cetnos 7.6 nginx1.16 正向代理https

卸载nginx

rm -rf file /usr/local/nginx*

 

nginx正向代理默认只支持http，不支持https，需借助第三方模块“ngx_http_proxy_connect_module”来实现（https://github.com/chobits/ngx_http_proxy_connect_module）。

yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel

 

wget http://nginx.org/download/nginx-1.16.0.tar.gz

tar -xzvf nginx-1.16.0.tar.gz

cd nginx-1.16.0

patch -p1 < /root/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_101504.patch #这里需要根据nginx版本选择

./configure --add-dynamic-module=/root/ngx_http_proxy_connect_module --with-http_ssl_module #ssl模块根据自己需求加

make && make install

　　

修改nginx配置

 

load_module /usr/local/nginx/modules/ngx_http_proxy_connect_module.so;


  server {
     listen                         7890;

     # dns resolver used by forward proxying
     resolver                       8.8.8.8;

     # forward proxy for CONNECT request
     proxy_connect;
     proxy_connect_allow            443 563;
     proxy_connect_connect_timeout  10s;
     proxy_connect_read_timeout     10s;
     proxy_connect_send_timeout     10s;

     # forward proxy for non-CONNECT request
     location / {
         proxy_pass $scheme://$host;
         proxy_set_header Host $host;
     }
    
    location ^~ /bx_wx_api/{
	proxy_pass https://api.weixin.qq.com/;
        proxy_set_header Host $host; #必带头部信息，不然会302重定向返回
    }
    	    

 }

　　

最后启动nginx 生效

/usr/local/nginx/sbin/nginx -s reload