最近在做微信小程序商城开发的时候,阅读官方api文档发现要求https。
wx.request(OBJECT)
wx.request发起的是 HTTPS 请求。
推荐使用更便捷的 certbot 配置 https,参考链接:CentOS 7.3 下部署基于 Node.js的微信小程序商城
于是开始了在Centos 6.8下利用letsencrypt.sh脚本为nginx 配置免费https(Let's Encrypt SSL证书)的路程。
一、下载letsencrypt.sh
# wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.conf
# wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
二、修改letsencrypt.conf文件的参数
# vim letsencrypt.conf
文件修改后的内容如下
# only modify the values, key files will be generated automaticly.
ACCOUNT_KEY="letsencrypt-account.key"
DOMAIN_KEY="mtian.net.key"
DOMAIN_DIR="/usr/local/nginx/html" #网站的根目录
DOMAINS="DNS:mtian.net,DNS:www.mtian.net" #你的网站域名,多个域名用,号分隔
#ECC=TRUE
#LIGHTTPD=TRUE
三、执行文件,生成https所需要的ssl证书文件
添加执行权限并执行
# chmod +x letsencrypt.sh
# ./letsencrypt.sh letsencrypt.conf
运行完成后会在当前目录生成如下文件
# ls
letsencrypt-account.key lets-encrypt-x3-cross-signed.pem mtian.csr
letsencrypt.conf mtian.chained.crt mtian.net.key
letsencrypt.sh mtian.crt
四、修改nginx配置文件,加入https
# vim /usr/local/nginx/conf/nginx.conf
server {
listen 443 ssl;
server_name www.mtian.net;
ssl on;
ssl_certificate /usr/local/nginx/conf/mtian.chained.crt;
ssl_certificate_key /usr/local/nginx/conf/mtian.net.key;
location / {
root html;
index index.html index.htm;
}
}
配置可参考
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://www.textarea.com/zhicheng/fenxiang-yige-https-a-di-nginx-peizhi-320/
五、复制letsencrypt.sh生成的mtian.chained.crt和mtian.net.key 件到 nginx.conf中指定的目录/usr/local/nginx/conf/
# cp mtian.chained.crt /usr/local/nginx/conf/
# cp mtian.net.key /usr/local/nginx/conf/
六、重启nginx
# service nginx restart
Stopping nginx: [ OK ]
Starting nginx: [ OK ]
七、打开浏览器访问https://www.mtian.net/,火狐和谷歌都可以正常访问并且有绿色的锁,https配置完成。
微信小程序商城https配置
微信小程序商城https配置
