nginx正向代理https是需要安装ngx_http_proxy_connect_module模块,并不是所有版本都可以的
下载源码之前参考https://gitee.com/mirrors_addons/ngx_http_proxy_connect_module.git支持的版本下载
1、下载软件nginx源码,并解压:
[root@sm ~]# cd /mnt/
[root@sm mnt]# wget http://nginx.org/download/nginx-1.12.2.tar.gz
[root@sm mnt]# tar -xzvf nginx-1.12.2.tar.gz
2、下载ngx_http_proxy_connect_module模块:
[root@sm mnt]# yum install git -y
[root@sm mnt]# git clone https://gitee.com/mirrors_addons/ngx_http_proxy_connect_module.git
[root@sm mnt]# ls -l ngx_http_proxy_connect_module/patch/ #根据你选择的nginx选择补丁
total 72
-rw-r--r-- 1 root root 9849 Nov 20 09:30 proxy_connect_1014.patch
-rw-r--r-- 1 root root 9697 Nov 20 09:30 proxy_connect.patch
-rw-r--r-- 1 root root 9408 Nov 20 09:30 proxy_connect_rewrite_1014.patch
-rw-r--r-- 1 root root 9505 Nov 20 09:30 proxy_connect_rewrite_101504.patch
-rw-r--r-- 1 root root 9496 Nov 20 09:30 proxy_connect_rewrite_1015.patch
-rw-r--r-- 1 root root 9337 Nov 20 09:30 proxy_connect_rewrite.patch
3、先安装patch并如下执行:
root@sm mnt]# yum install patch -y
[root@sm mnt]# cd /mnt/nginx-1.12.2/src/http #选择目录
[root@sm http]# patch < /mnt/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite.patch
patching file ngx_http_core_module.c
Hunk #1 succeeded at 942 (offset 20 lines).
Hunk #2 succeeded at 1183 (offset 18 lines).
patching file ngx_http_parse.c
patching file ngx_http_request.c
Hunk #1 succeeded at 974 (offset 6 lines).
Hunk #2 succeeded at 1584 (offset 11 lines).
patching file ngx_http_request.h
Hunk #2 succeeded at 407 (offset 3 lines).
patching file ngx_http_variables.c
Hunk #1 succeeded at 159 (offset 7 lines).
4.开始源码安装nginx了
[root@sm http]# cd /mnt/nginx-1.12.2/
[root@sm nginx-1.12.2]# yum install gcc gcc-c++ pcre-devel openssl openssl-devel -y
[root@sm nginx-1.12.2]# ./configure --add-module=/mnt/ngx_http_proxy_connect_module --with-http_ssl_module #ngx_http_proxy_connect_module补丁模块目录
[root@sm nginx-1.12.2]# make && make install
[root@sm nginx-1.12.2]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --add-module=/mnt/ngx_http_proxy_connect_module --with-http_ssl_module
5.编辑配置文件:
[root@sm nginx-1.12.2]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 8080; #设备监听端口
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
resolver 8.8.8.8; #代理使用的DNS
#forward proxy for CONNECT request
proxy_connect; #以下是代理参数
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_pass http://$host; #设置代理url信息参数
proxy_set_header Host $host; #代理的head参数
root html;
index index.html index.htm;
}
}
6.启动Nginx服务:
[root@sm nginx-1.12.2]# /usr/local/nginx/sbin/nginx #启动服务
-----------------------------------------------------
7.测试百度网站的http和https的代理访问结果成功:
[root@sm ~]# curl -I http://www.baidu.com -v -x 127.0.0.1:8080
* About to connect() to proxy 127.0.0.1 port 8080 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> HEAD http://www.baidu.com/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.baidu.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: nginx/1.12.2
Server: nginx/1.12.2
< Date: Wed, 20 Nov 2019 14:57:18 GMT
Date: Wed, 20 Nov 2019 14:57:18 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 277
Content-Length: 277
< Connection: keep-alive
Connection: keep-alive
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
< Etag: "575e1f72-115"
Etag: "575e1f72-115"
< Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT
Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT
< Pragma: no-cache
Pragma: no-cache
<
* Connection #0 to host 127.0.0.1 left intact
[root@sm ~]#
[root@sm ~]#
8.远程机器测试代理:
curl cip.cc -x 120.78.xx.xx:8080
[root@iz8nz ~]# curl cip.cc -x 120.78.xx.xx:8080
IP : 120.78.64.42
地址 : 中国 广东 深圳
运营商 : 阿里云/电信/联通/移动/铁通/教育网
数据二 : 广东省深圳市 | 阿里云
数据三 : 中国广东深圳 | 阿里云
URL : http://www.cip.cc/120.78.xx.xx
9.配置nginx开机自动启动
vi /lib/systemd/system/nginx.service
添加内容如下:
[Unit]
Description=nginx service
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target