场景说明:
前后端分离版的项目,微信小程序发布后,向后台请求数据时访问后台地址失败,后台地址需要https以及域名,不能直接使用ip地址,因此需要做java后台地址的域名映射。
解决方案:
1、前置准备:域名申请和备案,以及安全证书(此处不进行赘述,网上有很多例子)
2、nginx配置(注意看注释说明)
【http://localhost:8075/】是java后台提供的端口号,该地址是最终所有ip的指向(前端请求后台数据需要用的ip)
域名:xxx.xxxxx.net
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
server {
listen 81;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#PC端网页域名映射ssl认证,网站地址栏可以输入:https://xxx.xxxxx.net:8077 / 进行网站访问
server {
listen 8077 ssl;
server_name xxx.xxxxx.net; #域名
#安全证书配置
ssl_certificate D:\xxx\key\xxx.pem;
ssl_certificate_key D:\xxx\key\xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root work/xxx; #前端资源
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#此处地址需要替换成被代理后的地址(https)
proxy_pass https://localhost:8074 /;
}
}
#域名映射java后台提供的地址,微信小程序进行访问该域名,拿到后台数据
server {
#443或80,既访问该域名默认的端口号,
#原因:在微信小程序设置请求接口的域名(服务器域名设置)时,不能加端口号
#(现在发现可以加端口号了,因此可以直接采用映射好的8074。。。240205)
#因此:小程序访问后台的地址直接填写该域名(xxx.xxxxx.net)不加端口号,与小程序设置要求一致
listen 443 ssl;
server_name xxx.xxxxx.net; #域名
#安全证书配置
ssl_certificate D:\xxx\key\xxx.pem;
ssl_certificate_key D:\xxx\key\xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
#注意https
proxy_pass https://localhost:8074 /;
}
}
#代理后台地址
server {
listen 8074 ssl;
server_name xxx.xxxxx.net; #域名
#安全证书
ssl_certificate D:\xxx\key\xxx.pem;
ssl_certificate_key D:\xxx\key\xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
#后台地址
proxy_pass http://localhost:8075/;
}
}
}
3、注意事项,服务器需在防火墙开放相关端口号允许外部访问,如配置文档中的8077、443端口号
端口扫码网站:https://www.matools.com/port
240205 现在发现可以加端口号了,补充简洁版:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 0;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
add_header Content-Security-Policy "script-src * 'unsafe-inline' 'unsafe-eval'";
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 2k;
gzip_types text/css application/javascript text/javascript image/jpeg image/png image/gif application/x-javascript;
gzip_vary on;
gzip_http_version 1.1;
gzip_proxied any;
server {
listen 8077 ssl;
server_name 域名;
ssl_certificate D:\xxx\域名.crt;
ssl_certificate_key D:\xxx\域名.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root work/xxxx/web; #前端资源
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:18010/;
}
}
#代理后台地址(提供类小程序访问和微信公众平台配置,需开放该端口号)
server {
listen 8074 ssl;
server_name 域名;
ssl_certificate D:\xxx\域名.crt;
ssl_certificate_key D:\xxx\域名.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:8075/;
}
}
}