«

Nginx配置正向代理支持HTTP和HTTPS转发部署过程(步骤)

时间:2023-3-11 17:09     作者:Anglei     分类: Linux


nginx正向代理不支持https,如果想要使用需要安装以下的补丁

参考文档:
https nginx补丁
https://github.com/chobits/ngx_http_proxy_connect_module
直接上下载地址:
https://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/heads/master.zip

安装编译环境和工具

# yum install gcc gcc-c++ autoconf automake -y
# yum install pcre pcre-devel -y
# yum install openssl openssl-devel -y
# yum install patch -y
# yum install git -y
# yum install net-tools -y

安装Nginx和ngx_http_proxy_connect_module模块

# mkdir -p /downloads
# cd /downloads
# git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
# wget http://nginx.org/download/nginx-1.15.12.tar.gz
# tar -xzvf nginx-1.15.12.tar.gz
# cd nginx-1.15.12/
# patch -p1 < /downloads/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_101504.patch
# ./configure --add-module=/downloads/ngx_http_proxy_connect_module
# make && make install

修改Nginx配置文件
Nginx目录:/usr/local/nginx
修改Nginx目录下conf/nginx.conf配置文件,在http中添加以下内容:

server {  

    resolver 114.114.114.114; 
    listen 8080;  
    location / {  
        proxy_pass http://$http_host$request_uri;
        proxy_set_header HOST $http_host;
        proxy_buffers 256 4k;
        proxy_max_temp_file_size 0k; 
        proxy_connect_timeout 30;
        proxy_send_timeout 60;
        proxy_read_timeout 60;
        proxy_next_upstream error timeout invalid_header http_502;
    }  

}

server {

     listen                         8443;
     # dns resolver used by forward proxying
     resolver                       114.114.114.114;
     # forward proxy for CONNECT request
     proxy_connect;
     proxy_connect_allow            443 563;
     proxy_connect_connect_timeout  10s;
     proxy_connect_read_timeout     10s;
     proxy_connect_send_timeout     10s;
     # forward proxy for non-CONNECT request

     location / {
         proxy_pass http://$host;
         proxy_set_header Host $host;

     }

 }

启动Nginx
运行./sbin/nginx启动Nginx。

Nginx命令参考:

Start Nginx

# ./sbin/nginx

Reload Nginx configuration

# ./sbin/nginx -s reload

Stop Nginx

# ./sbin/nginx -s stop

查看端口

# netstat -tnlp | grep 8080
# netstat -tnlp | grep 8443

打开防火墙

# firewall-cmd --zone=public --add-port=8080/tcp
# firewall-cmd --zone=public --add-port=8080/tcp --permanent
# firewall-cmd --zone=public --add-port=8443/tcp
# firewall-cmd --zone=public --add-port=8443/tcp --permanent
# firewall-cmd --reload

测试代理

Test HTTP proxy

curl --proxy 192.168.87.123:8080 http://www.baidu.com

Test HTTPS proxy

curl --proxy 192.168.87.123:8443 https://www.baidu.com

客户端需要设置代理

export http_proxy="http://192.168.87.123:8080"
export https_proxy="http://192.168.87.123:8443"

如果永久生效需要写在/etc/profile文件中

source /etc/pofile 进行生效

本文完结,相关标签: nginx

 版权所有:Anglei
 文章标题:Nginx配置正向代理支持HTTP和HTTPS转发部署过程(步骤)
 除非注明,本站文章如未特殊说明均为 MAXADA社区知识库 原创,且版权所有,请勿用于任何商业用途。

推荐阅读:

看完后感想如何?

路过(0)

雷人(0)

握手(0)

鲜花(0)

鸡蛋(0)
分享到: