Home Archives Categories Tags

企业微信API正向代理到内网环境

发布时间: 更新时间: 总字数:459 阅读时间:1m 作者: 分享

在内网环境调用企业微信相关接口,无法直接访问公网上的资源,可以通过Nginx配置将企业微信API正向代理到内网环境。

企业微信的域名和作用

  • qyapi.weixin.qq.com 企业微信的API
  • open.work.weixin.qq.com 绑定企业微信使用
  • wwcdn.weixin.qq.com 静态文件的CDN

Nginx配置

自签发SSL证书

企业微信官方的域名采用SSL认证,在代理时,建议自签发SSL证书,证书中应包括企业微信的对应域名,可以参考 https://www.xiexianbin.cn/http/2017-02-15-openssl-self-sign-ca/index.html

NGINX配置

/etc/nginx/conf.d目录下创建open.work.weixin.qq.com.conf文件,配置如下:

server {
    listen  80;
    server_name  open.work.weixin.qq.com;
    resolver 114.114.114.114 223.5.5.5 valid=3600s;

    access_log   /var/log/nginx/open.work.weixin.qq.com.access.log main;
    error_log    /var/log/nginx/open.work.weixin.qq.com.error.log;

    location / {
        index index.html;
        proxy_pass http://open.work.weixin.qq.com;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-proto https;
    }
}

server{
    listen 443 ssl;
    server_name  open.work.weixin.qq.com;
    resolver 114.114.114.114 223.5.5.5 valid=3600s;
    access_log   /var/log/nginx/open.work.weixin.qq.com.access.log;
    error_log    /var/log/nginx/open.work.weixin.qq.com.error.log;

    ssl_certificate            /etc/nginx/conf.d/cert/all.jshbank.com.bundle.crt;
    ssl_certificate_key        /etc/nginx/conf.d/cert/all.jshbank.com.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        index index.html;
        proxy_pass https://open.work.weixin.qq.com;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-proto https;
        proxy_buffers 8 512k;
        proxy_buffer_size 2024k;
        proxy_busy_buffers_size 2024k;
        proxy_read_timeout 3000;
    }
}

参照open.work.weixin.qq.com.conf创建其他两个域名的配置文件,然后执行 nginx -s reload 即可。

最新评论
加载中...