openEuler 欧拉系统nginx正向代理 http https —— 筑梦之路
正向代理
Nginx正向代理,通过服务器代理客户端去重定向请求访问到目标服务器的一种代理服务。对于目标服务器来说浏览器/客户端是隐藏的。Nginx 正向代理默认只支持http 协议,不支持 https 协议,需借助"ngx_http_proxy_connect_module"模块实现https 正向代理。
GitHub - chobits/ngx_http_proxy_connect_module: A forward proxy module for CONNECT request handling
准备编译安装环境
dnf install libxml2 libxml2-devel libxslt-devel gcc gcc-c++ make pcre pcre-devel zlib zlib-devel openssl openssl-devel patch perl-ExtUtils-Embed gd-devel geoip-devel gperftools gperftools-devel
nginx添加ngx_http_proxy_connect_module模块并重新编译nginx
wget -P /opt http://nginx.org/download/nginx-1.21.5.tar.gz
tar -xzvf /opt/nginx-1.21.5.tar.gz
cd /opt/nginx-1.21.5
patch -p1 < /opt/ngx_http_proxy_connect_module-master/patch/proxy_connect_rewrite_102101.patch
./configure --add-module=/opt/ngx_http_proxy_connect_module
make -j8 && make install
patch命令的用法,-p1 : 1代表跳过的层级数字
执行make & make install进行编译及安装(注意:如果已经yum/dnf安装nginx,执行make 后不要执行 make install)
配置文件示例
server {
listen 8443;
resolver 223.5.5.5 114.114.114.114 valid=300s;
resolver_timeout 10s;
#server_name localhost;
proxy_connect;
proxy_connect_allow 443 80;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_set_header Host $host;
proxy_pass $scheme://$http_host$request_uri;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_next_upstream error timeout invalid_header http_502;
}
}
测试代理
# 本机上测试
curl -I --proxy localhost:8443 http://nginx.org
curl -I --proxy localhost:8443 https://www.baidu.com
# linux客户端上测试
vim /etc/profile
export http_proxy=http://192.168.199.107:8443
export https_proxy=http://192.168.199.107:8443
# 全局代理
export ALL_PROXY='192.168.99.107:8443'
正向代理账户认证
htpasswd -c -d /etc/nginx/.passwd username
location /proxy-auth {
auth_basic "secret";
auth_basic_user_file "/etc/nginx/.passwd";
}
curl -I --proxy localhost:8443 http://nginx.org -U username:passwd