配置准备
正向代理,指的是通过代理服务器 代理浏览器/客户端去重定向请求访问到目标服务器 的一种代理服务。
正向代理服务的特点是代理服务器 代理的对象是浏览器/客户端,也就是对于目标服务器 来说浏览器/客户端是隐藏的。
nginx默认支持正向代理http,不支持https
nginx官方并不支持直接转发https请求,nginx支持https需要ngx_http_proxy_connect_module模块。github上开源了模块 https://github.com/chobits/ngx_http_proxy_connect_module。不过维护的ngx_http_proxy_connect_module模块的补丁也是有nginx版本限制的(目前维护了1.4.x~1.19.x版本)
可以在REDEME.md的Select patch中查看nginx版本和模块的对应关系
nginx版本和正向代理https的模块的对应关系
| nginx version | enable REWRITE phase | patch |
|---|---|---|
| 1.4.x ~ 1.12.x | NO | proxy_connect.patch |
| 1.4.x ~ 1.12.x | YES | proxy_connect_rewrite.patch |
| 1.13.x ~ 1.14.x | NO | proxy_connect_1014.patch |
| 1.13.x ~ 1.14.x | YES | proxy_connect_rewrite_1014.patch |
| 1.15.2 | YES | proxy_connect_rewrite_1015.patch |
| 1.15.4 ~ 1.16.x | YES | proxy_connect_rewrite_101504.patch |
| 1.17.x ~ 1.18.0 | YES | proxy_connect_rewrite_1018.patch |
| 1.19.x ~ 1.21.0 | YES | proxy_connect_rewrite_1018.patch |
| 1.21.1 ~ 1.22.0 | YES | proxy_connect_rewrite_102101.patch |
1 2 3 4 5 | ls /root/ngx_http_proxy_connect_module/patchproxy_connect_1014.patch proxy_connect_rewrite_1015.patchproxy_connect.patch proxy_connect_rewrite_1018.patchproxy_connect_rewrite_1014.patch proxy_connect_rewrite_102101.patchproxy_connect_rewrite_101504.patch proxy_connect_rewrite.patch |
github上开源了模块 https://github.com/chobits/ngx_http_proxy_connect_module
此处用的是nginx-1.17.6,对应proxy_connect_rewrite_1018.patch
配置nginx正向代理
下载后上传到服务器
1 2 | lsngx_http_proxy_connect_module-master.zip nginx-1.17.6.tar.gz |
解压nginx,解压模块并重命名
1 2 3 4 5 6 | tar xf nginx-1.17.6.tar.gzunzip ngx_http_proxy_connect_module-master.zipmv ngx_http_proxy_connect_module-master ngx_http_proxy_connect_modulelsngx_http_proxy_connect_module nginx-1.17.6 ngx_http_proxy_connect_module-master.zipnginx-1.17.6.tar.gz |
安装nginx
安装源码编译工具包,nginx依赖包
1 | yum -y install make gcc openssl openssl-devel pcre-devel zlib zlib-devel |
进入nginx解压后的目录
1 2 3 | cd nginx-1.17.6 ./configuremake && make install |
使用正向代理https的模块
查看nginx-1.17.6对应的https模块的具体位置
1 | ls /root/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch |
导入模块,再次编译安装
1 | patch -p1 |
配置正向代理
nginx默认安装在/usr/local/nginx/
1 | cd /usr/local/nginx/ |
修改配置文件
1 | vim conf/nginx.conf |
在 #gzip on; 下添加配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | #正向代理转发http请求server { #指定DNS服务器IP地址 resolver 114.114.114.114; #监听80端口,http默认端口80 listen 80; #服务器IP或域名 server_name localhost; #正向代理转发http请求 location / { proxy_pass http://$host$request_uri; proxy_set_header HOST $host; proxy_buffers 256 4k; proxy_max_temp_file_size 0k; proxy_connect_timeout 30; proxy_send_timeout 60; proxy_read_timeout 60; proxy_next_upstream error timeout invalid_header http_502; }}#正向代理转发https请求server { #指定DNS服务器IP地址 resolver 114.114.114.114; #监听443端口,https默认端口443 listen 443; #正向代理转发https请求 proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; location / { proxy_pass http://$host; proxy_set_header Host $host; }} |
检查配置文件是否有错误sbin/nginx -t
创建nginx用户,用来运行nginx
1 | useradd nginx |
启动服务
1 | sbin/nginx |
验证正向代理
1 2 | curl -I http://www.baidu.com/ -v -x 127.0.0.1:80curl -I https://www.baidu.com/ -v -x 127.0.0.1:443 |
验证正向代理http 200 ok
1 2 3 4 5 6 7 8 9 10 | curl -I http://www.baidu.com/ -v -x 127.0.0.1:80* About to connect() to proxy 127.0.0.1 port 80 (#0)* Trying 127.0.0.1...* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)> HEAD http://www.baidu.com/ HTTP/1.1> User-Agent: curl/7.29.0> Host: www.baidu.com> Accept: */*> Proxy-Connection: Keep-Alive> |
验证正向代理https 200 ok
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | curl -I https://www.baidu.com/ -v -x 127.0.0.1:443* About to connect() to proxy 127.0.0.1 port 443 (#0)* Trying 127.0.0.1...* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)* Establish HTTP proxy tunnel to www.baidu.com:443> CONNECT www.baidu.com:443 HTTP/1.1> Host: www.baidu.com:443> User-Agent: curl/7.29.0> Proxy-Connection: Keep-Alive> HEAD / HTTP/1.1> User-Agent: curl/7.29.0> Host: www.baidu.com> Accept: */*> |
到此这篇关于nginx正向代理http和https的实现步骤的文章就介绍到这了,更多相关nginx正向代理http和https内容请搜索IT俱乐部以前的文章或继续浏览下面的相关文章希望大家以后多多支持IT俱乐部!
