实现内网主机既能访问yum源,又能curl通baidu,外网nginx的配置
实现内网主机既能访问yum源,又能curl通baidu,外网nginx的配置
#注释部分是因为缺少ngx_http_proxy_connect_modul模块,加上docker会启动失败
物理机上直接部署可以不用注释
server { listen 80; server_name localhost; resolver 211.136.17.107; #proxy_connect all ; #proxy_connect_allow 443 563; proxy_connect_timeout 10s; #proxy_connect_read_timeout 10s; #proxy_connect_send_timeout 10s; allow 127.0.0.1; allow 172.30.201.0/24; deny all; location / { proxy_pass http://$host; proxy_set_header Host $host; client_max_body_size 100M; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
在内网主机配置vi /etc/profile
http_proxy=http://外网IP:宿主机端口
export http_proxy
source /etc/profile
在物理机上部署,实现内网主机既能访问yum源,又能curl通baidu,外网nginx的配置,加载
ngx_http_proxy_connect_module模块
yum -y install gcc gcc-c++ autoconf automake pcre pcre-devel openssl openssl-devel patch git net-tools mkdir -p /downloads && cd /downloads wget http://nginx.org/download/nginx-1.17.2.tar.gz && tar -xf nginx-1.17.2.tar.gz git clone https://github.com/chobits/ngx_http_proxy_connect_module.git cd nginx-1.17.2 patch -p1 </downloads/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_101504.patch ./configure --add-module=/downloads/ngx_http_proxy_connect_module make && make install
nignx的配置文件
#user nobody; worker_processes auto; #worker_rlimit_nofile 65535; events { worker_connections 2048; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 8443; resolver 211.136.17.107; proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; allow 127.0.0.1; allow 172.30.201.0/24; deny all; location / { proxy_pass http://$host; proxy_set_header Host $host; client_max_body_size 100M; } } }
内网主机配置一样
内网主机能够使用pip,curl,yum
#user nobody; worker_processes auto; worker_rlimit_nofile 65535; events { worker_connections 20480; } http { include mime.types; default_type application/octet-stream; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { resolver 211.136.17.107; listen 8080; location / { proxy_pass http://$http_host$request_uri; proxy_set_header HOST $http_host; proxy_buffers 256 4k; proxy_max_temp_file_size 0k; proxy_connect_timeout 30; proxy_send_timeout 60; proxy_read_timeout 60; proxy_next_upstream error timeout invalid_header http_502; } } server { listen 8443; # dns resolver used by forward proxying resolver 211.136.17.107; # forward proxy for CONNECT request proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; # forward proxy for non-CONNECT request location / { proxy_pass http://$host; proxy_set_header Host $host; } } }
在内网主机配置vi /etc/profile
http_proxy=http://外网IP:宿主机端口,8080和8443
export http_proxy
source /etc/profile
继续,,,,,,,,,,,,,,
