微信小程序需要使用https服务接口,昨天搭建了文件服务器,由于fds文件服务器采用Nginx作为网络访问模块,这里就不介绍Nginx具体安装。这里直接在已安装好的Nginx上进行配置
1. nginx配置(https,80重定向443)
# 进入/usr/local/nginx/conf/
cd /usr/local/nginx/conf/
# 新建目录sslfile,将证书上传到该目录
mkdir -p sslfile
# 编辑nginx.conf
vim nginx.conf
配置信息修改如下
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
#sten 443 ssl; '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#nginx 80端口重定向到443端口
server {
listen 80;
server_name xxx.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# Fastdfs
server {
listen 9610;
server_name xxx.com;
location ~/gogoo/M00 {
root /usr/mygod/fastdfs/storagedir/data;
ngx_fastdfs_module;
}
}
# HTTPS server
#
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate sslfile/xxx.crt;
ssl_certificate_key sslfile/xxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.23.59.159:8080; # 应用服务
}
}
}
2. 重启nginx
# 进入/usr/local/nginx/sbin/
cd /usr/local/nginx/sbin/
# 执行重启命令
./nginx -s reload
结果很尴尬,并没有启动成功,提示确实ngx_http_ssl_module
3. 增加ngx_http_ssl_module
# 查看nginx原有的模块
/usr/local/nginx/sbin/nginx -V
# 关闭nginx服务
./nginx -s stop
结果又很尴尬,关闭不了
出现上面错误,是因为nginx.conf文件修改了,没有ngx_http_ssl_module模块,配置文件是错误的,解决办法就是删除配置文件中的HTTPS server配置节点,删除前备份一下,后面还有用,在进行停止命令即可成功
# HTTPS server 暂时删除掉
#
server {
listen 443 ssl;
server_name yaoln.com;
ssl_certificate sslfile/yaoln.crt;
ssl_certificate_key sslfile/yaoln.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.23.59.159:8080; # 应用服务
}
}
进入/usr/local/nginx-1.17.6/进行增加模块
# 先查询原有模块
/usr/local/nginx/sbin/nginx -V
# 原有基础上进行增加http_ssl_module模块
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/usr/local/fastdfs-nginx-module-1.22/src/
# 重新编译
make
# 把编译好的nginx覆盖掉原有的nginx
cp ./objs/nginx /usr/local/nginx/sbin/
在进行查询,即可看到添加的模块
在将nginx.conf恢复,启动nginx。
**
重要事情最后说三遍,坑了我一下午,服务器一定开放443端口,服务器一定开放443端口,服务器一定开放443端口
**