通过NGINX实现将小程序HTTPS请求转为内部HTTP请求

最近在搞小程序部署，小程序强制https请求，域名和备案，内部项目不能大改，且不支持https请求，所以用nginx作为反向代理，将https请求(配置SSL证书在nginx里，开放单独的端口，然后通过nginx反向代理给内部的网关请求。

nginx.cnof

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    # ✅ 可选：80端口跳转8443，浏览器输入域名自动跳HTTPS，方便调试
    server {
        listen       80;
        server_name  localhost www.domain.com.cn;
        return 301 https://$host:8443$request_uri;
    }

    # ✅✅✅ 核心：8443端口 开启HTTPS，接收所有外部HTTPS请求
    server {
        listen       8084 ssl;
        server_name  www.domain.com.cn localhost;

        # ✅ 你的SSL证书绝对路径，完全正确，不用改！
        ssl_certificate      C:/Users/TT603064/Desktop/nginx-1.26.3/conf/ssl/www.domain.com.cn.pem;
        ssl_certificate_key  C:/Users/TT603064/Desktop/nginx-1.26.3/conf/ssl/www.domain.com.cn.key;

        # ✅ HTTPS基础配置，安全合规，不用改
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        # ✅ 跨域全放行！小程序必加，解决OPTIONS预检请求，无任何跨域报错
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT, DELETE';
        add_header Access-Control-Allow-Headers 'Content-Type, Authorization, token, X-Requested-With, Origin, Accept';
        if ($request_method = 'OPTIONS') { return 204; }

        # ✅✅✅ 接口反向代理：/test/开头 → 转发到【纯HTTP的8088网关】
        # 你的规则：https://域名:8443/test/xxx → http://127.0.0.1:8088/xxx
        location /test/ {
            proxy_pass http://127.0.0.1:8088/;
            # ✅ 必备请求头，让网关识别真实请求信息
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https; # 告诉网关：原始请求是HTTPS
            # ✅ Windows+Java网关 终极优化参数，彻底解决所有连接/超时/断开问题
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_buffer_size 128k;
            proxy_buffers 8 128k;
            proxy_connect_timeout 300s;
            proxy_read_timeout 300s;
            proxy_send_timeout 300s;
            proxy_redirect off;
        }

        # ✅✅✅ 前端反向代理：所有其他请求 → 转发到【纯HTTP的81前端】
        location / {
            proxy_pass http://127.0.0.1:81;
            # ✅ 解决Vue/React前端路由刷新404问题
            try_files $uri $uri/ /index.html;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }
    }
}

这样配置以后，在小程序里配置
https://www.domain.com.cn:8084/test/workaffairs/purchase/orders/list

会自动转换为
https://127.0.0.1:8088/workaffairs/purchase/orders/list

实现将https请求转为内部的http请求网关，由网关处理