Nginx 正向代理
Nginx正向代理,通过服务器代理客户端去重定向请求访问到目标服务器的一种代理服务。对于目标服务器来说浏览器/客户端是隐藏的。Nginx 正向代理默认只支持http 协议,不支持 https 协议,需借助"ngx_http_proxy_connect_module"模块实现https 正向代理。
Nginx官网
http://nginx.org/en/download.html
ngx_http_proxy_connect_module 模块
https://github.com/chobits/ngx_http_proxy_connect_module
nginx 版本对应patch补丁包
软件包依赖
dnf install libxml2 libxml2-devel libxslt-devel gcc gcc-c++ make pcre pcre-devel zlib zlib-devel openssl openssl-devel patch perl-ExtUtils-Embed gd-devel geoip-devel gperftools gperftools-devel
ngx_http_proxy_connect_module 源码压缩包
unzip ngx_http_proxy_connect_module-master.zip
mv ngx_http_proxy_connect_module-master /opt/ngx_http_proxy_connect_module
nginx添加ngx_http_proxy_connect_module模块并重新编译nginx
wget -P /opt http://nginx.org/download/nginx-1.21.5.tar.gz
tar -xzvf /opt/nginx-1.21.5.tar.gz
cd /opt/nginx-1.21.5
patch -p1 < /opt/ngx_http_proxy_connect_module-master/patch/proxy_connect_rewrite_102101.patch
./configure --add-module=/opt/ngx_http_proxy_connect_module
make -j8 && make install
执行make & make install进行编译及安装(注意:如果已经yum/dnf安装nginx,执行make 后不要执行 make install)
make 执行完成在objs目录下生成一个nginx执行文件
cd /opt/nginx-1.21.5/objs/
./nginx -V
nginx执行文件替换,并重启服务
cp /opt/nginx-1.21.5/objs/nginx /usr/sbin/nginx
systemctl restart nginx
nginx 配置文件
/etc/nginx/conf.d/httpproxy.conf
server {
listen 8443;
resolver 223.5.5.5 114.114.114.114 valid=300s;
resolver_timeout 10s;
#server_name localhost;
proxy_connect;
proxy_connect_allow 443 80;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_set_header Host $host;
proxy_pass $scheme://$http_host$request_uri;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_next_upstream error timeout invalid_header http_502;
}
}
重启nginx服务
systemctl restart nginx
检查nginx配置文件
nginx -t
生效配置
nginx -s reload
查看监听端口
netstat -auntlp |grep 8443
Firewall 防火墙
firewall-cmd --add-port=8443/tcp --permanent
firewall-cmd --reload
测试代理响应
curl -I --proxy localhost:8443 http://nginx.org
curl -I --proxy localhost:8443 https://www.baidu.com
Linux 客户端配置
vim /etc/profile
export http_proxy=http://192.168.99.107:8443
export https_proxy=http://192.168.99.107:8443
全局代理
export ALL_PROXY='192.168.99.107:8443'
重载配置文件
source /etc/profile
正向代理账户认证
创建密码文件
htpasswd -c -d /etc/nginx/.passwd username
nginx 配置文件
location /proxy-auth {
auth_basic "secret";
auth_basic_user_file "/etc/nginx/.passwd";
}
重载配置文件
nginx -s reload
账户认证测试
curl -I --proxy localhost:8443 http://nginx.org -U username:passwd
控制中心--网络--系统代理