Nginx正向代理使内网机器访问外网
机器详情
机器 | 网卡 |
---|---|
机器1(可访问外网) | ens33:192.168.46.56/24 ens34:192.168.10.16/24 |
机器2(只能内网) | ens33:192.168.10.11/24 |
机器1配置
下载nginx(我选择的是nginx-1.20.0)
下载ngx_http_proxy_connect_module (我选择的版本为0.0.5)
链接:https://github.com/chobits/ngx_http_proxy_connect_module
开始编译安装
# 两个压缩我均放置在/root/目录下
# 解压这两压缩包
tar -xvf nginx-1.20.0.tar.gz
tar -xvf ngx_http_proxy_connect_module-0.0.5.tar.gz
# 先安装编译环境
apt -y install gcc make g++ libtool-bin libexpat1-dev build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev libxml2-dev libcurl4-openssl-dev pkg-config pkgconf
# 编译安装nginx
cd nginx-1.20.0/
# proxy_connect_rewrite_1018.patch不是一成不变的,要根据自己的nginx版本选择,GitHub链接上有讲
patch -p1 < /root/ngx_http_proxy_connect_module-0.0.5/patch/proxy_connect_rewrite_1018.patch
./configure --add-module=/root/ngx_http_proxy_connect_module-0.0.5
make && make install
# 编写nginx配置文件
# 配置在http{}内
vim /usr/local/nginx/conf/nginx.conf
server {
resolver 114.114.114.114;
listen 80;
server_name localhost;
location / {
proxy_pass http://$host$request_uri;
proxy_set_header HOST $host;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_next_upstream error timeout invalid_header http_502;
}
}
server {
resolver 114.114.114.114;
listen 443;
proxy_connect;
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_pass http://$host;
proxy_set_header Host $host;
}
}
# 重启nginx使配置生效
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
cd /usr/local/nginx/sbin
./nginx -t
./nginx -s reload
机器2测试
curl命令测试
curl http://www.baidu.com -v -x 192.168.10.16:80
curl https://www.baidu.com -v -x 192.168.10.16:443
apt测试
vim /etc/apt/apt.conf.d/proxy.conf
Acquire::http::Proxy "http://192.168.10.16:80";
Acquire::https::Proxy "https://192.168.10.16:443";
apt update
没有设置的效果
设置了的效果