nginx正向代理https是需要安装ngx_http_proxy_connect_module模块,并不是所有版本都可以的
下载源码之前参考https://github.com/chobits/ngx_http_proxy_connect_module支持的版本下载
1、下载软件nginx源码,并解压:
[root@sm ~]# cd /mnt/
[root@sm mnt]# wget http://nginx.org/download/nginx-1.12.2.tar.gz
[root@sm mnt]# tar -xzvf nginx-1.12.2.tar.gz
2、下载ngx_http_proxy_connect_module模块:
[root@sm mnt]# yum install git -y
[root@sm mnt]# git clone https://github.com/chobits/ngx_http_proxy_connect_module
[root@sm mnt]# ls -l ngx_http_proxy_connect_module/patch/ #根据你选择的nginx选择补丁
total 72
-rw-r--r-- 1 root root 9849 Nov 20 09:30 proxy_connect_1014.patch
-rw-r--r-- 1 root root 9697 Nov 20 09:30 proxy_connect.patch
-rw-r--r-- 1 root root 9408 Nov 20 09:30 proxy_connect_rewrite_1014.patch
-rw-r--r-- 1 root root 9505 Nov 20 09:30 proxy_connect_rewrite_101504.patch
-rw-r--r-- 1 root root 9496 Nov 20 09:30 proxy_connect_rewrite_1015.patch
-rw-r--r-- 1 root root 9337 Nov 20 09:30 proxy_connect_rewrite.patch
3、先安装patch并如下执行:
root@sm mnt]# yum install patch -y
[root@sm mnt]# cd /mnt/nginx-1.12.2/src/http #选择目录
[root@sm http]# patch < /mnt/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite.patch
patching file ngx_http_core_module.c
Hunk #1 succeeded at 942 (offset 20 lines).
Hunk #2 succeeded at 1183 (offset 18 lines).
patching file ngx_http_parse.c
patching file ngx_http_request.c
Hunk #1 succeeded at 974 (offset 6 lines).
Hunk #2 succeeded at 1584 (offset 11 lines).
patching file ngx_http_request.h
Hunk #2 succeeded at 407 (offset 3 lines).
patching file ngx_http_variables.c
Hunk #1 succeeded at 159 (offset 7 lines).
4.开始源码安装nginx了
[root@sm http]# cd /mnt/nginx-1.12.2/
[root@sm nginx-1.12.2]# yum install gcc gcc-c++ pcre-devel openssl openssl-devel -y
[root@sm nginx-1.12.2]# ./configure --add-module=/mnt/ngx_http_proxy_connect_module --with-http_ssl_module #ngx_http_proxy_connect_module补丁模块目录
[root@sm nginx-1.12.2]# make && make install
[root@sm nginx-1.12.2]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --add-module=/mnt/ngx_http_proxy_connect_module --with-http_ssl_module
5.编辑配置文件:
[root@sm nginx-1.12.2]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 8080; #设备监听端口
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
resolver 8.8.8.8; #代理使用的DNS
#forward proxy for CONNECT request
proxy_connect; #以下是代理参数
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_pass http://$host; #设置代理url信息参数
proxy_set_header Host $host; #代理的head参数
root html;
index index.html index.htm;
}
[root@sm nginx-1.12.2]# /usr/local/nginx/sbin/nginx #启动服务
-----------------------------------------------------
6.测试百度网站的http和https的代理访问结果成功:
[root@sm ~]# curl -I http://www.baidu.com -v -x 127.0.0.1:8080
* About to connect() to proxy 127.0.0.1 port 8080 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> HEAD http://www.baidu.com/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.baidu.com
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: nginx/1.12.2
Server: nginx/1.12.2
< Date: Wed, 20 Nov 2019 14:57:18 GMT
Date: Wed, 20 Nov 2019 14:57:18 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 277
Content-Length: 277
< Connection: keep-alive
Connection: keep-alive
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
< Etag: "575e1f72-115"
Etag: "575e1f72-115"
< Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT
Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT
< Pragma: no-cache
Pragma: no-cache
<
* Connection #0 to host 127.0.0.1 left intact
[root@sm ~]#
[root@sm ~]#
[root@sm ~]# curl -I https://www.baidu.com -v -x 127.0.0.1:8080
* About to connect() to proxy 127.0.0.1 port 8080 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
* Establish HTTP proxy tunnel to www.baidu.com:443
> CONNECT www.baidu.com:443 HTTP/1.1
> Host: www.baidu.com:443
> User-Agent: curl/7.29.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection Established
HTTP/1.1 200 Connection Established
< Proxy-agent: nginx
Proxy-agent: nginx
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=baidu.com,O="Beijing Baidu Netcom Science Technology Co., Ltd",OU=service operation department,L=beijing,ST=beijing,C=CN
* start date: May 09 01:22:02 2019 GMT
* expire date: Jun 25 05:31:02 2020 GMT
* common name: baidu.com
* issuer: CN=GlobalSign Organization Validation CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.baidu.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
< Connection: keep-alive
Connection: keep-alive
< Content-Length: 277
Content-Length: 277
< Content-Type: text/html
Content-Type: text/html
< Date: Wed, 20 Nov 2019 14:58:06 GMT
Date: Wed, 20 Nov 2019 14:58:06 GMT
< Etag: "575e1f6d-115"
Etag: "575e1f6d-115"
< Last-Modified: Mon, 13 Jun 2016 02:50:21 GMT
Last-Modified: Mon, 13 Jun 2016 02:50:21 GMT
< Pragma: no-cache
Pragma: no-cache
< Server: bfe/1.0.8.18
Server: bfe/1.0.8.18
<
* Connection #0 to host 127.0.0.1 left intact
[root@sm ~]#
---------------------------------------------------------------------------------------
5079
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
