本文介绍如何在 Linux 配置 Ningx 正向代理企业微信 API 到内网环境。内网环境由于无法访问外网,不能直接调用企业微信API接口。
预备知识
企业微信的域名和作用
- qyapi.weixin.qq.com 企业微信的API
- open.work.weixin.qq.com 绑定企业微信使用
- wwcdn.weixin.qq.com 静态文件的CDN
nginx 配置
在/etc/nginx/conf.d目录下创建open.work.weixin.qq.com.conf文件,配置如下:
server {
listen 80;
server_name open.work.weixin.qq.com;
resolver 114.114.114.114 223.5.5.5 valid=3600s;
access_log /var/log/nginx/open.work.weixin.qq.com.access.log main;
error_log /var/log/nginx/open.work.weixin.qq.com.error.log;
location / {
index index.html;
proxy_pass http://open.work.weixin.qq.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
proxy_set_header X-Forwarded-proto https;
}
}
server{
listen 443 ssl;
server_name open.work.weixin.qq.com;
resolver 114.114.114.114 223.5.5.5 valid=3600s;
access_log /var/log/nginx/open.work.weixin.qq.com.access.log;
error_log /var/log/nginx/open.work.weixin.qq.com.error.log;
ssl_certificate /etc/nginx/conf.d/cert/all.xiexianbin.cn.bundle.crt;
ssl_certificate_key /etc/nginx/conf.d/cert/all.xiexianbin.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
index index.html;
proxy_pass https://open.work.weixin.qq.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
proxy_set_header X-Forwarded-proto https;
proxy_buffers 8 512k;
proxy_buffer_size 2024k;
proxy_busy_buffers_size 2024k;
proxy_read_timeout 3000;
}
}
参照open.work.weixin.qq.com.conf创建其他两个域名的配置文件,然后执行 nginx -s reload 即可。