nginx正向代理配置
Posted 龍龍小宝
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了nginx正向代理配置相关的知识,希望对你有一定的参考价值。
一、前言
- 正向代理功能比较简单,但是原生nginx不支持https代理,如果访问https网站,会报错。
# nginx代理不支持http CONNECT方法:
curl: (56) Received HTTP code 400 from proxy after CONNECT
- 为了实现对https代理的支持,需要对原有nginx源码打补丁,就可以让nginx支持CONNECT模式了。
https://github.com/chobits/ngx_http_proxy_connect_module#build-openresty
二、下载并安装openresty
shell> yum -y install lua-devel
shell> wget http://dlsw.91donkey.com/software/source/nginx/openresty-1.15.8.1.tar.gz
shell> wget http://dlsw.91donkey.com/software/source/nginx/nginx-http-concat_20161124.tgz && tar zxf nginx-http-concat_20161124.tgz
shell> wget http://dlsw.91donkey.com/software/source/nginx/ngx_cache_purge-2.3.tar.gz && tar zxf ngx_cache_purge-2.3.tar.gz
shell> wget http://dlsw.91donkey.com/software/source/nginx/ngx_http_proxy_connect_module.tgz && tar zxf ngx_http_proxy_connect_module.tgz
shell> tar zxf openresty-1.15.8.1.tar.gz
shell> vim bundle/nginx-1.15.8/auto/cc/gcc
# 将下列代码注释掉,能够减少编译后nginx二级制文件的大小,提高程序执行效率。
# debug
CFLAGS="$CFLAGS -g"
shell> cd openresty-1.15.8.1
shell> ./configure --prefix=/opt/openresty --with-http_stub_status_module --with-http_sub_module --with-http_auth_request_module --with-http_addition_module --add-module=/usr/local/src/nginx-http-concat/ --add-module=/usr/local/src/ngx_cache_purge-2.3 --add-module=/usr/local/src/ngx_http_proxy_connect_module --with-stream
shell> patch -d build/nginx-1.15.8/ -p 1 < /usr/local/src/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_101504.patch
shell> gmake -j 8 && gmake install
shell> cd /opt/openresty/nginx/html
shell> cat >> /opt/openresty/nginx/html/http_code_status.php << EOF
<?php
exit;
?>
EOF
shell> wget http://dlsw.91donkey.com/software/source/nginx/fcgi.conf -O /opt/openresty/nginx/conf/fcgi.conf
shell> wget http://dlsw.91donkey.com/software/source/nginx/location.conf -O /opt/openresty/nginx/conf/location.conf
shell> wget http://dlsw.91donkey.com/software/source/nginx/nginx.conf -O /opt/openresty/nginx/conf/nginx.conf
shell> mkdir -p /export/home/{webroot,logs}/
shell> chown -R nobody.nobody /export/home/{webroot,logs}/
shell> echo "/opt/openresty/nginx/sbin/nginx" >> /etc/rc.d/rc.local
shell> /opt/openresty/nginx/sbin/nginx
# 配置nginx vim语法高亮
shell> cd /usr/local/src/openresty-1.11.2.5/build/nginx-1.11.2/contrib/vim/
shell> mkdir ~/.vim/ && cp -R * ~/.vim/
三、配置服务器端nginx正向代理
# 在nginx.conf中增加server{}块,具体如下:
server {
listen 8080;
resolver 8.8.8.8;
resolver_timeout 5s;
proxy_connect;
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_pass $scheme://$host$request_uri;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0;
proxy_connect_timeout 30;
}
access_log /export/home/logs/proxy/access.log main;
error_log /export/home/logs/proxy/error.log;
}
四、配置终端代理
# 在 /etc/profile 文件中增加如下三项。
export proxy="http://{proxy_server_ip}:8080"
export http_proxy=$proxy
export https_proxy=$proxy
# 使配置生效
shell> source /etc/profile
以上是关于nginx正向代理配置的主要内容,如果未能解决你的问题,请参考以下文章