nginx 正向代理
环境规划
|
序号 |
IP地址 |
操作系统 |
用途 |
|
1 |
192.168.174.126(外网) 192.168.80.128 (内网) |
ubuntu 23.10 |
代理服务器 |
|
2 |
192.168.80.129 (内网) |
ubuntu 23.10 |
Linux客户端 |
软件版本
nginx:1.24.0
代理模块:proxy_connect_rewrite_102101.patch安装 nginx
# cd nginx-1.24.0# patch -p1 < /root/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patchpatching file src/http/ngx_http_core_module.c
patching file src/http/ngx_http_parse.c
patching file src/http/ngx_http_request.c
Hunk #1 succeeded at 1104 (offset -14 lines).
Hunk #2 succeeded at 1742 (offset -14 lines).
Hunk #3 succeeded at 2045 (offset -30 lines).
patching file src/http/ngx_http_request.h
Hunk #1 succeeded at 416 (offset 5 lines).
patching file src/http/ngx_http_variables.c./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-stream_ssl_preread_module --with-poll_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-stream --with-stream_ssl_module --with-cc-opt=-Wno-error --with-ld-opt= --user=nginx --group=nginx --with-threads --with-file-aio --http-client-body-temp-path=/usr/local/nginx/client/ --http-proxy-temp-path=/usr/local/nginx/proxy/ --http-fastcgi-temp-path=/usr/local/nginx/fcgi/ --http-uwsgi-temp-path=/usr/local/nginx/uwsgi --http-scgi-temp-path=/usr/local/nginx/scgi --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --pid-path=/usr/local/nginx/nginx.pid --lock-path=/usr/local/nginx/nginx.lock --with-pcre --add-module=/root/ngx_http_proxy_connect_modulemake -j 8 && make installproxy.conf
server {
listen 88;
server_name localhost;
resolver 202.106.0.20 ipv6=off; # DNS解析, 禁用 ipv6
# 配置代理请求的缓冲区大小
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# ngx_http_proxy_connect_module 参数配置
proxy_connect;
proxy_connect_allow 443 563;
proxy_connect_timeout 30s;
proxy_connect_send_timeout 60s;
proxy_connect_read_timeout 60s;
# 设置代理访问日志
#access_log /var/log/nginx/proxy.access.log main;
location / {
# 配置需要代理的目标服务器地址和端口
proxy_pass http://$http_host;
# 配置代理请求的头信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 配置代理超时时间
proxy_connect_timeout 5s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
# 配置代理请求的缓冲区大小
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
# 可选:禁用缓存
# proxy_cache off;
}
}客户端代理配置
export http_proxy=http://192.168.80.128:88export https_proxy=http://192.168.80.128:88客户端HTTP测试
# curl -I http://www.baidu.comHTTP/1.1 200 OK
Server: nginx/1.24.0
Date: Mon, 18 Mar 2024 04:47:20 GMT
Content-Type: text/html
Content-Length: 277
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache客户端HTTPS测试
# curl -I https://www.baidu.comHTTP/1.1 200 Connection Established
Proxy-agent: nginx
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Mon, 18 Mar 2024 04:48:14 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18参考文档
https://github.com/chobits/ngx_http_proxy_connect_module
