premise:
Because the WeChat applet uses the https method to request services, it is necessary to configure the service https mode
step:
1. Nginx listens on port 80 and forwards it to Tomcat's port 8080; the server uses Alibaba Cloud, and the operating system is Windows Server 2012; the CA certificate is also a free certificate applied for on Alibaba Cloud's CA certificate service.
2. Apply for a CA certificate
3. After the certificate application is completed, it needs to be downloaded locally, and a zip package will be obtained, which contains xxxx.key and xxxx.pem
4. Create a new cert directory in the nginx directory and copy the key and pem files into it
5. Open the nginx.conf file in conf, there are the following configurations that are watched, and let go
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
6. Update as follows
# HTTPS server
server {
listen 443 ssl;
server_name your domain name;
ssl_certificate ../cert/xxx.pem;
ssl_certificate_key ../cert/xxxx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
proxy_pass your local IP:port;
}
}
7. Use the command nginx -s load to restart to make it take effect, finished
8. Open the browser to access https. If there is a lock mark or a green mark on the left side of the browser address, it means that you can access it normally.