nginx正向代理

正向代理

服务端 10.0.0.44
客户端 10.0.0.43

1、安装Nginx和模块

yum -y install make zlib zlib-devel gcc-c++ libtool  openssl openssl-devel  wget pcre pcre-devel git
git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
wget http://nginx.org/download/nginx-1.14.2.tar.gz
tar -xzvf nginx-1.14.2.tar.gz
cd nginx-1.14.2/
patch -p1 <../ngx_http_proxy_connect_module/patch/proxy_connect_1014.patch           #补丁
./configure  --with-http_stub_status_module --with-http_ssl_module --add-module=../ngx_http_proxy_connect_module
make && make install

2、虚拟主机配置

[root@c7-44 ~]# mkdir -p /usr/local/nginx/conf/conf.d/
[root@c7-44 ~]# cat /usr/local/nginx/conf/nginx.conf      #精简  把80 的端口配置去掉 只剩这些
user  nobody;           #任何人
worker_processes  1;
events {
	worker_connections  1024;
}
http {
	include       mime.types;
	default_type  application/octet-stream;
	sendfile        on;
	keepalive_timeout  65;
	include /usr/local/nginx/conf/conf.d/*.conf;      #添加90端口的配置文件

}

[root@c7-44 ~]# cat /usr/local/nginx/conf/conf.d/test.conf
server {
        listen 90;              #端口
        server_name 10.0.0.44;       #一般写dns服务器  也可以直接写ip
        resolver 223.5.5.5;
        proxy_connect;
        proxy_connect_allow            443 563;     # https
        proxy_connect_connect_timeout  10s;
        proxy_connect_read_timeout     10s;
        proxy_connect_send_timeout     10s;
location / {
        proxy_pass http://$host;
        proxy_set_header Host $host;
        }
}
[root@c7-44 ~] /usr/local/nginx/sbin/nginx   #启动nginx
[root@c7-44 conf.d]# ss -lntp|grep nginx             #只剩90端口
LISTEN     0      128          *:90                       *:*                   users:(("nginx",pid=28883,fd=6),("nginx",pid=18229,fd=6))

3.客户端配置

全局的代理设置：

vim /etc/profile
##代理
export http_proxy=http://10.0.0.44:90
export https_proxy=http://10.0.0.44:90
export ftp_proxy=http://10.0.0.44:90
[root@c7-43 ~] source /etc/profile

yum的代理设置：

vim /etc/yum.conf 
proxy=http://http://10.0.0.44:90

wget的代理设置：

vim /etc/wgetrc 
http_proxy=http://10.0.0.44:90
ftp_proxy=http://10.0.0.44:90

vim /etc/resolve.conf
#nameserver 223.5.5.5
#nameserver 223.6.6.6

4.测试代理
方法一：
访问HTTP网站，可以直接这样的方式:

curl ‐I ‐‐proxy 10.0.0.44:90 http://www.baidu.com
curl ‐I ‐‐proxy 10.0.0.44:90 https://www.baidu.com

[root@c7-43 ~]# curl ‐I ‐‐proxy 10.0.0.44:90 http://www.baidu.com
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
 ###   44[root@c7-44 conf.d]# tail -f /usr/local/nginx/logs/access.log
 停掉44 的nginx 看看是否有日志访问  或者吧nginx stop  去curl

方法二：

使用浏览器访问

这里使用的是firefox浏览器

如何确定访问是不是走的代理那？

可以在浏览器上设置好代理后，然后将你代理的nginx关掉，然后重新打开一个网页，会发现测试不可以访问网站了！！