使用nginx作为http/https正向代理
默认nginx是不支持https的正向代理的,要想通过nginx的正向代理,作为https服务器,需要增加一个模块并重新编译nginx。 环境: centos 7 所需要的文件: https://github.com/chobits/ngx_http_proxy_connect_module http://nginx.org/packages/centos/7/SRPMS/nginx-1.12.2-1.el7_4.ngx.src.rpm 安装编译工具 yum install gcc gcc-c++ make -y yum install rpm-build rpmdevtools -y 安装依赖 yum install pcre-devel pcre -y yum install zlib-devel zlib -y yum install openssl-devel openssl -y yum install redhat-lsb-core -y 下载nginx源码、模块源码及rpm构建包 cd /root # 用于支持https代理的模块 git clone https://github.com/chobits/ngx_http_proxy_connect_module.git # rpm构建及nginx源码 wget http://nginx.org/packages/centos/7/SRPMS/nginx-1.12.2-1.el7_4.ngx.src.rpm 修改nginx的src rpm包,增加ngx_http_proxy_connect_module模块 # 初始化rpmbuild目录 cd /root rpmdev-setuptree cp /root/nginx-1.12.2-1.el7_4.ngx.src.rpm /root/rpmbuild/SOURCES/ cd /root/rpmbuild/SOURCES/ rpm2cpio nginx-1.12.2-1.el7_4.ngx.src.rpm |cpio -dvi rm /root/rpmbuild/SOURCES/nginx-1.12.2-1.el7_4.ngx.src.rpm tar -xf nginx-1.12.2.tar.gz cd /root/rpmbuild/SOURCES/nginx-1.12.2 # 针对不同nginx版本,需要用不同的path文件,详见该项目github首页 patch -p1 < /root/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite.patch cd cd /root/rpmbuild/SOURCES/ tar -czvf nginx-1.12.2.tar.gz nginx-1.12.2 修改nginx.spec文件,增加模块的编译选项 将nginx.spec中的configure命令中,增加--add-module=/root/ngx_http_proxy_connect_module选项。 修改后的命令: %build ./configure %{BASE_CONFIGURE_ARGS} \ --add-module=/root/ngx_http_proxy_connect_module \ --with-cc-opt="%{WITH_CC_OPT}" \ --with-ld-opt="%{WITH_LD_OPT}" \ --with-debug make %{?_smp_mflags} %{__mv} %{bdir}/objs/nginx \ %{bdir}/objs/nginx-debug ./configure %{BASE_CONFIGURE_ARGS} \ --add-module=/root/ngx_http_proxy_connect_module \ --with-cc-opt="%{WITH_CC_OPT}" \ --with-ld-opt="%{WITH_LD_OPT}" make %{?_smp_mflags} 编译rpm包 rpmbuild -bb nginx.spec rpm包,在/root/rpmbuild/RPMS路径下。 修改nginx配置文件 基本的http代理,配置文件/etc/nginx/conf.d/proxy.conf如下。为了适配https,我们需要增加connect语句相关的配置。 简单的http代理,配置文件 server { resolver 114.114.114.114; listen 9999; access_log /var/log/nginx/http_proxy.access.log main; error_log /var/log/nginx/http_proxy.error.log; location / { proxy_pass $scheme://$http_host$request_uri; } } https/http代理配置文件 server { resolver 114.114.114.114; listen 9999; proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; access_log /var/log/nginx/http_proxy.access.log main; error_log /var/log/nginx/http_proxy.error.log; location / { proxy_pass $scheme://$http_host$request_uri; } }