Created
February 7, 2017 06:24
-
-
Save stableShip/dbdcd27b91dba39c7422a6fb786c9e17 to your computer and use it in GitHub Desktop.
阿里oss使用nginx代理https测试报告
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## 阿里oss使用nginx代理https测试报告 | |
| ### 需求 | |
| 现苹果app store要求启用https增加app安全, 需要对项目中的阿里oss文件服务,进行https包装 | |
| ### 方案 | |
| 因阿里oss本身不支持https | |
| 所以使用nginx作反向代理, 在nginx层添加https相关配置, 所有请求先通过nginx, 再转发到系统内部逻辑服务器. | |
| ### 参考资料 | |
| https://help.aliyun.com/knowledge_detail/39544.html | |
| ### nginx基础配置 | |
| ``` | |
| server{ | |
| # 配置请求的域名 | |
| server_name *.xxx.com; | |
| # 配置监听端口 | |
| listen 443 default_server; | |
| # 启用nginx的ssl,用于支持https | |
| ssl on; | |
| # https证书配置 | |
| ssl_certificate /etc/nginx/crt/www.demo580.com_bundle.crt; | |
| ssl_certificate_key /etc/nginx/crt/www.demo580.com.key; | |
| # https的session超时时间 | |
| ssl_session_timeout 5m; | |
| # https请求的支持的protocol | |
| ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2; | |
| # 配置 会话使用的加密算法 | |
| ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; | |
| ssl_prefer_server_ciphers on; | |
| # 配置相关路由 | |
| location / { | |
| # 设置请求头X-Real-IP, X-Forwarded-For为请求真实ip | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| # 设置请求头Host为请求地址 | |
| proxy_set_header Host $http_host; | |
| # 设置转发请求的服务器地址 | |
| proxy_pass http://127.0.0.1:3000/; | |
| } | |
| # 配置oss反向代理 | |
| location /oss { | |
| # 直接将所有请求转发到阿里oss服务器 | |
| proxy_pass http://ali.oss-cn-shenzhen.aliyuncs.com/; | |
| } | |
| } | |
| ``` | |
| # 配置后 | |
| 原阿里oss链接: | |
| http://sq580.oss-cn-shenzhen.aliyuncs.com/sq580/banner/img/1484647073773_bannerImage1484285741038.jpg | |
| 反向代理链接: | |
| https://www.demo580.com/sq580oss/sq580/banner/img/1484647073773_bannerImage1484285741038.jpg | |
| # 测试 | |
| 直接通过浏览器可以正常反问反向代理后的oss链接, 获取到文件. | |
| ## app测试方法 | |
| 现项目中对oss文件链接保存到数据库存在两种方式: | |
| 1. 直接将上传到oss后,返回的url保存到数据库中, 客户端请求直接返回. (医生身份证明) | |
| 2. 保存上传的相对路径到数据库中, 客户端请求时,进行拼接后返回给客户端. (banner图片) | |
| 修改获取banner图片相关接口: | |
| 修改其返回的banner图片地址如下: | |
| ``` | |
| // imageHost: ali.oss-cn-shenzhen.aliyuncs.com | |
| - bannerImage: {$concat: ["http://", config.ALIOSS.imageHost, "/", "$bannerImage"]}, | |
| // imageHost: nginx反向代理地址 | |
| + bannerImage: {$concat: ["https://", config.ALIOSS.imageHost, "/", "$bannerImage"]}, | |
| ``` | |
| ## Ios | |
| 请客户端进行添加ats设置, 打包, 测试可以正常显示banner, banner相关功能正常 | |
| ## Android | |
| 使用未添加https的android客户端, 可以正常显示banner, 没有出现问题 | |
| ## 后台管理 | |
| 页面错误, 提示https, 需要将所有请求都转换成https, 才能正常运行网页 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment