- 目标: 访问不同站点都使用某服务器代理出去, 比如访问内网的多个站点, 而这些站点有些可能有https或websocket
- 难点: websocket的反向代理比较简单, 但nginx原生是不支持https和websocket的正向代理的, 因为他们需要支持connect请求
CONNECT baidu.com:443 HTTP/1.1
Host: baidu.com:443
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
HTTP/1.0 200 Connection Established //如果不适用插件这里会返回400 bad request错误
Proxy-agent: nginx
- 解决方案: 使用ngx_http_proxy_connect_module第三方组件, https://github.com/chobits/ngx_http_proxy_connect_module
具体配置文件如下:
server {
listen 18080;
resolver 8.8.8.8;
#proxy_cache mem_cache;
#proxy_max_temp_file_size 4m;
# forward proxy for CONNECT request
proxy_connect;
proxy_connect_allow all;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 100000s; #这个值要大, 否则会一段时间websocket短一次
proxy_connect_send_timeout 10s;
location /{
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_connect_timeout 60;
proxy_send_timeout 120;
proxy_read_timeout 120;
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/conf/passwd.db;
}
}