一、背景需求
1、開發同事 nodejs 開發項目,node index.js 開啟9003服務端口的監聽服務,現在需要外部通過https 訪問該服務
2、搭建apache2服務
1)80端口http訪問,配置/etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80> ProxyPreserveHost On ServerAdmin admin@qq.com ServerName deploy-cn.domains.com DocumentRoot /home/www/watchfaces DirectoryIndex homepage.htm index.html login.htm ProxyPass / http://127.0.0.1:9003/ ProxyPassReverse / http://127.0.0.1:9003/ </VirtualHost> <Directory "/home/www/watchfaces"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>
2) 443端口https 訪問,需要配置1)80端口http訪問,配置/etc/apache2/sites-enabled/001-ssl.conf
<virtualhost *:443> ServerName deploy-cn.huami.com <proxy> Order deny,allow Allow from all </proxy> SSLEngine On SSLProxyEngine On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off
SSLCertificateFile "/etc/apache2/ssl/domain.com.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/domain.key"
SSLCertificateChainFile "/etc/apache2/ssl/domain.com_bundle-g2-g1.crt"
ProxyRequests Off ProxyPreserveHost On ProxyPass / http://127.0.0.1:9003/ ProxyPassReverse / http://127.0.0.1:9003/ </virtualhost>
遇到問題備注:
如果不配置證書鏈,小程序里面連接服務下載文件會報錯:downloadFile:fail Error: unable to verify the first certificate"
其它:
1、SSL服務器證書安裝檢查器 https://www.myssl.cn/tools/check-server-cert.html