Nginx配置网络分流，监听80和443端口（Ubuntu22.04）

__JackyLiu__

已于 2023-11-29 14:32:22 修改

阅读量3.2k

点赞数 1

分类专栏： Linux 文章标签：网络 nginx linux

于 2023-08-22 13:07:06 首次发布

本文链接：https://blog.csdn.net/i156456365/article/details/132425139

版权

Linux 专栏收录该内容

4 篇文章 0 订阅

订阅专栏

1.Nginx安装

sudo apt update && sudo apt install nginx

启动

sudo systemctl start nginx

重载配置

systemctl reload nginx.service

查看状态

systemctl status nginx.service

2.Nginx配置修改

文件目录

/etc/nginx/nginx.conf

1.80端口

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
  worker_connections 768;
}

http {

 server {
    listen 80 default_server; #监听地址
    listen [::]:80 default_server;

   ssl_protocols         TLSv1.2 TLSv1.3;
   ssl_ciphers           ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
   ssl_prefer_server_ciphers off;
location / {
  proxy_pass https://www.bing.com; #伪装网址
  proxy_ssl_server_name on;
  proxy_redirect off;
  sub_filter_once off;
  sub_filter "www.bing.com" $server_name;
  proxy_set_header Host "www.bing.com";
  proxy_set_header Referer $http_referer;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header User-Agent $http_user_agent;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto https;
  proxy_set_header Accept-Encoding "";
  proxy_set_header Accept-Language "zh-CN";
    }

   location /xraypath {
    proxy_redirect off;
    proxy_pass http://127.0.0.1:8388; #下游服务器
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

   location /panelpath {
    proxy_redirect off;
    proxy_pass http://127.0.0.1:9999; #下游服务器
    proxy_http_version 1.1;
    proxy_set_header Host $host;
   }
 }
}

80端口尚未添加http2参数

2.443端口

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
}

http {

    server {
        listen 443 ssl http2 default_server;  # 添加http2参数
        listen [::]:443 ssl http2 default_server;  # 添加http2参数

        # 提供SSL证书和私钥的路径
        ssl_certificate /root/x.cer;  # 这是您的fullchain证书文件路径
        ssl_certificate_key /root/x.key;  # 这是您的私钥文件路径

        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_prefer_server_ciphers off;

        location / {
            proxy_pass https://www.bing.com; #伪装网址
            proxy_ssl_server_name on;
            proxy_redirect off;
            sub_filter_once off;
            sub_filter "www.bing.com" $server_name;
            proxy_set_header Host "www.bing.com";
            proxy_set_header Referer $http_referer;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header User-Agent $http_user_agent;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header Accept-Encoding "";
            proxy_set_header Accept-Language "zh-CN";
        }

        location /xraypath {
            proxy_redirect off;
            proxy_pass https://127.0.0.1:8388;  # 更改为https
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            # 添加以下SSL相关的配置
            proxy_ssl_certificate /root/x.cer;  # 客户端证书路径（如果需要）
            proxy_ssl_certificate_key /root/x.key;  # 客户端私钥路径（如果需要）
            proxy_ssl_trusted_certificate /root/ca.cer;  # 信任的CA证书路径
            proxy_ssl_protocols TLSv1.2 TLSv1.3;
            proxy_ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256';
}


        location /panelpath {
            proxy_redirect off;
            proxy_pass https://127.0.0.1:9999;  # 注意这里已经更改为https
            proxy_http_version 1.1;
            proxy_set_header Host $host;

            # 添加以下SSL相关的配置，以确保Nginx可以验证上游服务器的证书，如果只是用面板证书可以不写单独验证证书
            proxy_ssl_certificate /root/x.cer;  # 客户端证书路径（如果需要）
            proxy_ssl_certificate_key /root/x.key;  # 客户端私钥路径（如果需要）
            proxy_ssl_trusted_certificate /root/ca.cer;  # 信任的CA证书路径
            proxy_ssl_protocols TLSv1.2 TLSv1.3;
            proxy_ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256';
}

    }
}