使用nginx制作正向透明代理,支持https

原创 sauren  2019-07-30 16:52  阅读 257 views 次 评论 0 条

所谓正向代理,是指内网用户设置代理服务器的IP及端口实现访问公网的访问方式,我们常用的代理IP就属于该种设置。

nginx 自带的proxy 可以实现正向代理功能,但是不支持https ,所以我们需要使ngx_http_proxy_connect_module模块,其github地址为:https://github.com/chobits/ngx_http_proxy_connect_module。

安装教程,依赖包安装:

apt-get install libreadline-dev libncurses5-dev libpcre3-dev libssl-dev perl make build-essential

正式安装:

cd /tmp
wget https://openresty.org/download/openresty-1.15.8.1.tar.gz
tar -zxvf openresty-1.15.8.1.tar.gz
cd openresty-1.15.8.1
git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
./configure --add-module=./ngx_http_proxy_connect_module
patch -d build/nginx-1.15.8/ -p 1 < ./ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_101504.patch
make && make install

编译完成后会显示如下:

ln -sf /usr/local/openresty/nginx/sbin/nginx /usr/local/openresty/bin/openresty

确认安装的路径。

 

修改代理配置文件:

vi /usr/local/openresty/nginx/conf/nginx.conf
#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

   

    sendfile        on;



    keepalive_timeout  65;

   

  
        #charset koi8-r;

        #access_log  logs/host.access.log  main;

    
        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        
        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fast
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

server {
     listen                         3128;

     # dns resolver used by forward proxying
     resolver                       8.8.8.8;

     # forward proxy for CONNECT request
     proxy_connect;
     proxy_connect_allow            443 563;
     proxy_connect_connect_timeout  10s;
     proxy_connect_read_timeout     10s;
     proxy_connect_send_timeout     10s;

     # forward proxy for non-CONNECT request
     location / {
         proxy_pass http://$host;
         proxy_set_header Host $host;
     }
 }

}

保存后启动nginx即可。配置中修改listen  即可更改代理的端口。

本文地址:/archives/246.html
版权声明:本文为原创文章,版权归 sauren 所有,欢迎分享本文,转载请保留出处!
高性能云服务器特惠

发表评论


表情