为了测试上线之前的ios app可以在store上下载, 自己搭建https服务器,来解决测试这个问题。
1. https搭建
搭建环境:Centos+nginx
下载nginx安装包:wget http://nginx.org/download/nginx-1.14.0.tar.gz
tar -zxvf nginx-1.14.0.tar.gz
cd nginx-1.14.0
./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --pid-path=/usr/local/nginx/conf/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --http-client-body-temp-path=/var/temp/nginx/client --http-proxy-temp-path=/var/temp/nginx/proxy --http-fastcgi-temp-path=/var/temp/nginx/fastcgi --http-uwsgi-temp-path=/var/temp/nginx/uwsgi --http-scgi-temp-path=/var/temp/nginx/scgi --with-http_ssl_module
make
make install
2.新建build.sh 用来创建证书,脚本内容如下:
openssl genrsa -des3 -out server.key 2048 ;
openssl rsa -in server.key -out server.key;
openssl req -new -x509 -key server.key -out ca.crt -days 3650;
openssl req -new -key server.key -out server.csr;
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt;
cat server.key server.crt >server.pem;
3、编辑/usr/local/nginx/conf/nginx.conf主配置文件,具体配置和相关优化如下:
vi /usr/local/nginx/conf/nginx.conf
worker_processes auto;
worker_rlimit_nofile 65535;
user nobody;
error_log /var/log/nginx/error.log;
events {
use epoll;
worker_connections 65535;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
map $http_x_forwarded_for $clientRealIp {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
log_format access '$clientRealIp - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent $request_time "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" $proxy_add_x_forwarded_for ';
server_names_hash_bucket_size 128;
client_header_buffer_size 64k;
client_max_body_size 50m;
client_body_buffer_size 512k;
large_client_header_buffers 4 64k;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
server_name_in_redirect off;
proxy_connect_timeout 300;
proxy_read_timeout 180;
proxy_send_timeout 180;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_temp_path /var/tmp/proxy_temp_dir;
proxy_cache_path /var/tmp/proxy_cache_dir levels=1:2 keys_zone=cache_one:1000m inactive=10d max_size=30g; gzip on;
gzip_min_length 1k;
gzip_buffers 4 32k;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml text/javascript application/json application/x-javascript application/xml application/xml+rss;
open_file_cache max=204800 inactive=30s;
open_file_cache_min_uses 2;
open_file_cache_valid 30s;
open_file_cache_errors on;
limit_conn_zone $binary_remote_addr zone=TotalConnLimitZone:10m ;
limit_conn TotalConnLimitZone 200;
limit_conn_log_level notice;
limit_req_zone $binary_remote_addr zone=ConnLimitZone:10m rate=100r/s;
limit_req_log_level notice;
include vhosts/*.conf;
}
4、编辑/usr/local/nginx/conf/vhosts/web.conf虚拟主机配置文件(vhost文件夹需自己新建)
server {
listen 80;
server_name www.xxx.vip;
server_name xxx.vip;
rewrite ^/(.*) https://www.xxx.vip/$1 permanent;
}
server {
listen 443;
server_name www.xxx.vip;
ssl on;
ssl_certificate "/usr/local/nginx/conf/cert/server.pem"; Cert文件夹为证书存放目录,需新建
ssl_certificate_key "/usr/local/nginx/conf/cert/server.key";
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
root /usr/local/nginx/html/STKC;
}
5、启动nginx,到此nginx+https已配好
启动:/usr/local/nginx/sbin/nginx
重启:/usr/local/nginx/sbin/nginx –s reload
6、配置ipa下载
新建/usr/local/nginx/html/ios文件夹 存放plist文件和ipa文件
新建https://192.168.3.67/index.html 网页,网页中添加plist的下载:
<a href="itms-services://?action=download-manifest&url=https://192.168.3.67/app.plist">点击下载</a>
plist 文件里,需要修改下ipa的下载路径,文件内容如下
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>https://192.168.3.67/app.ipa</string>
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>app的id</string>
<key>bundle-version</key>
<string>app版本号</string>
<key>kind</key>
<string>software</string>
<key>title</key>
<string>app标题<span style="font-family: Arial, Helvetica, sans-serif;"></string></span>
</dict>
</dict>
</array>
</dict>
</plist>
7、ipa下载测试
服务器:
将前面生成的ca.crt证书文件放到/usr/local/nginx/html
手机:
第一步:在苹果手机上打开sofair浏览器,访问https://192.168.3.67/ca.crt安装证书
第二步:打开设置-通用-关于本机-证书信任设置 里面找到根证书,打开信任
测试:访问https://192.168.3.67/