小程序配置非44端口nginx配置https非80、443
小程序配置非44端口nginx配置https非80、443
JaneYork
发布于 2023-10-11 15:14:42
发布于 2023-10-11 15:14:42
由于部分服务器提供商glur,比如天翼云、移动云等,80、8080、443、8443等端口需要备案然后手动申请才可以开放。导致一些用户迷茫,审核填写资料又麻烦。
在这里插入图片描述
首先要明白,微信小程序,只能域名不能IP,只能https协议,具体详见https://developers.weixin.qq.com/miniprogram/dev/framework/ability/network.html https://kf.qq.com/faq/1706236NjINj1706236VRZBR.html
在这里插入图片描述
申请SSL证书
步骤略
修改nginx配置文件
最后要实现https://t2.pusdn.com:81就可以访问项目
注意:由于放行了81等端口,记得防火墙开放对应端口 #listen [::]:80;这个是支持IPV6
核心修改
listen 81 ssl http2;
error_page 497 https://$host:81$request_uri;修改完成,测试并重载nginx配置文件
nginx -t
nginx -s reload
在这里插入图片描述
nginx核心配置:
#TOMCAT-START
location /
{
proxy_pass "http://127.0.0.1:8080";
proxy_set_header Host tx1.pusdn.com:$server_port;
#经过反向代理后,由于在客户端和web服务器之间增加了中间层,因此web服务器无法直接拿到客户端的ip,通过$remote_addr变量拿到的将是反向代理服务器的ip地址。
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$
{
expires 12h;
proxy_pass http://127.0.0.1:8080;
}
#TOMCAT-ENDnginx完成配置参考:
server
{
#listen 80;
#listen 443 ssl http2;
#listen [::]:443 ssl http2;
listen 82 ssl http2;
listen [::]:82;
#listen [::]:80;
server_name a.com c.a.com t-west.pusdn.com tx1.pusdn.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/a.com;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/a.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/a.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host:82$request_uri;
#SSL-END
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注释或修改
#TOMCAT-START
location /
{
proxy_pass "http://127.0.0.1:8080";
proxy_set_header Host tx1.pusdn.com:$server_port;
#经过反向代理后,由于在客户端和web服务器之间增加了中间层,因此web服务器无法直接拿到客户端的ip,通过$remote_addr变量拿到的将是反向代理服务器的ip地址。
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$
{
expires 12h;
# 这个很重要,否则tomcat的java web项目静态资源404
proxy_pass http://127.0.0.1:8080;
}
location ~ .*\.war$
{
return 404;
}
#TOMCAT-END
include enable-php-56.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
#include /www/server/panel/vhost/rewrite/a.com.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log off;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log off;
}
access_log /www/wwwlogs/a.com.log;
error_log /www/wwwlogs/a.com.error.log;
}tomcat核心配置,在engine下添加host节点:httpsServerPort很重要,否则静态资源404找的可能就是443端口
<Host autoDeploy="true" name="tx1.pusdn.com" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false">
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" remoteIpProxiesHeader="X-Forwarded-By" protocolHeader="X-Forwarded-Proto" httpsServerPort="82" />
<Context crossContext="true" docBase="/www/server/tomcat/webapps" path="" reloadable="true" />
</Host>tomcat完整配置:
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine defaultHost="localhost" name="Catalina">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
</Realm>
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log" suffix=".txt" />
</Host>
<Host autoDeploy="true" name="west.xxoo.com" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false">
<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="x-forwarded-proto" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" />
<Context crossContext="true" docBase="/www/server/tomcat/webapps" path="" reloadable="true" />
</Host>
<Host autoDeploy="true" name="a.com" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false">
<Context crossContext="true" docBase="/www/wwwroot/a.com" path="" reloadable="true" />
</Host>
<Host autoDeploy="true" name="tx1.pusdn.com" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false">
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" remoteIpProxiesHeader="X-Forwarded-By" protocolHeader="X-Forwarded-Proto" httpsServerPort="82" />
<Context crossContext="true" docBase="/www/server/tomcat/webapps" path="" reloadable="true" />
</Host>
</Engine>
</Service>
</Server>测试
扩展资料
经过反向代理后,由于在客户端和web服务器之间增加了中间层,因此web服务器无法直接拿到客户端的ip,通过$remote_addr变量拿到的将是反向代理服务器的ip地址。
在这里插入图片描述
在这里插入图片描述
如果静态资源404,可搜索:Nginx 反向代理 静态资源404问题。
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2023-10-11,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读