1. Prepare basic hardware. The following uses Windows Server 2008 as an example
/ / 1 host
//1 world Wide Web domain name
// The domain name is authenticated by SSL
//– install the following on the server
//——nginx
//——wampserver
//———-Apache
//———-Mysql
//———-PHP
//——node
//———express
//——pm2
1. Take Tencent Cloud as an example to set up a server
1. Resolve the DNS between the host and the domain name
1. Purchase cloud host, as shown in the following figure:
2. The domain name is purchased successfully and authenticated, as shown in the following figure:
3. Add a domain name resolution rule:
4. The SSL authentication:
5. The SSL certificate
After successful authentication, you can download the certificate to configure your own server.
The configurations of different servers are as follows:
Refer to www.qcloud.com/document/pr…
2. The author uses the Nginx certificate for deployment
2.1 Obtaining a Certificate
1www.domain.com_bundle. CRT and private key file 2www.domain.com.key, 1 _www.domain.com _bundle. CRT file contains two pieces of code CERTIFICATE “– — — — — BEGIN CERTIFICATE — — — — –” and “CERTIFICATE — — — — — END — — — — –“, 2_www.domain.com.key The file contains the PRIVATE KEY codes —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—–.
2.2 Certificate Installation
Save the certificate file 1www.domain.com_bundle. CRT and private key file 2www.domain.com.key of the domain name www.domain.com to the same directory, for example, /usr/local/nginx/conf. Update the conf/nginx.conf file in the Nginx root directory:
server {
listen 443;
server_name www.domain.com; Enter the domain name of the binding certificate
ssl on;
ssl_certificate 1_www.domain.com_bundle.crt;
ssl_certificate_key 2_www.domain.com.key;
ssl_session_timeout 5m;
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Configure according to this protocol
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:! aNULL:! MD5:! RC4:! DHE; Configure as per this suite
ssl_prefer_server_ciphers on;
location / {
root html; # site directory
index index.html index.htm;
}
}
After the configuration is complete, run bin/nginx -t to check whether the configuration is correct. If yes, restart nginx. You can make https://www.domain.com to access.
Note:
|
Configuration file parameters |
instructions |
|
listen 443 |
SSL
The access port number is
443
|
|
ssl on |
To enable the
SSL
function
|
|
ssl_certificate |
The certificate file |
|
ssl_certificate_key |
The private key file |
|
ssl_protocols |
Protocol used |
|
ssl_ciphers |
Configure the encryption suite
openssl
standard
|
2.3 (Optional) Using Full-site Encryption to Automatically Skip FROM HTTP to HTTPS
Let the server automatically redirect HTTP requests to HTTPS if the user does not know that the site can be accessed through HTTPS. On the server side of the configuration, you can add JAVASCRIPT to the page, you can write redirection in the backend application, of course, you can also realize the jump on the Web server. Rewrite ^(.*) https://$host$1 permanent; rewrite ^(.*) https://$host$1 permanent; This will enable the request in 80 to redirect to HTTPS.
Server Configuration
Reference documents: github.com/tencentyun/…
Background service principle:
2. Next configure the server (take demo of official Sammu chat room as an example)
2.1 nginx configuration
server {
listen 443;
server_name www.lovmin.cn; Enter the domain name of the binding certificate
ssl on;
ssl_certificate 1_www.lovmin.cn_bundle.crt; Download a good certificate file
ssl_certificate_key 2_www.lovmin.cn.key; Download a good certificate file
ssl_session_timeout 5m;
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Configure according to this protocol
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:! aNULL:! MD5:! RC4:! DHE; Configure as per this suite
ssl_prefer_server_ciphers on;
location / {
proxy_pass localhost:5757; #node server address and port: localhost
}
}
2.2 Configuring the Chatroom Server Service
Note: The Window Server configuration file needs to be manually created into C:\qcloud\sdk.config
{
“ServerHost “: “www.zhangximufeng.com”,// Server domain name
“AuthServerUrl” : “http://10.141.19.17:8000/”, / / authentication server address (in fact, the apache server address)
“TunnelServerUrl “: “https://ws.qcloud.com”,// this can not be changed, channel server address
“TunnelSignatureKey” : “7 fb7d1c161b7ca52d73cce0f1d833f9f5b5ec89”, / / random code
“NetworkTimeout” : 30000 / / don’t change
}
Reference Document Address:
Github.com/tencentyun/…
The demo source code
Github.com/tencentyun/…
2.3 Apache server (authentication server) configuration and database design
Authentication server
Download the official session server source code
Session server source
Github.com/tencentyun/…
After selecting an appropriate deployment mode, deploy the Wafer service based on the deployment type:
· Automatic deployment – The session server is ready to use without any action
· Image deployment – Follow the steps below for initialization
· Self-deployment – Follow the steps below for initialization
Environment to prepare
Ensure that the WAMP environment is installed on the machine. You can install LAMP on the Linux server
Code deployment
Deploy the project code to the /opt/lampp/htdocs/mina_auth directory.
Automatically build table
Create the required tables at run time by executing the following command:
/opt/lampp/bin/mysql -u root -p mypassword < /opt/lampp/htdocs/mina_auth/system/db/db.sql
Initialize appId and appSecret
After logging in to MySql, manually insert the configuration into the cAuth table.
/opt/lampp/bin/mysql -u root -p root
use cAuth;
insert into cAppinfo set appid=’Your appid’,secret=’Your secret’;
Test service availability
curl -i -d'{“version”:1,”componentName”:”MA”,”interface”:{“interfaceName”:”qcloud.cam.id_skey”,”para”:{“code”:”001EWYiD1CVtKg0jX GjD1e6WiD1EWYiC”,”encrypt_data”:”DNlJKYA0mJ3+RDXD/syznaLVLlaF4drGzeZvJFmjnEKtOAi37kAzC/1tCBr7KqGX8EpiLuWl8qt/kcH9a4LxDC5 LQvlRLJlDogTEIwtlT/2jBWBuWwBC3vWFhm7Uuq5AOLZV+xG9UmWPKECDZX9UZpWcPRGQpiY8OOUNBAywVniJv6rC2eADFimdRR2qPiebdC3cry7QAvgvttt 1Wk56Nb/1TmIbtJRTay5wb+6AY1H7AT1xPoB6XAXW3RqODXtRR0hZT1s/o5y209Vcc6EBal5QdsbJroXa020ZSD62EnlrOwgYnXy5c8SO+bzNAfRw59SVbI4 wUNYz6kJb4NDn+y9dlASRjlt8Rau4xTQS+fZSi8HHUwkwE6RRak3qo8YZ7FWWbN2uwUKgQNlc/MfAfLRcfQw4XUqIdn9lxtRblaY=”}}}’ http://127.0.0.1/mina_auth/
According to the source db. SQL file to establish a database
Database design
The global information table cAppInfo stores configuration items required by the session service.
Field
Type
Null
key
Extra
appid
varchar(200)
NO
PRI
AppId assigned by wechat when applying for wechat applets developer
secret
varchar(300)
NO
AppSecret assigned by wechat when applying for small program developer
login_duration
int(11)
NO
The login expiration time, expressed in days, is 30 by default
session_duration
int(11)
NO
|
Session expiration time, in seconds. Default: 2592000 seconds (30 days) |
Session logging cSessionInfo stores data for each session.
Field
Type
Null
key
Extra
id
int(11)
NO
MUL
uuid
varchar(100)
NO
Session uuid
skey
varchar(100)
NO
Session Skey
create_time
datetime
NO
last_visit_time
datetime
NO
open_id
varchar(100)
NO
MUL
session_key
varchar(100)
NO
The ‘session_key’ value returned by the wechat server
user_info
varchar(2048)
YES
Decrypted user data
|
|
|
Session ID (self-growth)
|
|
|
|
|
|
Session creation time: used to determine whether the open_id and session_key of a session are expired
cAppInfo
Fields in the table
login_duration
Configured days)
|
|
Last access time, used to determine whether the session has expired
cAppInfo
Fields in the table
session_duration
Number of configured seconds)
|
|
Returned by wechat server
open_id
value
|
|
|
|
|
For details about the SQL script for creating a database, see db.sql
Setting up the session management server
Note for server configuration:
1. Ensure that the user name and password for connecting to the mysql database in the source code of the session server are consistent with the database
2. The sdK. config file has different locations in different server systems. For specific locations, please read the SDK source config.js file
3, sdK. config file can not have comments (later will be string to object)
Applets client configuration
Reference documents: github.com/tencentyun/…
Demo address: github.com/tencentyun/…
/ * *
* Applets configuration file
* config.js
* /
// Change the host domain name to the domain name assigned by Tencent Cloud Solution
var host = ‘www.lovmin.com’;
var config = {
// The following address works with cloud Demo
service: {
host,
// Login address, used to establish a session
loginUrl: `https://${host}/login`,
// Test the request address, used to test the session
requestUrl: `https://${host}/user`,
// Test the channel service address
tunnelUrl: `https://${host}/tunnel`,
}
};
module.exports = config;
Developer Settings
