一、背景需求
1、开发同事 nodejs 开发项目,node index.js 开启9003服务端口的监听服务,现在需要外部通过https 访问该服务
2、搭建apache2服务
1)80端口http访问,配置/etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80> ProxyPreserveHost On ServerAdmin admin@qq.com ServerName deploy-cn.domains.com DocumentRoot /home/www/watchfaces DirectoryIndex homepage.htm index.html login.htm ProxyPass / http://127.0.0.1:9003/ ProxyPassReverse / http://127.0.0.1:9003/ </VirtualHost> <Directory "/home/www/watchfaces"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>
2) 443端口https 访问,需要配置1)80端口http访问,配置/etc/apache2/sites-enabled/001-ssl.conf
<virtualhost *:443> ServerName deploy-cn.huami.com <proxy> Order deny,allow Allow from all </proxy> SSLEngine On SSLProxyEngine On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off
SSLCertificateFile "/etc/apache2/ssl/domain.com.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/domain.key"
SSLCertificateChainFile "/etc/apache2/ssl/domain.com_bundle-g2-g1.crt"
ProxyRequests Off ProxyPreserveHost On ProxyPass / http://127.0.0.1:9003/ ProxyPassReverse / http://127.0.0.1:9003/ </virtualhost>
遇到问题备注:
如果不配置证书链,小程序里面连接服务下载文件会报错:downloadFile:fail Error: unable to verify the first certificate"
其它:
1、SSL服务器证书安装检查器 https://www.myssl.cn/tools/check-server-cert.html