Mac 安装 Nginx
brew install nginx
证书私钥生成
通过配置文件生成,配置文件如下:
[ req ]
default_bits = 2048
default_keyfile = server-key.pem
distinguished_name = subject
req_extensions = req_ext
x509_extensions = x509_ext
string_mask = utf8only
[ subject ]
countryName = CN
countryName_default = CN
stateOrProvinceName = SH
stateOrProvinceName_default = SH
localityName = Shanghai
localityName_default = Shanghai
organizationName = xxx
organizationName_default = xxx
commonName = 192.168.x.x
commonName_default = 192.168.x.x
emailAddress = email
emailAddress_default = email
[ x509_ext ]
subjectKeyIdentifier = hash
basicConstraints = critical, CA:TRUE
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, cRLSign, digitalSignature, keyCertSign
nsComment = "OpenSSL Generated Certificate"
subjectAltName = IP:192.168.x.x
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = critical, CA:TRUE
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, cRLSign, digitalSignature, keyCertSign
nsComment = "OpenSSL Generated Certificate"
subjectAltName = IP:192.168.x.x
保存上面的config,保存为xxx.conf, 通过下面代码生成 server.crt, server.key, config 配置好后,一路敲回车就好了
openssl req -config xxx.conf -new -sha256 -newkey rsa:2048 -nodes -keyout server.key -x509 -days 3650 -out server.crt
配置https
brew services start nginx
brew services stop nginx
brew services restart nginx
homebrew 安装的 nginx 的位置在 /usr/local/etc/nginx
到这个文件夹下找到 nginx.conf, 编辑最下面的 https 配置,如下:
# HTTPS server
#
server {
listen 443 ssl;
server_name 192.168.31.12;
ssl_certificate /usr/local/etc/nginx/ios/server.crt;
ssl_certificate_key /usr/local/etc/nginx/ios/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
location / {
root /usr/local/etc/nginx/ios/;
index index.html index.htm;
}
}
因为我把 root 的位置放到了nginx 中的ios文件夹,所以把文件都放到了这个文件夹下了
下面是 ipa-itms 的一段html,保存为index.html。
itms-services 协议的使用。
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>ios应用安装</title>
<style>
.row {
text-align: left;
max-width: 500px;
margin: 0 auto;
}
</style>
</head>
<body style="text-align: center;">
<br>
<h1>ios应用安装</h1>
<br>
<div>
<a href="https://192.168.x.x/server.crt">先点我,下载CA证书</a>
</div>
<br>
<br>
<div>
<img src="./icon57.png" alt="" style="border-radius: 4px;">
<div>
<a href="itms-services://?action=download-manifest&url=https://192.168.x.x/manifest.plist">然后点我安装</a>
</div>
</div>
<br>
<br>
<div>
<h2>常见问题</h2>
<div class="row">问题:无法连接到 "xx.xx.xx.xx"</div>
<div class="row">解决:【设置 > 通用 > 关于本机 > 证书信任设置】勾选信任</div>
<br>
<div class="row">问题:未受信任的企业级开发者</div>
<div class="row">解决:【设置 > 通用 > 描述文件与设备管理】添加到信任</div>
</div>
</body>
</html>
首先下载证书,然后在 设置 > 通用 > 关于本机 > 证书信任设置 信任证书
Chrome 报这个错误:
net::ERR_CERT_COMMON_NAME_INVALID error in chrome with self-signed certificates`
Safari 报这个错误:
此连接非私人连接
应该是证书 subjectAltName 配置有问题
需要参考openssl,
配置本地ip地址,subjectAltName = IP:192.168.x.x
版本控制
生成下面的 manifest.plist 文件
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>compileBitcode</key>
<false/>
<key>destination</key>
<string>export</string>
<key>manifest</key>
<dict>
<key>appURL</key>
<string>https://192.168.x.x/xxx.ipa</string>
<key>displayImageURL</key>
<string>https://192.168.x.x/icon57.png</string>
<key>fullSizeImageURL</key>
<string>https://192.168.x.x/icon512.png</string>
</dict>
<key>method</key>
<string>ad-hoc</string>
<key>signingStyle</key>
<string>automatic</string>
<key>stripSwiftSymbols</key>
<true/>
<key>teamID</key>
<string>ID</string>
<key>thinning</key>
<string><none></string>
</dict>
</plist>
通过 xcodebuild 配合 ExportOptions.plist, 可以直接生成上面的 manifest.plist
每次导出 ad-hoc ipa 的时候,除了ipa,里面还有一个 ExportOptions.plist,
而且导出的时候可以选择自建服务器,这样的话,就会生成 manifest.plist, 同时导出的 ExportOptions.plist 也会包含这部分信息。
最后可以保存多份 manifest.plist 来实现版本控制,或者一直替换同一个 manifest.plist。
网友评论