编译安装ngx_http_proxy_module模块的nginx,实现正向代理
有的小伙伴在上期视频中应该已经一键安装了apt install nginx一键安装部署过了,这次视频讲解的是安装过的小伙伴如何更新Nginx集成ngx模块,和未安装过的小伙伴如何全新编译安装。
https://www.bilibili.com/video/BV1Mz4y1L7hp/?vd_source=0eb674510a1d068b0519b8e9ed4466ab
Nginx的编译安装
(可卸载后重装,本文以nginx1.9.12为例,也可覆盖安装,具体操作如下,我这个上期已经安装过了 就选择覆盖安装了,首先开始查看一下当前版本)
$ nginx -V
nginx version: nginx/1.22.0 (Ubuntu) //版本号是1.22.0
built with OpenSSL 3.0.7 1 Nov 2022 (running with OpenSSL 3.0.8 7 Feb 2023)
TLS SNI support enabled
./configure --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-TwrMyt/nginx-1.22.0=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fdebug-prefix-map=/build/nginx-TwrMyt/nginx-1.22.0=/usr/src/nginx-1.22.0-1ubuntu3 -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --add-dynamic-module=/build/nginx-TwrMyt/nginx-1.22.0/debian/modules/http-geoip2 --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --add-module=/home/ooyy/ngx_http_proxy_connect_module/
得到了这一串 主要是configure,先存一下 备用。
//安装编译所需依赖,等待执行完成就行。
# sudo apt install build-essential openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev
//当前路径,也是后面两个包的存放路径,我就放在这边了
/home/ooyy
//提示我没有git指令,安装一下,新安装的系统有很多都是这个情况的,安装完成了 重新执行git clone
Command 'git' not found, but can be installed with:
# sudo apt install git
//下载ngx包,用于实现正向代理
$ git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
ooyy@ooyy-VMware-Virtual-Platform:~$ git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
Cloning into 'ngx_http_proxy_connect_module'...
remote: Enumerating objects: 787, done.
remote: Counting objects: 100% (389/389), done.
remote: Compressing objects: 100% (179/179), done.
remote: Total 787 (delta 241), reused 334 (delta 203), pack-reused 398
Receiving objects: 100% (787/787), 243.86 KiB | 456.00 KiB/s, done.
Resolving deltas: 100% (443/443), done.
//下载nginx安装包,这里的版本是1.9.12,系统内的版本是1.22.0,没代理 稍微慢点,也可以离线下载在这个目录解包
$ wget http://nginx.org/download/nginx-1.22.0.tar.gz
Resolving nginx.org (nginx.org)... 3.125.197.172, 52.58.199.22, 2a05:d014:edb:5704::6, ...
Connecting to nginx.org (nginx.org)|3.125.197.172|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1073322 (1.0M) [application/octet-stream]
Saving to: ‘nginx-1.22.0.tar.gz’
nginx-1.22.0.tar.gz 100%[==============================>] 1.02M 11.8KB/s in 81s
2023-09-17 14:18:03 (12.9 KB/s) - ‘nginx-1.22.0.tar.gz’ saved [1073322/1073322]
//解压nginx包,这里记得改
$ tar -xzvf nginx-1.22.0.tar.gz
//进入nginx源代码包
$ cd nginx-1.22.0/
//打布丁 我的ngx存放在,1.22.0版本 对于的ngx包路径我改下,要与实际路径保持一致
/home/ooyy1102/ngx_http_proxy_connect_module/patch/proxy_connect.patch
这里按照实际情况填,最好不要直接复制,不确定路径的可以pwd看一下。
$ patch -p1 < /home/ooyy1102/ngx_http_proxy_connect_module/patch/proxy_connect.patch
这里一定要到nginx包下执行
$ patch -p1 < /home/ooyy/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch
ooyy@ooyy-VMware-Virtual-Platform:~/nginx-1.22.0$ patch -p1 < /home/ooyy/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch
patching file src/http/ngx_http_core_module.c
patching file src/http/ngx_http_parse.c
patching file src/http/ngx_http_request.c
patching file src/http/ngx_http_request.h
patching file src/http/ngx_http_variables.c
//执行configure,这里就用到了开头的获取到的信息
# ./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --conf-path=/etc/nginx/nginx.conf --add-module=/home/ooyy1102/ngx_http_proxy_connect_module/
//这里哪里报错删哪里就行, 注意$别复制进去了,好了 出现这个就说明可以了,后面进行编译安装
$ ./configure --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-TwrMyt/nginx-1.22.0=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fdebug-prefix-map=/build/nginx-TwrMyt/nginx-1.22.0=/usr/src/nginx-1.22.0-1ubuntu3 -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --add-module=/home/ooyy/ngx_http_proxy_connect_module/
Configuration summary
+ using threads
+ using system PCRE library
+ using system OpenSSL library
+ using system zlib library
nginx path prefix: "/usr/share/nginx"
nginx binary file: "/usr/share/nginx/sbin/nginx"
nginx modules path: "/usr/lib/nginx/modules"
nginx configuration prefix: "/etc/nginx"
nginx configuration file: "/etc/nginx/nginx.conf"
nginx pid file: "/run/nginx.pid"
nginx error log file: "/var/log/nginx/error.log"
nginx http access log file: "/var/log/nginx/access.log"
nginx http client request body temporary files: "/var/lib/nginx/body"
nginx http proxy temporary files: "/var/lib/nginx/proxy"
nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
nginx http uwsgi temporary files: "/var/lib/nginx/uwsgi"
nginx http scgi temporary files: "/var/lib/nginx/scgi"
//编译前最好把在运行的nginx杀掉,刚忘了。
//Permission denied,权限有问题,好了 我们看一下是否正常了,我查下
添加模块的时候 这里不直接安装就可以了 需要手动替换一下
make && make install
编译过程中报错解决方案:
进入objs/Makefile,打开Makefile文件将编译选项中的CFLAGS = -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -werror -g中的“-werror"删除
解决完成后,重新编译
//编译完成后,执行以下命令,启动nginx
# /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
# ps -ef|grep nginx
root 15285 1 0 00:23 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 15286 15285 0 00:23 ? 00:00:00 nginx: worker process
root 21684 12482 0 00:41 pts/0 00:00:00 grep --color=auto nginx
//查看服务是否正常,80端口是否启用
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 关闭 (0.00/0/0)
unix 3 [ ] 流 已连接 20804 /run/systemd/journal/stdout
unix 3 [ ] 流 已连接 23803 /run/user/1000/bus
unix 3 [ ] 流 已连接 20806 /run/systemd/journal/stdout
unix 3 [ ] 流 已连接 26280 /tmp/dbus-YykxWcM3
unix 3 [ ] 流 已连接 22580 /run/user/120/at-spi/bus
unix 3 [ ] 流 已连接 20805
unix 2 [ ] 数据报 23807
unix 2 [ ] 数据报 已连接 18803
unix 3 [ ] 流 已连接 21580 /run/dbus/system_bus_socket
未安装过Nginx的Nginx部署优化
我不演示了 直接看一下效果。
//配置环境变量
¥ vim /etc/profile
//添加NGINX路径
export NGINX_HOME=/usr/local/nginx //这里的安装路径是nginx的目录 ,我们看下我这台服务器是多少
export PATH=$PATH:$NGINX_HOME/sbin
//编译nginx.services 服务 ,新建一个nginx.services 服务
# vim /usr/lib/systemd/system/nginx.service
//将以下内容复制到nginx.service
[Unit]
#描述服务
Description=nginx - high performance web server
#描述服务类别
After=network.target remote-fs.target nss-lookup.target#服务的一些具体运行参数的设置
[Service]
#后台运行的形式
Type=forking
#PID文件的路径
PIDFile=/usr/local/nginx/logs/nginx.pid
#启动准备
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
#启动命令
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
#重启命令
ExecReload=/usr/local/nginx/sbin/nginx -s reload
#停止命令
ExecStop=/usr/local/nginx/sbin/nginx -s stop
#快速停止
ExecQuit=/usr/local/nginx/sbin/nginx -s quit
#给服务分配临时空间
PrivateTmp=true#服务用户的模式
[Install]
WantedBy=multi-user.target
//应用service更改
# sudo systemctl daemon-reload
备用方案
vim /usr/lib/systemd/system/nginx.service
[Util]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecStop=/bin/kill -s QUIT $MAINPID
Exexreload=/bin/kill -s HUP $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
// 创建目录,并在目录中新增systemd启动配置
# sudo mkdir -p /etc/systemd/system/nginx.service.d && printf "IServiceJ\nExecStartPost=/bin/sleep 1\n">/etc/systemd/system/nginx.service.d/override.conf
// 重启服务,如果以下命令不能执行 +sudo ,配置完成后就进行以下操作进行检验就行了
systemctl daemon-reload //重载daemon
systemctl restart nginx //重启nginx
systemctl status nginx //查看nginx状态
systemctl enable nginx //设置开机启动
Nginx正向代理
// 首先查找一个空端口,这里查找8082
Command ‘netstat’ not found, but can be installed with:
apt install net-tools
netstat -ano |grep 8082 //执行没结果说明端口没被占用
我们找一下nginx配置文件
vim /usr/local/nginx/conf/nginx.conf
/etc/nginx
每个人路径不一样 ,然后把多余的字段都删掉,复制下文
保存一下
http://10.10.1.88,之前做的变更已经生效了
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8080; //这里我把端口改成了8080,重新拉一下配置
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
server {
resolver 114.114.114.114 ;
resolver_timeout 10s;
listen 8082; //这里我把全局代理的端口放在了8082
proxy_connect; #启用 CONNECT HTTP方法
proxy_connect_allow 80 443; #指定代理CONNECT方法可以连接的端口号或范围的列表
proxy_connect_connect_timeout 20s; #定义客户端与代理服务器建立连接的超时时间
proxy_connect_read_timeout 20s; #定义客户端从代理服务器读取响应的超时时间
proxy_connect_send_timeout 20s; #设置客户端将请求传输到代理服务器的超时时间
location / {
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0;
proxy_connect_timeout 30;
}
access_log /home/ooyy/nginx/proxy/access.log; //这两 需要注意一下,需要提前把目录建好
error_log /home/ooyy/nginx/proxy/error.log;
}
}
按要求配置一下环境变量 ,复制进去就行
#http代理,ip是nginx的ip,
export http_proxy="http://127.0.0.1:8082"
#https代理
export https_proxy="http://127.0.0.1:8082"
#不需要代理的ip,访问这些ip,不会走代理
#export proxy="http://{127.0.0.1}:8080"
#export http_proxy=$proxy
#export https_proxy=$proxy
export no_proxy="127.0.0.1, localhost"
root@ooyy-VMware-Virtual-Platform:/home/ooyy/nginx# curl http://www.baidu.com
Command ‘curl’ not found, but can be installed with:
snap install curl # version 8.1.2, or
apt install curl # version 7.88.1-8ubuntu2.2
See ‘snap info curl’ for additional versions.
我试一下能不能用
$ curl http://www.baidu.com
<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=http://s1.bdstatic.com/r/www/cache/bdorz/baidu.min.css><title>百度一下,你就知道</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> <div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=//www.baidu.com/img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=//www.baidu.com/s class=fm> <input type=hidden name=bdorz_come value=1> <input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr"><input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=百度一下 class="bg s_btn"></span> </form> </div> </div> <div id=u1> <a href=http://news.baidu.com name=tj_trnews class=mnav>新闻</a> <a href=http://www.hao123.com name=tj_trhao123 class=mnav>hao123</a> <a href=http://map.baidu.com name=tj_trmap class=mnav>地图</a> <a href=http://v.baidu.com name=tj_trvideo class=mnav>视频</a> <a href=http://tieba.baidu.com name=tj_trtieba class=mnav>贴吧</a> <noscript> <a href=http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2f%3fbdorz_come%3d1 name=tj_login class=lb>登录</a> </noscript> <script>document.write('<a href="http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponent(window.location.href+ (window.location.search === "" ? "?" : "&")+ "bdorz_come=1")+ '" name="tj_login" class="lb">登录</a>');</script> <a href=//www.baidu.com/more/ name=tj_briicon class=bri style="display: block;">更多产品</a> </div> </div> </div> <div id=ftCon> <div id=ftConw> <p id=lh> <a href=http://home.baidu.com>关于百度</a> <a href=http://ir.baidu.com>About Baidu</a> </p> <p id=cp>©2017 Baidu <a href=http://www.baidu.com/duty/>使用百度前必读</a> <a href=http://jianyi.baidu.com/ class=cp-feedback>意见反馈</a> 京ICP证030173号 <img src=//www.baidu.com/img/gs.gif> </p> </div> </div> </div> </body> </html>
看一下日志
127.0.0.1 - - [17/Sep/2023:16:53:10 +0800] “GET http://cn.archive.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.88.1-8ubuntu2.2_amd64.deb HTTP/1.1” 302 138 “-” “Debian APT-HTTP/1.3 (2.6.0) non-interactive”
127.0.0.1 - - [17/Sep/2023:16:53:10 +0800] “GET http://mirrors.tuna.tsinghua.edu.cn/ubuntu/pool/main/c/curl/curl_7.88.1-8ubuntu2.2_amd64.deb HTTP/1.1” 200 209472 “-” “Debian APT-HTTP/1.3 (2.6.0) non-interactive”
127.0.0.1 - - [17/Sep/2023:16:53:16 +0800] “GET http://www.baidu.com/ HTTP/1.1” 200 2381 “-” “curl/7.88.1”
127.0.0.1 - - [17/Sep/2023:17:01:38 +0800] “GET http://www.baidu.com/ HTTP/1.1” 200 2381 “-” “curl/7.88.1”
127.0.0.1 - - [17/Sep/2023:17:03:06 +0800] “GET http://10.10.1.88:8080/ HTTP/1.1” 200 619 “-” “curl/7.88.1”