nginx如何代理ssl
参考文章
https://www.cnblogs.com/brithToSpring/p/16228024.html
https://www.cnblogs.com/yanjieli/p/15229907.html
核心是用到这个第三方模块: https://github.com/chobits/ngx_http_proxy_connect_module
下载相关软件
nginx
https://nginx.org/en/download.html
我使用了当前最新的版本: nginx-1.27.2
wget https://nginx.org/download/nginx-1.27.2.tar.gz
!!!注意!!!
版本是一个很关键的问题来的,下面会讲到
http代理模块
我使用了当前最新的版本: 0.0.7
wget https://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/tags/v0.0.7.tar.gz
!!!注意!!!
该模块安装说明里面,有个很关键的地方
由于我使用的nginx是1.27.2,所以上面的命令,需要改为
patch -p1 < /path/to/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch
编译安装
打补丁
tar -xzvf nginx-1.27.2.tar.gz cd nginx-1.27.2/ patch -p1 < /path/to/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch
编译
./configure \ --user=nginx \ --group=nginx \ --prefix=/usr/local/nginx \ --with-http_ssl_module \ --with-http_stub_status_module \ --with-http_realip_module \ --with-threads \ --with-stream \ --with-stream_ssl_preread_module \ --with-stream_ssl_module
安装
make && make install
配置参考
http配置
server { listen 443; # dns resolver used by forward proxying resolver 114.114.114.114; # forward proxy for CONNECT request proxy_connect; proxy_connect_allow 443; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; # forward proxy for non-CONNECT request location / { proxy_pass http://$host; proxy_set_header Host $host; } }
stream配置
stream { resolver 114.114.114.114; server { listen 443; ssl_preread on; proxy_connect_timeout 5s; proxy_pass $ssl_preread_server_name:$server_port; } }
设置nginx为系统启动
cat > /etc/systemd/system/nginx.service << EOF [Unit] Description=The NGINX HTTP and reverse proxy server After=syslog.target network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target EOF
启动nginx
systemctl daemon-reload systemctl start nginx