Nginx正向代理
1、下载安装nginx
# 1、安装nginx相关依赖
yum -y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel
# 2、下载nginx
wget https://nginx.org/download/nginx-1.14.0.tar.gz
# 3、解压
tar -xzvf nginx-1.14.0.tar.gz
cd nginx-1.14.0
./configure --prefix=/usr/local/nginx --sbin-path=/usr/bin/nginx --with-http_stub_status_module --with-http_ssl_module
# 4、编译安装
make && make install
2、配置Nginx支持https正向代理
# 1、下载ngx_http_proxy_connect_module,该模块主要用于隧道SSL请求的代理服务器
git clone https://github.com/chobits/ngx_http_proxy_connect_module
# 2、进入解压nginx-1.14.0解压后的文件夹下打补丁
patch -p1 < /kay/ngx_http_proxy_connect_module/patch/proxy_connect_1014.patch
# 3、添加ngx_http_proxy_connect_module模块
./configure --prefix=/usr/local/nginx --add-module=/kay/ngx_http_proxy_connect_module --with-http_ssl_module
# 4、编译
make
# 5、将编译后的nginx,替换掉之前安装的nginx;如果未安装可以直接使用make install进行安装
cp /kay/nginx-1.14.0/objs/nginx /usr/bin/
3、配置nginx.conf
server {
resolver 114.114.114.114; #指定DNS服务器IP地址
listen 80;
location / {
proxy_pass http://$host$request_uri; #设定代理服务器的协议和地址
proxy_set_header HOST $host;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_next_upstream error timeout invalid_header http_502;
}
}
server {
resolver 114.114.114.114; #指定DNS服务器IP地址
listen 8443;
proxy_connect;
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_set_header Host $http_host;
proxy_pass https://$host$request_uri; #设定代理服务器的协议和地址
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_next_upstream error timeout invalid_header http_502;
}
}
4、测试
# https
curl --proxy localhost:8443 https://www.baidu.com
# http
curl --proxy localhost:80 http://www.baidu.com
参考
https://blog.csdn.net/luChenH/article/details/107553493
https://blog.csdn.net/luChenH/article/details/107553493
