1. 環境準備
本次試驗使用2臺linux虛擬機,一臺配置成代理服務器,一臺作爲客戶端測試使用,兩臺主機配置如下:
主機名 | 外網IP(NAT模式) | 內網IP(Hostonly模式) | 操作系統版本 |
---|---|---|---|
nginx-proxy | 10.0.0.250/24 | 172.16.100.250/24 | CentOS7.6 |
client | 無 | 172.16.100.100/24 | CentOS7.6 |
2. 編譯安裝Nginx
Nginx本身不支持HTTPS正向代理,需要安裝ngx_http_proxy_connect_module模塊後纔可以支持https正向代理
安裝編譯環境和工具
# yum -y install pcre pcre-devel
# yum -y install openssl-devel
# yum -y install gcc make gcc-c++
# yum -y install git
# yum -y install net-tools
編譯安裝Nginx和ngx_http_proxy_connect_module模塊
# mkdir -p /server/tools
# cd /server/tools
# git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
# wget http://nginx.org/download/nginx-1.18.0.tar.gz
# tar -xf nginx-1.18.0.tar.gz
# mkdir /app
# cd nginx-1.18.0
# patch -p1 < /server/tools/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_101514.patch
# ./configure --prefix=/app/nginx-1.18.0 --with-http_stub_status_module --with-http_ssl_module --add-module=/server/tools/ngx_http_proxy_connect_module
# make
# make install
# cd /app
# ln -sv /app/nginx-1.18.0 /app/nginx
# echo > /etc/profile.d/nginx.sh
# sed -i 'i export PATH=$PATH:/app/nginx/sbin' nginx.sh
# source /etc/profile.d/nginx.sh
3修改Nginx配置文件,配置nginx支持http,https代理
# cp /app/nginx/conf/nginx.conf{,.bak}
#
server {
listen 8099;
resolver 223.5.5.5;
location / {
proxy_pass http://$http_host$request_uri;
proxy_set_header HOST $http_host;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_next_upstream error timeout invalid_header http_502;
}
}
# 支持https代理
server {
listen 8443;
resolver 223.5.5.5;
proxy_connect;
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_pass http://$host;
proxy_set_header HOST $host;
}
}
4.啓動 nginx
# 檢查配置文件是否正確
# nginx -t
#啓動nginx
# nginx
# 檢查服務端口
# netstat -tunlp | grep 8099
# netstat -tunlp | grep 8443
5.在客戶端配置使用代理上網
#臨時測試
# curl --proxy 172.16.100.250:8099 http://www.baidu.com
# curl --proxy 172.16.100.250:8443 https://www.baidu.com
永久生效
# echo > /etc/profile.d/http_proxy.sh
# sed -i 'i export http_proxy=http://172.16.100.250:8099\nexport https_proxy=http://172.16.100.250:8443' /etc/profile.d/http_proxy.sh
# source /etc/profile.d/http_proxy.sh
# 測試是否生效
# curl -v https://www.baidu.com
# curl -v http://www.baidu.com