目錄配置準備nginx版本和正向代理https的模塊的對應關系配置nginx正向代理解壓nginx，解壓模塊并重命名安裝nginx使用正向代理https的模塊配置正向代理創建nginx用戶，用來運行nginx驗證正向代理配置準備

正向代理，指的是通過代理服務器 代理瀏覽器/客戶端去重定向請求訪問到目標服務器 的一種代理服務。正向代理服務的特點是代理服務器 代理的對象是瀏覽器/客戶端，也就是對于目標服務器 來說瀏覽器/客戶端是隱藏的。

nginx默認支持正向代理http，不支持https

nginx官方并不支持直接轉發https請求，nginx支持https需要ngx_http_proxy_connect_module模塊。github上開源了模塊 https://github.com/chobits/ngx_http_proxy_connect_module。不過維護的ngx_http_proxy_connect_module模塊的補丁也是有nginx版本限制的（目前維護了1.4.x~1.19.x版本）可以在REDEME.md的Select patch中查看nginx版本和模塊的對應關系

nginx版本和正向代理https的模塊的對應關系nginx versionenable REWRITE phasepatch1.4.x ~ 1.12.xNOproxy_connect.patch1.4.x ~ 1.12.xYESproxy_connect_rewrite.patch1.13.x ~ 1.14.xNOproxy_connect_1014.patch1.13.x ~ 1.14.xYESproxy_connect_rewrite_1014.patch1.15.2YESproxy_connect_rewrite_1015.patch1.15.4 ~ 1.16.xYESproxy_connect_rewrite_101504.patch1.17.x ~ 1.18.0YESproxy_connect_rewrite_1018.patch1.19.x ~ 1.21.0YESproxy_connect_rewrite_1018.patch1.21.1 ~ 1.22.0YESproxy_connect_rewrite_102101.patchls /root/ngx_http_proxy_connect_module/patchproxy_connect_1014.patch proxy_connect_rewrite_1015.patchproxy_connect.patch proxy_connect_rewrite_1018.patchproxy_connect_rewrite_1014.patch proxy_connect_rewrite_102101.patchproxy_connect_rewrite_101504.patch proxy_connect_rewrite.patch

github上開源了模塊 https://github.com/chobits/ngx_http_proxy_connect_module

此處用的是nginx-1.17.6，對應proxy_connect_rewrite_1018.patch

配置nginx正向代理

下載后上傳到服務器

ls ngx_http_proxy_connect_module-master.zip nginx-1.17.6.tar.gz解壓nginx，解壓模塊并重命名tar xf nginx-1.17.6.tar.gzunzip ngx_http_proxy_connect_module-master.zipmv ngx_http_proxy_connect_module-master ngx_http_proxy_connect_modulels ngx_http_proxy_connect_module nginx-1.17.6 ngx_http_proxy_connect_module-master.zipnginx-1.17.6.tar.gz安裝nginx

安裝源碼編譯工具包，nginx依賴包

yum -y install make gcc openssl openssl-devel pcre-devel zlib zlib-devel

進入nginx解壓后的目錄

cd nginx-1.17.6 ./configuremake && make install使用正向代理https的模塊

查看nginx-1.17.6對應的https模塊的具體位置

ls /root/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch

導入模塊，再次編譯安裝

patch -p1 < /root/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch./configure --add-module=/root/ngx_http_proxy_connect_module make && make install配置正向代理

nginx默認安裝在/usr/local/nginx/

cd /usr/local/nginx/

修改配置文件

vim conf/nginx.conf

在 #gzip on; 下添加配置

#正向代理轉發http請求server { #指定DNS服務器IP地址 resolver 114.114.114.114; #監聽80端口，http默認端口80 listen 80; #服務器IP或域名server_name localhost; #正向代理轉發http請求 location / {proxy_pass http://$host$request_uri;proxy_set_header HOST $host;proxy_buffers 256 4k;proxy_max_temp_file_size 0k;proxy_connect_timeout 30;proxy_send_timeout 60;proxy_read_timeout 60;proxy_next_upstream error timeout invalid_header http_502; }}#正向代理轉發https請求server { #指定DNS服務器IP地址 resolver 114.114.114.114; #監聽443端口，https默認端口443 listen 443; #正向代理轉發https請求 proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; location / {proxy_pass http://$host;proxy_set_header Host $host; }}

檢查配置文件是否有錯誤sbin/nginx -t

創建nginx用戶，用來運行nginxuseradd nginx

啟動服務

sbin/nginx驗證正向代理 curl -I http://www.baidu.com/ -v -x 127.0.0.1:80 curl -I https://www.baidu.com/ -v -x 127.0.0.1:443

驗證正向代理http 200 ok

curl -I http://www.baidu.com/ -v -x 127.0.0.1:80* About to connect() to proxy 127.0.0.1 port 80 (#0)* ? Trying 127.0.0.1...* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)> HEAD http://www.baidu.com/ HTTP/1.1> User-Agent: curl/7.29.0> Host: www.baidu.com> Accept: */*> Proxy-Connection: Keep-Alive>< HTTP/1.1 200 OKHTTP/1.1 200 OK< Server: nginx/1.17.6Server: nginx/1.17.6< Date: Sun, 28 Aug 2022 02:05:33 GMTDate: Sun, 28 Aug 2022 02:05:33 GMT< Content-Type: text/htmlContent-Type: text/html< Content-Length: 277Content-Length: 277< Connection: keep-aliveConnection: keep-alive< Accept-Ranges: bytesAccept-Ranges: bytes< Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transformCache-Control: private, no-cache, no-store, proxy-revalidate, no-transform< Etag: '575e1f7c-115'Etag: '575e1f7c-115'< Last-Modified: Mon, 13 Jun 2016 02:50:36 GMTLast-Modified: Mon, 13 Jun 2016 02:50:36 GMT< Pragma: no-cachePragma: no-cache<* Connection #0 to host 127.0.0.1 left intact

驗證正向代理https 200 ok

curl -I https://www.baidu.com/ -v -x 127.0.0.1:443* About to connect() to proxy 127.0.0.1 port 443 (#0)* ? Trying 127.0.0.1...* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)* Establish HTTP proxy tunnel to www.baidu.com:443> CONNECT www.baidu.com:443 HTTP/1.1> Host: www.baidu.com:443> User-Agent: curl/7.29.0> Proxy-Connection: Keep-Alive>< HTTP/1.1 200 Connection EstablishedHTTP/1.1 200 Connection Established< Proxy-agent: nginxProxy-agent: nginx<* Proxy replied OK to CONNECT request* Initializing NSS with certpath: sql:/etc/pki/nssdb* ? CAfile: /etc/pki/tls/certs/ca-bundle.crt? CApath: none* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256* Server certificate:* ? ? ? subject: CN=baidu.com,O='Beijing Baidu Netcom Science Technology Co., Ltd',OU=service operation department,L=beijing,ST=beijing,C=CN* ? ? ? start date: 7月 05 05:16:02 2022 GMT* ? ? ? expire date: 8月 06 05:16:01 2023 GMT* ? ? ? common name: baidu.com* ? ? ? issuer: CN=GlobalSign RSA OV SSL CA 2018,O=GlobalSign nv-sa,C=BE> HEAD / HTTP/1.1> User-Agent: curl/7.29.0> Host: www.baidu.com> Accept: */*>< HTTP/1.1 200 OKHTTP/1.1 200 OK< Accept-Ranges: bytesAccept-Ranges: bytes< Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transformCache-Control: private, no-cache, no-store, proxy-revalidate, no-transform< Connection: keep-aliveConnection: keep-alive< Content-Length: 277Content-Length: 277< Content-Type: text/htmlContent-Type: text/html< Date: Sun, 28 Aug 2022 02:05:50 GMTDate: Sun, 28 Aug 2022 02:05:50 GMT< Etag: '575e1f7c-115'Etag: '575e1f7c-115'< Last-Modified: Mon, 13 Jun 2016 02:50:36 GMTLast-Modified: Mon, 13 Jun 2016 02:50:36 GMT< Pragma: no-cachePragma: no-cache< Server: bfe/1.0.8.18Server: bfe/1.0.8.18<* Connection #0 to host 127.0.0.1 left intact

到此這篇關于nginx正向代理http和https的實現步驟的文章就介紹到這了,更多相關nginx正向代理http和https內容請搜索好吧啦網以前的文章或繼續瀏覽下面的相關文章希望大家以后多多支持好吧啦網！