最近在學(xué)習(xí)微信小程序猜极,小程序開發(fā)使用的所有接口都必須是
https
的今缚,因此本文主要將服務(wù)器如何配置https(以阿里云ECS共享型 n4
云服務(wù)器為例)
一无午、域名申請(需要購買)
控制臺 -> 域名 -> 域名注冊 -> 選擇域名宁炫,按頁面提示輸入相關(guān)信息 -> 等待實名認(rèn)證通過
申請免費ssl證書步驟如下:
二访得、申請ssl證書(有免費證書)
ssl證書控制臺 -> 申請免費證書 -> 按頁面提示乏悄,填入相關(guān)信息 -> 驗證信息 -> 等待驗證通過
等驗證通過后浙值,就可以下載ssl證書
了
三、nginx配置https
- 進入nginx的配置文件:
cd /etc/nginx
檩小; - 將證書上傳至服務(wù)器开呐,我上傳到
/etc/nginx/cert
- 修改
nginx.conf
文件:include /etc/nginx/conf.d/ssl.conf
- /etc/nginx/conf.d/ssl.conf文件
server {
listen 8081; # nginx配置端口,這里我是8081
server_name localhost;
# 配置http訪問自動轉(zhuǎn)發(fā)到https
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name _; # 值為 _ 表示 域名和ip都能訪問
ssl_certificate "/etc/nginx/cert/server.pem"; # ssl的.pem文件(絕對地址)
ssl_certificate_key "/etc/nginx/cert/server.key"; # ssl的.key文件(絕對地址)
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# 配置文件上傳大小
client_max_body_size 2G;
location / {
root /usr/local/develop/web-front-end;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /apis/ {
# rewrite ^.+iot/?(.*)$ /$1 break;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers "Accept, X-Token, Content-Type";
add_header Access-Control-Allow-Methods "GET, POST, DELETE, PATCH, PUT, OPTIONS";
proxy_pass http://localhost:13666/;
# (以下2句)配置允許創(chuàng)建websocket
# proxy_set_header Upgrade websocket;
# proxy_set_header Connection Upgrade;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
設(shè)置安全組規(guī)則
到這就可以通過ip訪問了
本地使用域名也能訪問
修改本地電腦的hosts文件:C:\Windows\System32\drivers\etc\host
四、node配置https
在項目根目錄下新建cert空文件夾筐付,把ssl證書(.pem文件卵惦、.key文件)復(fù)制到cert文件夾中;
var app = express();
var https = require('https');
var fs = require('fs');
var path = require('path');
/* 服務(wù)啟動監(jiān)聽 */
var privateCrt = fs.readFileSync(path.join(process.cwd(), 'cert/server.pem'), 'utf8');
var privateKey = fs.readFileSync(path.join(process.cwd(), 'cert/server.key'), 'utf8');
const HTTPS_OPTOIN = {
key: privateKey,
cert: privateCrt
};
const SSL_PORT = 13666;
const httpsServer = https.createServer(HTTPS_OPTOIN, app);
httpsServer.listen(SSL_PORT, () => {
console.log(`HTTPS Server is running on: https://localhost:${SSL_PORT}`);
});
遺留問題
- 阿里云域名備案