场景:开发微信小程序必须https接口,并且url中不含端口号。所以考虑用centos+nginx反向代理实现
1.安装ngnx
#yum install openssl
#yum install openssl-devel
2下载安装Nginx
#cd /home
#mkdir nginx-src
#cd nginx-src
#wget http://nginx.org/download/nginx-1.11.8.tar.gz
#tar -xzf nginx-1.11.8.tar.gz
#cd nginx-1.11.8
#./configure --prefix=/usr/local --user=www --group=www --with-http_stub_status_module --with-http_ssl_module
--prefix指定目录安装,不带则默认安装到/usr/local
一定要带上 --with-http_ssl_module ,不然后面启动的时候报[emerg] 10464#0: unknown directive “ssl” in /usr/local/nginx-0.6.32/conf/nginx.conf:74”
#make
#make install
3.配置证书
#make /usr/local/nginx
#mkdir cert
本人用的是阿里云(www.aliyun.com)的免费证书,只要有备过案的域名可申请。网上也有其他免费证书,或者通过jdk生成。拷贝阿里云提供的213998735230175.key、213998735230175.pem至cert目录
#mkdir cert
添加如下内容至nginx.conf
server {
listen 443;
server_name wxapp.yiqiweiquan.cn;
ssl on;
root html;
index index.html index.htm;
ssl_certificate /usr/local/nginx/cert/213998735230175.pem;
ssl_certificate_key /usr/local/nginx/cert/213998735230175.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
if ($host ~ ^(wxapp)\.yiqiweiquan\.com$){
#rewrite ^/$ /api/$request_uri last;
proxy_pass http://0.0.0.0:8080;
}
}
}
#cd /usr/local/nginx/sbin/
#cd /usr/local/nginx/sbin/
./nginx
报错:nginx: [emerg] getpwnam("www") failed
#cd /usr/local/nginx/sbin
#groupadd -f www
#useradd -g www www
#./nginx
访问:https://wxapp.yiqiweiquan.cn