微信小程序后台請求越來越嚴格
1.request要求用https
2.websocket要求用wss
3.測試后發現websocket只能走433端口
作為.net開發,websocket又是使用的第三方平台,這個時候https綁定ssl會占用433端口,導致第三方平台websocket無法使用
最開始想,IIS使用80端口,websocket使用433,但是433被iis站點綁定的https占用,導致Nginx無法監聽433
然后索性IIS棄用80端口和433端口,卸載掉IIS7/8的SSL證書,換用Nginx的SSL證書,
然后IIS建立的站點端口修改為非80,433端口,換為其他,如:8080
最后在Nginx中添加反向代理,針對https80端口的,指向IIS8080端口,針對wss的,指向第三方websocket
Nginx代理設置如下,我自己用的是奧點雲websocket
upstream mqtt {
#奧點雲地址
server mqtt.dms.aodianyun.com:8000;
}
# HTTPS server
#
server {
listen 80;
listen 443 ssl;
server_name localfind.cn;
#ssl on;
ssl_certificate D:\path\my.pem;
ssl_certificate_key D:\path\my.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
#ssl_session_cache builtin:1000 shared:SSL:5m;
#ssl_buffer_size 1400;
#add_header Strict-Transport-Security max-age=15768000;
#ssl_stapling on;
#ssl_stapling_verify on;
location /dictionaries {
proxy_pass http://mywebsite.cn:8080/dictionaries/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /mqtt {
proxy_pass http://mqtt;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}