nginx如何代理ssl

参考文章

https://www.cnblogs.com/brithToSpring/p/16228024.html

https://www.cnblogs.com/yanjieli/p/15229907.html

 

核心是用到这个第三方模块: https://github.com/chobits/ngx_http_proxy_connect_module

 

下载相关软件

nginx

https://nginx.org/en/download.html

我使用了当前最新的版本: nginx-1.27.2

wget https://nginx.org/download/nginx-1.27.2.tar.gz

!!!注意!!! 

版本是一个很关键的问题来的,下面会讲到

 

http代理模块

我使用了当前最新的版本: 0.0.7

wget https://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/tags/v0.0.7.tar.gz

!!!注意!!! 

该模块安装说明里面,有个很关键的地方

由于我使用的nginx是1.27.2,所以上面的命令,需要改为

patch -p1 < /path/to/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch

 

编译安装

打补丁

tar -xzvf nginx-1.27.2.tar.gz
cd nginx-1.27.2/
patch -p1 < /path/to/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch

编译

./configure \
--user=nginx \
--group=nginx \
--prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-threads \
--with-stream \
--with-stream_ssl_preread_module \
--with-stream_ssl_module

安装

make && make install

 

配置参考

http配置

server {
     listen  443;

     # dns resolver used by forward proxying
     resolver  114.114.114.114;

     # forward proxy for CONNECT request
     proxy_connect;
     proxy_connect_allow            443;
     proxy_connect_connect_timeout  10s;
     proxy_connect_read_timeout     10s;
     proxy_connect_send_timeout     10s;

     # forward proxy for non-CONNECT request
     location / {
         proxy_pass http://$host;
         proxy_set_header Host $host;
     }
 }

 

stream配置

stream {
    resolver 114.114.114.114;
    server {
        listen 443;
        ssl_preread on;
        proxy_connect_timeout 5s;
        proxy_pass $ssl_preread_server_name:$server_port;
    }
}

 

设置nginx为系统启动

cat > /etc/systemd/system/nginx.service << EOF
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF

启动nginx

systemctl daemon-reload
systemctl start nginx

 

posted @ 2024-10-11 10:24  DavidHHuan  阅读(7)  评论(0编辑  收藏  举报