搭建微信小程式基本的https與wss環境
阿新 • • 發佈:2019-02-15
年底了寫一篇小程式環境搭建的文章, 主要是怎麼搭建一個線上環境以及怎麼不改動原有http Api的情況
1、準備工作
域名一個
免費證書(推薦: 騰訊雲、阿里雲、便宜ssl 都是免費的 配置好後先將證書下載下來)
Centos伺服器一臺
nginx 1.10.2
2、 安裝nginx
安裝教程 http://www.runoob.com/linux/nginx-install-setup.html
注意安裝的時候 編譯 --with-stream --with-stream_ssl_module 兩個模組
如果啟動nginx報錯看下圖解決
3、 配置nginx實現ssl反向代理
將下載好的證書根據自己的伺服器選擇證書這裡選擇nginx證書
主要用到server.crt以及server.key兩個證書上傳到伺服器
這裡我們直接上傳到nginx目錄的conf下了
修改nginx.conf(有註釋的地方改 其他的保持原樣就行了)
“`
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 8090; #這裡將原來的80埠改成8090 server_name xxx.xxx.xxx; #這裡就寫你自己的域名就行了 #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ .php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ .php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} include /usr/nginx/conf/wss.conf;# 這裡我們將反向代理新建一個檔案引入進來 client_max_body_size 3m;# 上傳大小單位M 微信小程式上傳大圖片時可能需要設定 }
新建wss.conf
#主要是配置原來的ws 和 http 介面 upstream websocket { server 10.5.11.xxx:8283;# 遠端websocket伺服器地址 } upstream web{ server www.xxx.com;# 遠端http介面 } # 通過下面的反向代理到上面的介面去 server { listen 443;#預設https和wss協議埠 ssl on; ssl_certificate /usr/nginx/conf/server.crt;#你的上傳到伺服器的證書位置 ssl_certificate_key /usr/nginx/conf/server.key;#你的上傳到伺服器的證書位置 ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; underscores_in_headers on;#開啟自定義頭資訊的下劃線 #wss協議轉發 小程式裡面要訪問的連結 location /wss { proxy_pass http://websocket;#代理到上面的地址去 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } #https協議轉發 小程式裡面要訪問的連結 location /{ proxy_pass http://web;#代理到原有的http的地址去 proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Access-Control-Allow-Origin *;#跨域訪問設定 } } ```