文章目录
关闭selinux,重启机器
[root@localhost tools]# cat /etc/selinux/config
.........
SELINUX=disabled
.........
[root@localhost tools]# init 6
下载必备的环境依赖
[root@localhost tools]#yum install gcc make pcre-devel zlib zlib-devel openssl openssl-devel pcre pcre-devel net-tools telnet -y
解压编辑,执行写好的shell脚本
[root@localhost tools]# tar -xvf nginx-1.18.0.tar.gz
[root@localhost tools]# ls
nginx-1.18.0 nginx-1.18.0.tar.gz nginx_proxy.sh
[root@localhost tools]# bash nginx_proxy.sh
#!/bin/bash
tar -xvf nginx-1.18.0.tar.gz
cd nginx-1.18.0
./configure --prefix=/usr/local/nginx --with-mail --with-stream
make && make install
cd /usr/local/nginx/
/usr/local/nginx/sbin/nginx -c conf/nginx.conf
/usr/local/nginx/sbin/nginx -s reload
sed -i '15a stream {\n\tserver{ \n\t\tlisten 143;\n\t\tproxy_connect_timeout 5s;\n\t\tproxy_timeout 5s;\n\t\tproxy_pass mail.cnhbstock.com:143;\n\t\t}\n\tserver{\n\t\tlisten 25;\n\t\tproxy_connect_timeout 5s;\n\t\tproxy_timeout 5s;\n\t\tproxy_pass mail.cnhbstock.com:25;\n\t\t}\n}' /usr/local/nginx/conf/nginx.conf
/usr/local/nginx/sbin/nginx -s reload
复查配置文件
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
...
stream {
server{
listen 143;
proxy_connect_timeout 5s;
proxy_timeout 5s;
proxy_pass mail.xxxxx.com:143;
}
server{
listen 25;
proxy_connect_timeout 5s;
proxy_timeout 5s;
proxy_pass mail.xxxx.com:25;
}
}
...
查看143和25端口启动状态
[root@localhost ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 94631/nginx: master
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 94631/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6683/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 94631/nginx: master
tcp6 0 0 :::9100 :::* LISTEN 6684/node_exporter
tcp6 0 0 :::22 :::* LISTEN 6683/sshd
kill掉原有的nginx
[root@localhost ~]# ps -ef|grep nginx |grep -v color|awk '{print $2}'|xargs kill -9
配置nginx到systemctl管理
[root@localhost ~]# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx-The High-performance HTTP Server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecQuit=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
systemctl使用
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart nginx
[root@localhost ~]# systemctl start nginx
[root@localhost ~]# systemctl status nginx
[root@localhost ~]# systemctl status nginx
● nginx.service - nginx-The High-performance HTTP Server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-12-16 08:17:38 CST; 37min ago
Process: 94622 ExecStop=/usr/local/nginx/sbin/nginx -s stop (code=exited, status=0/SUCCESS)
Process: 94629 ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf (code=exited, status=0/SUCCESS)
Process: 94627 ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf (code=exited, status=0/SUCCESS)
Main PID: 94631 (nginx)
CGroup: /system.slice/nginx.service
├─94631 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/ngi...
└─94632 nginx: worker process
Dec 16 08:17:38 localhost.localdomain systemd[1]: Stopped nginx-The High-performance HTTP Server.
Dec 16 08:17:38 localhost.localdomain systemd[1]: Starting nginx-The High-performance HTTP Server...
Dec 16 08:17:38 localhost.localdomain nginx[94627]: nginx: the configuration file /usr/local/ng...ok
Dec 16 08:17:38 localhost.localdomain nginx[94627]: nginx: configuration file /usr/local/nginx/...ul
Dec 16 08:17:38 localhost.localdomain systemd[1]: Started nginx-The High-performance HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
正向代理
http代理
[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf
http {
resolver 114.114.114.114;
server {
listen 8088;
location / {
proxy_pass http://$http_host$request_uri;
}
}
}
nginx实现代理上网:
1.增加dns解析resolver
2.增加新的server
3.proxy_pass指令
具体上网步骤:
1、找一台可以上服务器,安装nginx,然后按照上面配置好正向代理。
2、windows配置代理:
https代理
nginx的代理安装尝试了,但未成功。操作和配置文件如下:
[root@nginx nginx-1.18.0]# patch -p1 < /root/tools/ngx_http_proxy_connect_module/patch/proxy_connect.patch
[root@nginx nginx-1.18.0]# ./configure --prefix=/usr/local/nginx --with-mail --with-stream --with-http_ssl_module --with-http_realip_module --with-threads --with-stream_ssl_preread_module --with-stream_ssl_module --with-http_stub_status_module --add-module=/root/tools/ngx_http_proxy_connect_module
注意:ngx_http_proxy_connect_module需要下载
nginx配置文件如下:
[root@nginx conf]# vim nginx.conf
user root;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
stream {
server{
listen 143;
proxy_connect_timeout 5s;
proxy_timeout 5s;
proxy_pass mail.cnhbstock.com:143;
}
server{
listen 25;
proxy_connect_timeout 5s;
proxy_timeout 5s;
proxy_pass mail.cnhbstock.com:25;
}
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
tcp_nopush on;
tcp_nodelay on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
autoindex on; #允许nginx在浏览器以文件夹形式访问
autoindex_exact_size off; #显示文件大小
autoindex_localtime on; #显示文件时间
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /root/file/;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
#resolver 114.114.114.114;
server {
listen 8088;
resolver 114.114.114.114;
#listen 443 ssl;
location / {
root html;
index index.html index.htm;
proxy_pass http://$http_host$request_uri;
proxy_set_header HOST $http_host;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
}
}
server {
listen 443;
resolver 114.114.114.114;
proxy_connect;
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
#proxy_pass $scheme://$http_host$request_uri;
root html;
index index.html index.htm;
proxy_pass https://$host$request_uri;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
}
}
如上配合。https的代理无法生效。推荐简单的方式如下,使用privoxy。
[root@nginx conf]# yum install -y privoxy
[root@nginx conf]# vim /etc/privoxy/
#......
listen-address 10.102.1.235:8118
#......
[root@nginx conf]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.102.1.235:8118 0.0.0.0:* LISTEN 113668/privoxy
使用curl命令,指定代理,测试是否成功
[root@nginx conf]# curl --proxy 10.102.1.235:8118 https://www.baidu.com
浏览,通过火狐浏览器的代理设置,测试上网情况。发现是可以的。