Home | Mirror | Search

3. resin.conf

3.1. Maximum number of threads

Maximum number of threads.

			
<thread-max>4096</thread-max>
			
			

thread-max數值需要使用ab命令做壓力測試,逐步調整。

3.2. Configures the keepalive

			
      <!-- Configures the keepalive -->
      <keepalive-max>128</keepalive-max>
      <keepalive-timeout>15s</keepalive-timeout>
			
			

3.3. ssl

			
<http address="*" port="443">
  <openssl>
  <certificate-file>/srv/keys/example.com/star.example.com.crt</certificate-file>
  <certificate-key-file>/srv/keys/example.com/star.example.com.key</certificate-key-file>
  <password>4fff74da-aea4-a9fc-4b5f-e6d497588726</password>
  </openssl>
</http>
			
			

自頒發證書,首先是使用keytool工具安裝證書

			
生成證書:
keytool –genkeypair –keyalg RSA –keysize 2048 SHA1withRSA –validity 3650  -alias neo –keystore server.keystore –storepass password –dname "CN=www.example.com, OU=test, O=example.com, L=SZ, ST=GD, C=CN"

導出證書
-keytool –exportcert –alias neo –keystore server.keystore –storepass password  –file server.cer –rfc

打印證書
Keytool -printcert –file server.cer

導出證書籤發申請
Keytool –certreg –aias neo –keystore server.keystore –storepass password –file ins.csr –v

導入證書
Keytool –importcert –trustcacerts –alias neo –file server.cer –keystore server.keystore –storepass password

查看數字證書
Keytool -list

當成功的導入了證書以後就要容器中進行配置才可以使用
首先是要把證書中的那個 server.keystore 和 server.cer這兩個檔案放入到Resin伺服器的keys這個檔案夾中 如果沒有的話 就手動的建立這個檔案夾
然後去 config 檔案夾下配置你的配置檔案
我在resin 這個容器中的配置如下

<http address="*" port="443">
    <jsse-ssl>
       <key-store-file>keys/server.keystore</key-store-file>
       <password>password</password>
    </jsse-ssl>
</http>
			
			
comments powered by Disqus