本文介绍如何在
Linux配置Ningx正向代理企业微信API到内网环境。内网环境由于无法访问外网,不能直接调用企业微信API接口。
预备知识
- 自签发企业微信的对应域名SSL证书,基于OpenSSL自建CA证书、二级CA证书和SSL证书
- 什么是正向代理、反向代理、透明代理
企业微信的域名和作用
- qyapi.weixin.qq.com 企业微信的API
- open.work.weixin.qq.com 绑定企业微信使用
- wwcdn.weixin.qq.com 静态文件的CDN
nginx 配置
在/etc/nginx/conf.d目录下创建open.work.weixin.qq.com.conf文件,配置如下:
server {
listen 80;
server_name open.work.weixin.qq.com;
resolver 114.114.114.114 223.5.5.5 valid=3600s;
access_log /var/log/nginx/open.work.weixin.qq.com.access.log main;
error_log /var/log/nginx/open.work.weixin.qq.com.error.log;
location / {
index index.html;
proxy_pass http://open.work.weixin.qq.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
proxy_set_header X-Forwarded-proto https;
}
}
server{
listen 443 ssl;
server_name open.work.weixin.qq.com;
resolver 114.114.114.114 223.5.5.5 valid=3600s;
access_log /var/log/nginx/open.work.weixin.qq.com.access.log;
error_log /var/log/nginx/open.work.weixin.qq.com.error.log;
ssl_certificate /etc/nginx/conf.d/cert/all.jshbank.com.bundle.crt;
ssl_certificate_key /etc/nginx/conf.d/cert/all.jshbank.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
index index.html;
proxy_pass https://open.work.weixin.qq.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
proxy_set_header X-Forwarded-proto https;
proxy_buffers 8 512k;
proxy_buffer_size 2024k;
proxy_busy_buffers_size 2024k;
proxy_read_timeout 3000;
}
}
参照open.work.weixin.qq.com.conf创建其他两个域名的配置文件,然后执行 nginx -s reload 即可。
专栏文章
- Nginx 配置企业微信API正向代理到内网环境(当前)
- Nginx 代理 MySQL 端口
- Nginx proxy_pass 配置转发 / 路径问题
- Nginx 配置密码认证
- Nginx 配置 CPU 亲和性
- Nginx 配置 UDP/TCP/WebSocket 反向代理
- Nginx 配置目录文件列表显示功能
- Nginx 配置 gzip 压缩、缓存功能
- Nginx 配置端口转发
最近更新
最新评论
加载中...