1.nginx配置文件1)上传证书文件到/usr/local/nginx/sslkey/目录下,没有的话可以自己新建一个目录。2)新建nginx.conf,其配置如下:userroot;worker_processes1;#error_loglogs/error.log;#error_loglogs/error.lognotice;#error_loglogs/error.loginfo;#pidlogs/nginx.pid;events{worker_connections1024;}http{includemime.types;fastcgi_buffers816k;fastcgi_buffer_size32k;fastcgi_connect_timeout300;fastcgi_send_timeout300;fastcgi_read_timeout300;default_type应用程序/八位字节流;#log_formatmain'$remote_addr-$remote_user[$time_local]"$request"'#'$status$body_bytes_sent"$http_referer"'#'"$http_user_agent""$http_x_forwarded_for"';#access_log日志/access.logmain;发送文件;#tcp_nopush上;#keepalive_timeout0;keepalive_timeout65;gzip上;gzip_min_length1k;gzip_buffers416k;gzip_http_version1.1;gzip_comp_level9;gzip_types文本/普通应用程序/x-javascript文本/css应用程序on/xml文本/javascript应用程序/x-httpd-php应用程序/javascript应用程序/json;gzip_disable"MSIE[1-6]\.";gzip_vary开启;服务器{听80;服务器名称zomem.com;重写^(.*)https://$server_name$1永久;error_page500502503504/50x.html;location=/50x.html{root/usr/share/nginx/html;}}服务器{听443sslhttp2;服务器名称zomem.com;ssl_certificate/usr/local/nginx/sslkey/zomem.com.pem;ssl_certificate_key/usr/local/nginx/sslkey/zomem.com.key;ssl_ciphers'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';ssl_protocolsTLSv1TLSv1.1TLSv1.2;ssl_prefer_server_ciphers开启;add_headerStrict-Transport-Security"max-age=31536000";ssl_session_cache共享:SSL:10m;ssl_session_timeout10m;fastcgi_paramHTTPS开启;fastcgi_paramHTTP_SCHEMEhttps;位置/{proxy_passhttp://127.0.0.1:3080;}location/api/bidu/{proxy_passhttp://127.0.0.1:3000/;}}服务器{听80;服务器名称file.zomem.com;重写^(.*)https://$server_name$1永久;error_page500502503504/50x.html;location=/50x.html{root/usr/share/nginx/html;}}服务器{听443sslhttp2;服务器名称file.zomem.com;ssl_certificate/usr/local/nginx/ssl密钥/file.zomem.com.pem;ssl_certificate_key/usr/local/nginx/sslkey/file.zomem.com.key;ssl_ciphers'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';ssl_protocolsTLSv1TLSv1.1TLSv1.2;ssl_prefer_server_ciphers开启;add_headerStrict-Transport-Security"max-age=31536000";ssl_session_cache共享:SSL:10m;ssl_session_timeout10m;fastcgi_paramHTTPS开启;fastcgi_paramHTTP_SCHEMEhttps;位置/bidu{proxy_passhttp://127.0.0.1:6000/;其中,ssl_certificate/usr/local/nginx/sslkey/zomem.com.pem;ssl_certificate_key/usr/local/nginx/sslkey/zomem.com.key;是加载ssl证书文件,路径是location/api/bidu/之前上传的地方{proxy_passhttp://127.0.0.1:3000/;}是api的地址,服务器对应3000端口,请求地址为:https://zomem.com/api/bidu。location/bidu{proxy_passhttp://127.0.0.1:6000/;}为文件地址,对应服务器端口6000,文件地址为:https://file.zomem.com/bidu。编辑保存后覆盖服务配置文件:/usr/local/nginx/conf/nginx.conf,然后重启nginx。2.启动服务器,修改server/.env中的STATIC_URL=https://file.zomem.com/bidu,以及??对应的数据库账号密码等配置,然后将后台项目服务器中的内容上传到server/root/bidu/server,然后npminstall。启动服务器后台运行:cd~/bidu/serverpm2start./bin/www--namebiduApi启动图片服务器:pm2servestatic6000--namebiduImg--spa#在static文件目录下,启动一个6000端口服务像这样,cdn地址https://file.zomem.com/bidu会通过nginx转发到本机地址6000端口,也就是静态目录。验证cdn是否成功:直接在浏览器输入图片地址,如https://file.zomem.com/bidu/articles/1.jpg,检查网络,如果图片的ip不是服务器ip,表示使用cdn的ip。如果显示HIT,说明cdn成功,如果显示MISS,则说明失败。此时在小程序的app.js配置中,更改相应的界面和图片地址,即可使用。之后会上传审核,然后上线。没有想象中那么难~哈哈~/*更改在线地址*//*config:{api:'http://localhost:3000',file:'http://localhost:3000',}*/config:{api:'https://zomem.com/api/bidu',file:'https://file.zomem.com/bidu',}3.系统防火墙问题如果你在阿里云后台,打开它80和443端口仍然无法访问。很有可能是centos系统防火墙没有开放这两个端口。可以执行以下操作查看:查看防火墙状态firewall-cmd--statestopfirewallsystemctlstopfirewalld.service//暂时关闭防火墙,重启后systemctlrestartfirewalld//查看防火墙状态firewall-cmd--statefirewall-cmd--list-all//Disablefirewallsystemctldisablefirewalldsystemctlstopfirewalldsystemctlstatusfirewalld//启用firewallsystemctlenablefirewalldsystemctlstartfirewalldsystemctlstatusfirewallddisablefire启动systemctldisablefirewalld.service开放端口(白名单)firewall-cmd--zone=public--add-port=80/tcp--permanent命令含义:--zone#Scope--add-port=80/tcp#添加端口,格式为:端口/通信协议--permanent#永久有效,没有该参数,重启firewall-cmd后白名单失效--permanent--zone=public--remove-port=80/tcp重启防火墙firewall-cmd--reload查看新的防火墙规则firewall-cmd--list-alldemo地址
