微信小程序后台请求越来越严格
1.request要求用https
2.websocket要求用wss
3.测试后发现websocket只能走433端口
作为.net开发,websocket又是使用的第三方平台,这个时候https绑定ssl会占用433端口,导致第三方平台websocket无法使用
最开始想,IIS使用80端口,websocket使用433,但是433被iis站点绑定的https占用,导致Nginx无法监听433
然后索性IIS弃用80端口和433端口,卸载掉IIS7/8的SSL证书,换用Nginx的SSL证书,
然后IIS建立的站点端口修改为非80,433端口,换为其他,如:8080
最后在Nginx中添加反向代理,针对https80端口的,指向IIS8080端口,针对wss的,指向第三方websocket
Nginx代理设置如下,我自己用的是奥点云websocket
upstream mqtt {
#奥点云地址
server mqtt.dms.aodianyun.com:8000;
}
# HTTPS server
#
server {
listen80;
listen 443 ssl;
server_namelocalfind.cn;
#sslon;
ssl_certificate D:\path\my.pem;
ssl_certificate_key D:\path\my.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
#ssl_session_cache builtin:1000 shared:SSL:5m;
#ssl_buffer_size 1400;
#add_header Strict-Transport-Security max-age=15768000;
#ssl_stapling on;
#ssl_stapling_verify on;
location /dictionaries {
proxy_pass http://mywebsite.cn:8080/dictionaries/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /mqtt {
proxy_pass http://mqtt;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}