工作人員,並從 ff/chrome/edge 瀏覽到服務
這在開發中運行良好,因為開發機器安裝了受信任的證書
但是,當我將它打包並部署到測試機器時,沒有證書並且應用程序崩潰
那麼,最好的方法是什麼?
選項
- 將證書與應用程序捆綁在一起,將其安裝在容器本地存儲中?這將如何與瀏覽器一起工作,它不會信任證書,因為它沒有安裝在瀏覽器用戶上下文中
- 從 CA 購買證書。我將如何分發它?
-
參考解法
方法 1:
So, it seems you can't
In 2015 certs can not be issued to IPv4 or IPv6 address and must be a FQDN with a public top level domain
TLS is not just about encryption, but also identification, private ips can't be publicly identified
And PWA's need https to work, so options..
- Self‑signed certificate, which won't be trusted and show the user a nasty message
- Publicly host the PWA and certify that domain, then call back to the loopback address 127.0.0.1 over http to communicate with the running worker, this is considered secure. I have done this and it does work, but means my app can only communicate with the user on the same machine
There are other options that need you to have control of the network dns ‑ which I won't have
(by Anthony Johnston、Anthony Johnston)
參考文件