Regarding the issues related to configuring the Mini Program server with Alibaba Cloud, the following are all the configuration steps:
1. Mini Program Registration and Configuration
1. Registration: Enter the WeChat public platform to register and authenticate
2. Configuration:
Log in to the public platform, click Settings, as shown in the figure
Click Start Configuration, and after scanning the code for authentication, you can configure the server. (Note: The configuration can only be modified 5 times per month)
As can be seen from the above figure, the applet must be set to request a legal domain name to perform data interaction, and the legal domain name requires the use of the HTTPS protocol. Therefore, the Alibaba Cloud server needs to support the HTTPS protocol.
Legal domain names need to be filed before they can be used. If there is no legal domain name, we can remove the verification of the legal domain name in the development mode, and then develop.
2. Alibaba Cloud Server supports HTTPS configuration.
1. Obtain Alibaba Cloud Security Certificate
Log in to Alibaba Cloud, go to Management Console->Certificate Service->Purchase Certificate
Choose the free version to officially purchase
Each certificate corresponds to a domain name, which can be configured after successful purchase. After the configuration is successful, submit it for review, and it will take about 1 to 2 working days for the review to be successful.
After the review is successful, you can view the certificate information in My Order, click to download
Click to download the certificate, you can choose different server types to download, with instructions for installing the certificate. After the certificate is downloaded, there will be 4 files in the compressed package.
2. Configure the Alibaba Cloud server to use phpstudy
Apache for example.
method one:
Step 1: Modify the httpd.conf configuration file in the apache directory
#LoadModule ssl_module modules/mod_ssl.so delete the configuration statement comment symbol "#" at the beginning of the line
Add a reference statement Include conf/vhostssl.conf
Step 2: Create a vhostssl.conf configuration file in the conf folder.
Edit the vhostsssl.conf file and add the following:
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH: MEDIUM:! ANULL:! MD5
SSLCertificateFile "D:/ssl/2_www.****.com.crt"
SSLCertificateKeyFile "D:/ssl/3_www.***.com.key"
DocumentRoot "D:\phpStudy\WWW"
<Directory />
Options +Indexes +FollowSymLinks +ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
其中
SSLCertificateFile 是指证书公钥
SSLCertificateKeyFile 是指证书私钥
DocumentRoot "D:\phpStudy\WWW"这是网站路径根据自己的
方式二:
第一步:修改apache目录下的httpd.conf配置文件
删除行首的配置语句注释符号“#”
#LoadModule ssl_module modules/mod_ssl.so
#Include conf/extra/httpd-ssl.conf
第二步:同样修改文件中的参数
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile "D:/ssl/2_www.****.com.crt"
SSLCertificateKeyFile "D:/ssl/3_www.***.com.key"
DocumentRoot "D:\phpStudy\WWW"
参数值在安装证书说明中有。安装成功之后重启服务器。
三、端口冲突检测
服务器重启过程中可能会出现错误。重启不了,或者启动之后自动停止。原因可能如下:
1、http服务需要占用80端口,mysql服务需要占用3306端口,检测方法如下:
2、由于HTTPS服务需要占用的是443端口,服务器中可能由进程占用端口,检测方法如下:
输入命令:netstat -ano,列出所有端口的情况
继续用命令 netstat -aon|findstr "443" 查看那个进程占用的,不是系统进程就直接结束他
在服务器环境一般都是被http 占用的 我们就用命令结束的它。用 net stop http 命令结束
重启phpstudy,这个时候Apache基本就能启动成功了
最后在.htaccess里加入 实现http转跳到https上
下列代码修改自己域名
<IfModule mod_rewrite.c>RewriteEngine OnRewriteBase /RewriteCond %{SERVER_PORT} 80RewriteRule ^(.*)$ https://www.chu.mn/$1 [R=301,L]</IfModule>
此时https服务器基本配置结束,可以正常运行。下面到小程序开发界面。
再次进行小程序变异,此时可能会出现的问题如图
小程序要求TLS版本必须大于等于1.2。
四、TLS1.2安转、配置及启用
1、打开windows powershell
右击屏幕左下角的开始->所有程序->附件->“Windows PowerShell”。
2、
在 PowerShell中运行以下内容, 然后重启服务器
# Enables TLS
1.2
on windows Server
2008
R2 and Windows
7
# These keys
do
not exist so they need to be created prior to setting values.md
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2"
md
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
md
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
# Enable TLS
1.2
for
client and server SCHANNEL communications
new
-itemproperty -path
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
-name
"Enabled"
-value
1
-PropertyType
"DWord"
new
-itemproperty -path
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
-name
"DisabledByDefault"
-value
0
-PropertyType
"DWord"
new
-itemproperty -path
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
-name
"Enabled"
-value
1
-PropertyType
"DWord"
new
-itemproperty -path
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
-name
"DisabledByDefault"
-value
0
-PropertyType
"DWord"
# Disable SSL
2.0
(PCI Compliance)md
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"
new
-itemproperty -path
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"
-name Enabled -value
0
-PropertyType
"DWord"
# Enables TLS
1.2
on Windows Server
2008
R2 and Windows
7
# These keys
do
not exist so they need to be created prior to setting values. md
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2"
md
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
md
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
# Enable TLS
1.2
for
client and server SCHANNEL communications
new
-itemproperty -path
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
-name
"Enabled"
-value
1
-PropertyType
"DWord"
new
-itemproperty -path
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
-name
"DisabledByDefault"
-value
0
-PropertyType
"DWord"
new
-itemproperty -path
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
-name
"Enabled"
-value
1
-PropertyType
"DWord"
new
-itemproperty -path
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
-name
"DisabledByDefault"
-value
0
-PropertyType
"DWord"
# Disable SSL
2.0
(PCI Compliance) md
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"
new
-itemproperty -path
"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"
-name Enabled -value
0
-PropertyType
"DWord"
3、
将php版本升级至php5.5n
php5.5需要加载VC11运行库,请自行下载
链接: https://pan.baidu.com/s/1boFhCXh 密码: 4v3b
4、当步骤二中
SSLProtocol
配置为
all -SSLv2 -SSLv3
时不管怎么更改始终会报
小程序要求TLS版本必须大于等于1.2。
的错误。
当更改为
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
时服务器会启动不了,或启动自动停止。
解决方案:将此语句注释,即可。
SSLProtocol all -SSLv2 -SSLv3
为
#SSLProtocol all -SSLv2 -SSLv3
此时再次编译小程序可能会出现的问题是:
net::ERR_CONNECTION_REFUSED,尚不知原因所在
完结。
版权所有,转载请注明出处。
