一、nginx正向代理介绍及配置(需要在客户端配置代理服务器进行指定网站访问)
#模块 ngx_http_proxy_module: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header
1、环境介绍
代理服务器系统环境为:centos
nginx代理服务器为:192.168.10.10
测试客户端为局域网内任意windows电脑或Linux电脑
2、正向代理简介
通过代理服务器来访问服务器的过程 就叫 正向代理。(常见示例,通过正向代理进行上网功能)
3、nginx正向代理的配置
3.1 http 80端口访问
3.2 https 443端口访问。
一个处理HTTP转发,另一个处理HTTPS转发,而客户端都通过HTTP来访问代理,通过访问代理不同的端口,来区分HTTP和HTTPS请求。
##/usr/local/nginx/conf/nginx.conf
server {
resolver 114.114.114.114; #resolver 定义域名解析。改成一个不存在的ip都不影响。
listen 80;
resolver_timeout 5s; #用于设置DNS服务器域名解析超时时间
access_log /usr/local/openresty/nginx/logs/access.log;
error_log /usr/local/openresty/nginx/logs/error.log;
location / {
proxy_redirect off;
proxy_pass http://$host$request_uri; #设定代理服务器的协议和地址
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffers 256 4k; #配置缓存大小,关闭磁盘缓存读写减少I/O,以及代理连接超时时间。
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_next_upstream error timeout invalid_header http_502;
proxy_cache_valid 200 302 10m; #配置代理服务器 Http 状态缓存时间。
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
}
}
server {
resolver 114.114.114.114; #指定DNS服务器IP地址
listen 443;
resolver_timeout 5s;
access_log /usr/local/openresty/nginx/logs/access.log;
error_log /usr/local/openresty/nginx/logs/error.log;
location / {
proxy_pass https://$http_host$request_uri; #设定代理服务器的协议和地址
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_next_upstream error timeout invalid_header http_502;
}
}
# /usr/local/nginx/sbin/nginx -s reload
4、Linux客户端访问测试
#http的访问测试
# curl -I --proxy 192.168.10.10:80 www.baidu.com
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Mon, 11 Jun 2018 15:37:47 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 31 May 2018 09:28:16 GMT
Connection: keep-alive
ETag: "5b0fc030-264"
Accept-Ranges: bytes
https的访问测试
# curl -I --proxy 192.168.10.10:443 www.baidu.com
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Mon, 11 Jun 2018 15:38:07 GMT
Content-Type: text/html
Content-Length: 277
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Etag: "575e1f5c-115"
Last-Modified: Mon, 13 Jun 2016 02:50:04 GMT
Pragma: no-cache
5、设置Linux客户端全局代理
# vim /etc/profile
export http_proxy='192.168.10.10:80'
export http_proxy='192.168.10.10:443'
export ftp_proxy='192.168.10.10:80'
# source /etc/profile
# curl -I www.baidu.com:80
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Mon, 11 Jun 2018 16:10:18 GMT
Content-Type: text/html
Content-Length: 277
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Etag: "575e1f5c-115"
Last-Modified: Mon, 13 Jun 2016 02:50:04 GMT
Pragma: no-cache
# curl -I www.baidu.com:443
HTTP/1.1 200 OK
Server: nginx/1.12.1
Date: Mon, 11 Jun 2018 16:10:27 GMT
Content-Type: text/html
Content-Length: 277
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
上面结果就说明我们的服务端nginx正向代理和客户端使用nginx做为全局代理设置成功。
6、取消代理unset http_proxy