证书免费的 收费的 具体看自己的需求去弄, 下载证书的方式很多种 这里只描述获取证书之后的Nginx配置
免费证书推荐 https://freessl.cn/
upstream jiandao{
server 127.0.0.1:8085;
}
server {
listen 443 ssl;
server_name appul.inandc.com;
error_log ./logs/jiandao.error.log;
access_log ./logs/jiandao.access.log;
ssl_certificate /home/SSL/appul.inandc.com_chain.crt; #ssl证书存放路径
ssl_certificate_key /home/SSL/appul.inandc.com_key.key; #ssl证书存放路径
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://jiandao/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /apple-app-site-association {
root /home/SSL/;
index apple-app-site-association;
}
}
apple-app-site-association是iOS上架要求的一个文件的访问路径
apple-app-site-association文件内容
{
"applinks": {
"apps": [],
"details": [
{
"appID": "XXXXXXXXXX.com.apicloudwx.test",
"paths": ["*","/m/*"]
},
{
"appID": "XXXXXXXXXX.com.apicloud.openSDK",
"paths": ["*","/m/*"]
}
]
}
}
XXXXXXXXXX为APPID 前端用的apicloud