HTTPS证书申请流程
1 ) 证书类型选择
在云服务平台(如阿里云/腾讯云)的「SSL证书」模块,选择免费个人版证书,注意同一账户最多签发20张证书的限制。免费证书通常位于产品分类的"域名与网站" > "SSL证书"栏目。
2 ) 证书绑定规则
单个证书仅支持绑定完全匹配的域名(不含通配符),例如 vchart.codingjam.com 与 www.vchart.codingjam.com 被视为不同域名。证书签发需约10分钟,审核通过后需按短信引导完成域名验证。
3 ) 前置必要条件
- 已完成ICP备案的域名(备案周期约20个工作日)
- 域名解析需添加TXT记录(云平台自动添加或手动配置):
bash
记录类型: TXT
主机记录: _dnsauth.vchart
记录值: 证书提供的验证串 证书服务器部署
1 ) 关键配置步骤
-
下载Tomcat格式证书(含
.pem公钥和.key私钥) -
将证书文件置于NestJS工程根目录(如
ssl/vchart_cert.pem) -
NestJS HTTPS适配配置:
typescript// src/main.ts import * as fs from 'fs'; import { NestFactory } from '@nestjs/core'; import { AppModule } from './app.module'; import { ConfigService } from '@nestjs/config'; async function bootstrap() { const app = await NestFactory.create(AppModule); const configService = app.get(ConfigService); if (configService.get('ENABLE_HTTPS')) { const httpsOptions = { key: fs.readFileSync('./ssl/vchart_cert.key'), cert: fs.readFileSync('./ssl/vchart_cert.pem'), }; await app.listen(443, () => { console.log(`HTTPS service running on port 443`); }); } else { await app.listen(80); } } bootstrap();
2 ) 安全组配置
在云服务器ECS控制台配置安全组规则,开放443端口入站流量:
bash
协议类型: HTTPS
端口范围: 443
授权对象: 0.0.0.0/0工程示例:NestJS与Kafka集成方案
1 ) 方案1:原生KafkaJS连接
typescript
// src/kafka/kafka.service.ts
import { Injectable, OnModuleInit } from '@nestjs/common';
import { Kafka, Producer, Consumer } from 'kafkajs';
@Injectable()
export class KafkaService implements OnModuleInit {
private kafka: Kafka;
private producer: Producer;
private consumer: Consumer;
constructor() {
this.kafka = new Kafka({
brokers: ['kafka1:9092', 'kafka2:9092'],
ssl: {
rejectUnauthorized: true,
ca: [fs.readFileSync('./ssl/kafka_ca.pem', 'utf-8')]
},
sasl: {
mechanism: 'scram-sha-256',
username: 'admin',
password: 'kafka-secret'
}
});
}
async onModuleInit() {
this.producer = this.kafka.producer();
await this.producer.connect();
this.consumer = this.kafka.consumer({ groupId: 'nestjs-group' });
await this.consumer.connect();
await this.consumer.subscribe({ topic: 'chart-data' });
await this.consumer.run({
eachMessage: async ({ message }) => {
console.log(`Received: ${message.value}`);
},
});
}
async sendMessage(topic: string, message: string) {
await this.producer.send({
topic,
messages: [{ value: message }],
});
}
}2 ) 方案2:NestJS官方Kafka微服务
typescript
// main.ts
import { MicroserviceOptions } from '@nestjs/microservices';
import { NestFactory } from '@nestjs/core';
import { Transport } from '@nestjs/microservices';
app.connectMicroservice<MicroserviceOptions>({
transport: Transport.KAFKA,
options: {
client: {
brokers: ['kafka1:9092'],
ssl: {
ca: [fs.readFileSync('kafka-ca.pem')],
key: fs.readFileSync('kafka-client.key'),
cert: fs.readFileSync('kafka-client.cert'),
},
},
consumer: {
groupId: 'chart-consumer',
},
},
});
// 控制器使用
@MessagePattern('chart-data')
handleChartData(@Payload() data: string) {
console.log('Processing:', data);
}3 ) 方案3:Schema Registry集成(Avro序列化)
typescript
// src/kafka/schema-registry.ts
import { Kafka, logLevel } from 'kafkajs';
import { SchemaRegistry, AvroKafka } from '@kafkajs/confluent-schema-registry';
const registry = new SchemaRegistry({ host: 'http://schema-registry:8081' });
const kafka = new Kafka({ brokers: ['kafka:9092'] });
export const avroProducer = new AvroKafka({
kafka,
registry,
keySubject: 'ChartKey',
valueSubject: 'ChartValue'
});
// 发送Avro消息
const encodedValue = await registry.encode(123, { type: 'record', fields: [...] });
await avroProducer.send({ topic: 'chart-avro', messages: [{ value: encodedValue }] });小程序前端对接规范
1 ) 必要配置项
-
config.ts中设置HTTPS后端地址:typescriptexport const BASE_URL = 'https://vchart.codingjam.com'; -
project.config.json配置合法域名:json"appid": "wx_app_id", "requestDomain": ["https://vchart.codingjam.com"]
2 ) 编译部署流程
bash
# 全局安装构建工具
npm install -g taro@2.0.6
# 安装项目依赖
cnpm install
# 构建生产包
taro build --type weapp --env production生成的dist目录通过微信开发者工具上传审核。
Linux服务器部署操作
bash
# 1. 安装基础依赖
sudo apt update && sudo apt install -y openjdk-17-jdk lrzsz
# 2. 解压部署包
unzip vchart-template.zip -d /mnt/vchart
cd /mnt/vchart
# 3. 修改应用配置
vi config/production.yaml
# 关键配置项:
database:
host: localhost
port: 3306
kafka:
brokers: kafka:9092
templates:
path: /mnt/vchart/templates
# 4. 启动脚本(start.sh)
#!/bin/bash
nohup java -jar vchart-template.jar \
--spring.config.location=file:config/production.yaml \
> nohup.log 2>&1 &
5. 授权并执行
chmod +x start.sh
./start.sh关键注意事项
1 ) 证书维护
免费证书有效期为1年,需定时续签,推荐使用certbot自动化工具:
bash
certbot renew --nginx --post-hook "systemctl restart nestjs-service"2 ) 跨域问题解决方案
NestJS中启用CORS:
typescript
app.enableCors({
origin: ['https://miniapp.com'],
methods: 'GET,POST',
credentials: true
});3 ) Kafka生产环境建议
- 使用
SASL_SSL协议加密通信 - 配置ACL权限控制
- 启用消息压缩(
compression: GZIP) - 监控Consumer Lag指标