分类 技术 下的文章

Ubuntu下添加开机启动脚本

  • 在 /etc/init.d/ 下新建.sh文件
#!/bin/bash
### BEGIN INIT INFO
# Provides:          www.talktome.mobi
# Required-Start:    $local_fs $network
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: ChatWSS
# Description:       Chat WSS (Websocket over ssl) Service
### END INIT INFO
php /var/www/XXX.php start -d

exit 0
  • 设置脚本权限
    chmod 755 /etc/init.d/XXX.sh
  • 加载启动脚本
cd /etc/init.d 
sudo update-rc.d XXX.sh defaults 95
  • 卸载启动脚本
cd /etc/init.d 
sudo update-rc.d -f XXX.sh remove

生成CA和服务器证书

一、生成ca证书
a) 创建一个证书目录,mkdir /home/ubuntu/SSL
b) 将CA.sh拷贝到/home/ubuntu/SSL目录,cp /usr/lib/ssl/misc/CA.sh /home/ubuntu/SSL
c) ./CA.sh -newca
d) 根据提示填写信息完成后,在demoCA下会生成证书文件,其中demoCA/private/cakey.pem为ca证书私钥,demoCA/cacert.pem为ca根证书。

二、生成服务器证书
a) 生成私钥: openssl genrsa -des3 -out server.key 1024
b) 生成csr文件: openssl req -new -key server.key -out server.csr
c) 生成证书&签名: openssl ca -in server.csr -out server.crt

三、生成客户端证书
a) 生成私钥: openssl genrsa -des3 -out client.key 1024
b) 生成csr文件: openssl req -new -key client.key -out client.csr
c) 生成证书&签名: openssl ca -in client.csr -out client.crt

四、生成不带密码验证的
如果你想要把数字证书用于Nginx、Apache等Web服务器,你会发现启动nginx服务器时会要求你输入数字证书密码,这是因为在设置私钥key时将密码写入了key文件,导致Nginx/Apache等系列服务器在启动时要求Enter PEM pass phrase。我们需要做的是剥离这个密码,利用如下OpenSSL命令生成server.key.unsecure文件
openssl rsa -in server.key -out server.key.unsecure

安卓WSS客户端

  • 在app模块build.gradle中添加依赖
compile 'org.java-websocket:Java-WebSocket:1.3.0'
  • 实现WebSocketClien接口
public class WSS extends WebSocketClient {

    public static WSS newInstance(){
        WSS wss = null;
        try{
            wss = new WSS(new URI(Config.CHAT_SOCKET_ADDR));
        }catch (Exception e){
        }
        return wss;
    }

    public WSS(URI uri){
        super(uri);
        TrustManager[] trustAllCerts = new TrustManager[] { new TrustManager()};
        try{
            SSLContext sc = SSLContext.getInstance("TLS");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            setWebSocketFactory(new DefaultSSLWebSocketClientFactory(sc));
        }catch (Exception ignored){}
    }

    @Override
    public void onOpen(ServerHandshake handshakedata) {
    }

    @Override
    public void onMessage(String message) {
    }

    @Override
    public void onError(Exception ex) {
    }

    @Override
    public void onClose(int code, String reason, boolean remote) {
    }
}
  • 实现X509TrustManager
public class TrustManager implements X509TrustManager {

    private Certificate ca = null;

    public TrustManager(){
        try{
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            InputStream caInput = new BufferedInputStream(MyApplication.getApplication().getAssets().open("ca.crt"));
            try {
                ca = cf.generateCertificate(caInput);
            }finally {
                caInput.close();
            }
        } catch (CertificateException e1){
            e1.printStackTrace();
        } catch (IOException e2){
            e2.printStackTrace();
        }
    }

    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return new java.security.cert.X509Certificate[] {};
    }

    public void checkClientTrusted(X509Certificate[] chain,
                                   String authType) throws CertificateException {
    }

    public void checkServerTrusted(X509Certificate[] chain,
                                   String authType) throws CertificateException {
        for (X509Certificate cert : chain) {
            cert.checkValidity();
            try {
                cert.verify(((X509Certificate) ca).getPublicKey());
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
            } catch (InvalidKeyException e) {
                e.printStackTrace();
            } catch (NoSuchProviderException e) {
                e.printStackTrace();
            } catch (SignatureException e) {
                e.printStackTrace();
            }
        }
    }
}

Nginx反向代理慢解决办法

在配置nginx反向代理时upstream里面server用localhost:端口,非常慢,看log,默认将localhost解析成ipv6的地址,故出现此问题,改成127.0.0.1后问题解决。
后端被代理网络应用使用Delphi开发

Get process name in Android

public static String getProcessName() {
  try {
    File file = new File("/proc/" + android.os.Process.myPid() + "/" + "cmdline");
    BufferedReader mBufferedReader = new BufferedReader(new FileReader(file));
    String processName = mBufferedReader.readLine().trim();
    mBufferedReader.close();
    return processName;
  } catch (Exception e) {
    e.printStackTrace();
    return null;
  }
}