通过 yum intall nginx 安装的 nginx 默认只支持代理 http 协议,不支持代理 https 协议,需要另外安装代理模块 ngx_http_proxy_connect_module。
1.备份原nginx文件
cp /usr/sbin/nginx /usr/sbin/nginx.bk
cp -r /etc/nginx /etc/nginx.bk
2.查看nginx版本及已安装模块
nginx -V
nginx version: nginx/1.20.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-compat --with-debug --with-file-aio --with-google_perftools_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads
3.下载ssl代理模块
#yum isntall git
cd /usr/local
git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
4.下载相同版本的nginx
cd /usr/local
wget http://nginx.org/download/nginx-1.20.1.tar.gz
tar zxvf nginx-1.20.1.tar.gz
5.安装代理模块
#打补丁
cd nginx-1.20.1
patch -p1 < /usr/local/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch
#在原有模块后增加的代理模块,然后编译
./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-compat --with-debug --with-file-aio --with-google_perftools_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --add-module=/usr/local/ngx_http_proxy_connect_module
#以上编译时,如出现缺少依赖,一般需要安装以下模块,安装完再次编译:
yum -y install libxml2 libxml2-dev libxslt-devel
yum -y install gd-devel
yum -y install perl-devel perl-ExtUtils-Embed
yum -y install google-perftools google-perftools-devel
yum -y install GeoIP GeoIP-devel GeoIP-data
yum -y install openssl openssl-devel
yum -y install pcre pcre-devel
#其他问题参见 https://blog.csdn.net/weixin_45729432/article/details/129493752
#安装
#不建议 make & make install,以免现在的nginx出现问题。
make -j2
#以上完成后,会在objs目录下生成一个nginx文件,先验证:
./objs/nginx -t
./objs/nginx -V
#以上成功后,替换原文件
cp ./objs/nginx /usr/sbin/nginx
#重启nginx
nginx -s stop && nginx
6.编写代理文件
vim /etc/nginx/conf.d/proxy.conf
server {
listen 9000;
resolver 1.1.1.1 ipv6=off;
proxy_connect;
proxy_connect_allow 443 563 80;
proxy_connect_connect_timeout 30s;
proxy_connect_read_timeout 30s;
proxy_connect_send_timeout 30s;
location / {
proxy_pass http://$host;
proxy_set_header Host $host;
}
}
7.测试代理
curl -kvL http://baidu.com -x 127.0.0.1:9000
curl -kvL https://baidu.com -x 127.0.0.1:9000
#参考文档
#1. yum安装下的nginx,如何添加模块,和添加第三方模块
#https://blog.csdn.net/zzy5066/article/details/81136273?spm=1001.2101.3001.6650.2&utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7ECTRLIST%7ERate-2-81136273-blog-100523318.235%5Ev43%5Epc_blog_bottom_relevance_base6&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7ECTRLIST%7ERate-2-81136273-blog-100523318.235%5Ev43%5Epc_blog_bottom_relevance_base6&utm_relevant_index=5
#2. Nginx之ngx_http_proxy_connect_module模块
#https://blog.csdn.net/sleepIII/article/details/100787646
#3. CentOs7 给nginx安装ngx_http_proxy_connect_module模块,配置正向代理支持https
#https://blog.csdn.net/anwebDesigner/article/details/120454816
#4. nginx正向代理(超简单)
#https://blog.csdn.net/qq_49296785/article/details/109391411
#5. 使用yum安装下的nginx,添加模块的方法
#https://blog.csdn.net/wolf131721/article/details/100523318