Vagrant環境(amazon linux2)で、Expressを使ってhttpsサーバーを立てる

$ sudo yum install mod_ssl

# 手順
## certificate file作成
openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem
openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out server.crt

## package.json

	"name": "test-webrtc",
	"version": "0.0.1",
	"private": true,
	"dependencies": {
		"express": "4.x",
		"ejs": "3.0.1"

$ npm install

## server.js

var express = require('express');
var app = express();

var fs = require("fs");
var https = require("https");
var options = {
	key: fs.readFileSync('key.pem'),
	cert: fs.readFileSync('server.crt')
var server = https.createServer(options, app);

console.log('server started');

app.get('/', function(req, res){


$ node server.js

# 駄目な方法
## certificate file作成
$ openssl genrsa > server.key
$ openssl req -new -key server.key > server.csr
$ openssl x509 -req -signkey server.key < server.csr > server.crt

var express = require('express');
var app = express();

var fs = require("fs");
var https = require("https");
var options = {
	key: fs.readFileSync('server.key'),
	cert: fs.readFileSync('server.crt')
var server = https.createServer(options, app);

console.log('server started');

app.get('/', function(req, res){


## server.js
$ node server.js

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Object.createSecureContext (_tls_common.js:88:17)
at Server (_tls_wrap.js:819:25)
at new Server (https.js:60:14)
at Object.createServer (https.js:82:10)
at Object. (/home/vagrant/webrtc/server.js:10:20)
at Module._compile (module.js:653:30)
at Object.Module._extensions..js (module.js:664:10)
at Module.load (module.js:566:32)
at tryModuleLoad (module.js:506:12)
at Function.Module._load (module.js:498:3)


php build-in serverでhttpsサーバーを起動



### sslモジュールインストール(centOSの場合はmod_ssl)
$ sudo yum install mod24_ssl
$ httpd -M | grep ssl

### 秘密鍵作成
$ openssl genrsa > server.key

### CSR作成
$ openssl req -new -key server.key > server.csr

### サーバー証明書作成
$ openssl x509 -req -signkey server.key < server.csr > server.crt
$ rm server.csr

### 秘密鍵&サーバー証明書配置
$ sudo mkdir /etc/httpd/conf/ssl.key
$ sudo mkdir /etc/httpd/conf/ssl.crt
$ sudo mv server.key /etc/httpd/conf/ssl.key/
$ sudo mv server.crt /etc/httpd/conf/ssl.crt/

### ssl.conf編集
sudo vi /etc/httpd/conf.d/ssl.conf

# SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

### apache再起動
$ sudo service httpd restart

### composerでhttps用のphp buildin-server libraryインストール
$ curl -sS | php
$ php composer.phar require –dev mpyw/php-hyper-builtin-server:^2.0

### httpsサーバー起動
$ vendor/bin/hyper-run -s


User Agent perspective

How to investigate user agent?
As an example, the user agent for IE9 is described as follows.

Mozilla / 5.0 (compatible;MSIE 9.0; Windows NT 6.1; Trident/5.0)

Application name
It corresponds to the “Mozilla” part. It is used in the sense that it has the function of the type of browser or its application.

Application Version
In the “5.0” part after Mozilla, it indicates the version of the application.

Platform token
It corresponds to the “Windows NT 6.1” part. It will be the display about OS.

Version Token
It corresponds to the part of “MISE 9.0”.Displaying browser version.

Compatibility Flags
It corresponds to the “Compatible” part. It shows the compatibility with Internet Explore.

Rendering engine
It corresponds to the part of “Trident/5.0”. Shows software that causes the browser to display the requested content.

Internet Explore

Mozilla / 5.0 (Windows NT 6.3; ARM; Trident / 7.0; Touch; MALNJS; rv: 11.0) like Gecko


Mozilla / 5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW 64; Trident / 6.0)


Mozilla / 5.0 (Windows NT 5.1) AppleWebKit / 535.11 (KHTML, like Gecko) Chrome / 17.0.963.79 Safari / 535.11


Mozilla / 5.0 (Windows NT 6.1; rv: 11.0) Gecko / 20100101 Firefox / 11.0


Mozilla / 5.0 (Macintosh; U; Intel Mac OS X; en-jp) AppleWebKit / 523.12 (KHTML, like Gecko) Version / 3.0.4 Safari / 523.12


Mozilla / 5.0 (Linux; Android 4.4.2; 302KC Build / 101.0.2c00) AppleWebKit / 537.36 (KHTML, like Gecko) Version / 4.0 Chrome / Mobile Safari / 537.36 YJApp-ANDROID ybrowser / 1.7.5

なるほど、内容よく見ると、どのブラウザか一発でわかりますね。まあ、一般的にユーザーエージェントは偽装されるのであまり意味ないかもしれませんが。そういえば、IPって偽装できるんでしょうか??? Chrome Extensionで、Hotspot Shieldを使えば偽装できるようですが。。

HTTP Trace method

In HTTP1.1 (RFC2616), eight kinds of methods are defined. GET, POST, HEAD, etc. are familiar, but there are five other types PUT, DELETE, OPTIONS, TRACE and CONNECT.
Of these, the TRACE method returns an HTTP request as “HTTP Parallel” as an HTTP response, and requests the Web server as TRACE instead of GET etc. as follows.

Apache setting file


403 404 500 503

There are HTTP status codes from 100 series to 500 series. The 400th to 500th are the codes returned when there is an error with respect to the server or request.


403 is the code returned when access restriction etc is set.

It is displayed when IP restriction is applied and access is made from an IP address that is not permitted.
It is considered when there is access from other on the page to be displayed only in the company environment.


The code returned if the page does not exist. It is often displayed when deleting a page.

500 is a code returned in the case of CGI setting or program mistake. In case of this error, setting is wrong often, so it is necessary to modify permissions and code.

503 is the code returned when the number of accesses to the server has been exceeded and the server is under load. It is displayed when a large amount of access to the server gather at the same time.
In the case of a site where there are many instantaneous accesses, it is necessary to consider a server corresponding to that. Also, there is a possibility that may be attacked by a site.

Other representative HTTP status code
200 series
The 200 series means that the request to the server was successful. If you have successfully accessed the WEB, the status code “200” will be returned.

300 series
The 300 series is the code returned when doing redirect processing. Representative items such as “301” and “302” are listed.

Difference between GET and POST method

GET, POST are some of the HTTP methods negotiated by the specification.
Besides this there are also PUT, PATCH, HEAD, DELETE etc ..

GET method
GET adds it to the URL and makes a request

POST method
POST method is included in body of request.

GET adds directly to the URL so you can see the parameters with your eyes.
Since POST is included in body, it can not be seen with eyes.

There are different specifications when requesting with GET and POST, such as being able to send in binary, size restriction, etc.