最近在搞小程序部署,小程序强制https请求,域名和备案,内部项目不能大改,且不支持https请求,所以用nginx作为反向代理,将https请求(配置SSL证书在nginx里,开放单独的端口,然后通过nginx反向代理给内部的网关请求。
nginx.cnof
java
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# ✅ 可选:80端口跳转8443,浏览器输入域名自动跳HTTPS,方便调试
server {
listen 80;
server_name localhost www.domain.com.cn;
return 301 https://$host:8443$request_uri;
}
# ✅✅✅ 核心:8443端口 开启HTTPS,接收所有外部HTTPS请求
server {
listen 8084 ssl;
server_name www.domain.com.cn localhost;
# ✅ 你的SSL证书绝对路径,完全正确,不用改!
ssl_certificate C:/Users/TT603064/Desktop/nginx-1.26.3/conf/ssl/www.domain.com.cn.pem;
ssl_certificate_key C:/Users/TT603064/Desktop/nginx-1.26.3/conf/ssl/www.domain.com.cn.key;
# ✅ HTTPS基础配置,安全合规,不用改
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# ✅ 跨域全放行!小程序必加,解决OPTIONS预检请求,无任何跨域报错
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, PUT, DELETE';
add_header Access-Control-Allow-Headers 'Content-Type, Authorization, token, X-Requested-With, Origin, Accept';
if ($request_method = 'OPTIONS') { return 204; }
# ✅✅✅ 接口反向代理:/test/开头 → 转发到【纯HTTP的8088网关】
# 你的规则:https://域名:8443/test/xxx → http://127.0.0.1:8088/xxx
location /test/ {
proxy_pass http://127.0.0.1:8088/;
# ✅ 必备请求头,让网关识别真实请求信息
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # 告诉网关:原始请求是HTTPS
# ✅ Windows+Java网关 终极优化参数,彻底解决所有连接/超时/断开问题
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffer_size 128k;
proxy_buffers 8 128k;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_redirect off;
}
# ✅✅✅ 前端反向代理:所有其他请求 → 转发到【纯HTTP的81前端】
location / {
proxy_pass http://127.0.0.1:81;
# ✅ 解决Vue/React前端路由刷新404问题
try_files $uri $uri/ /index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}这样配置以后,在小程序里配置
https://www.domain.com.cn:8084/test/workaffairs/purchase/orders/list
会自动转换为
https://127.0.0.1:8088/workaffairs/purchase/orders/list
实现将https请求转为内部的http请求网关,由网关处理