nginx正向代理配置

Posted 龍龍小宝

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了nginx正向代理配置相关的知识,希望对你有一定的参考价值。

一、前言

  • 正向代理功能比较简单,但是原生nginx不支持https代理,如果访问https网站,会报错。
# nginx代理不支持http CONNECT方法:
curl: (56) Received HTTP code 400 from proxy after CONNECT

二、下载并安装openresty

shell> yum -y install lua-devel
shell> wget http://dlsw.91donkey.com/software/source/nginx/openresty-1.15.8.1.tar.gz
shell> wget http://dlsw.91donkey.com/software/source/nginx/nginx-http-concat_20161124.tgz && tar zxf nginx-http-concat_20161124.tgz
shell> wget http://dlsw.91donkey.com/software/source/nginx/ngx_cache_purge-2.3.tar.gz && tar zxf ngx_cache_purge-2.3.tar.gz
shell> wget http://dlsw.91donkey.com/software/source/nginx/ngx_http_proxy_connect_module.tgz && tar zxf ngx_http_proxy_connect_module.tgz
shell> tar zxf openresty-1.15.8.1.tar.gz
shell> vim bundle/nginx-1.15.8/auto/cc/gcc
# 将下列代码注释掉,能够减少编译后nginx二级制文件的大小,提高程序执行效率。
# debug
CFLAGS="$CFLAGS -g"

shell> cd openresty-1.15.8.1
shell> ./configure --prefix=/opt/openresty --with-http_stub_status_module --with-http_sub_module     --with-http_auth_request_module --with-http_addition_module     --add-module=/usr/local/src/nginx-http-concat/     --add-module=/usr/local/src/ngx_cache_purge-2.3     --add-module=/usr/local/src/ngx_http_proxy_connect_module     --with-stream
shell> patch -d build/nginx-1.15.8/ -p 1 < /usr/local/src/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_101504.patch
shell> gmake -j 8 && gmake install
shell> cd /opt/openresty/nginx/html
shell> cat >> /opt/openresty/nginx/html/http_code_status.php << EOF
<?php
exit;
?>
EOF
shell> wget http://dlsw.91donkey.com/software/source/nginx/fcgi.conf -O /opt/openresty/nginx/conf/fcgi.conf
shell> wget http://dlsw.91donkey.com/software/source/nginx/location.conf -O /opt/openresty/nginx/conf/location.conf
shell> wget http://dlsw.91donkey.com/software/source/nginx/nginx.conf -O /opt/openresty/nginx/conf/nginx.conf
shell> mkdir -p /export/home/{webroot,logs}/
shell> chown -R nobody.nobody /export/home/{webroot,logs}/
shell> echo "/opt/openresty/nginx/sbin/nginx" >> /etc/rc.d/rc.local
shell> /opt/openresty/nginx/sbin/nginx
# 配置nginx vim语法高亮
shell> cd /usr/local/src/openresty-1.11.2.5/build/nginx-1.11.2/contrib/vim/
shell> mkdir ~/.vim/ && cp -R * ~/.vim/

三、配置服务器端nginx正向代理

# 在nginx.conf中增加server{}块,具体如下:
  server {
      listen 8080;
      resolver 8.8.8.8;
      resolver_timeout 5s;
      proxy_connect;
      proxy_connect_allow 443 563;
      proxy_connect_connect_timeout 10s;
      proxy_connect_read_timeout 10s;
      proxy_connect_send_timeout 10s;
      location / {
          proxy_pass $scheme://$host$request_uri;
          proxy_set_header Host $http_host;
          proxy_buffers 256 4k;
          proxy_max_temp_file_size 0;
          proxy_connect_timeout 30;
      }
      access_log /export/home/logs/proxy/access.log main;
      error_log /export/home/logs/proxy/error.log;
  }

四、配置终端代理

# 在 /etc/profile 文件中增加如下三项。
export proxy="http://{proxy_server_ip}:8080"
export http_proxy=$proxy
export https_proxy=$proxy

# 使配置生效
shell> source /etc/profile

以上是关于nginx正向代理配置的主要内容,如果未能解决你的问题,请参考以下文章

nginx正向代理

nginx 配置正向代理

nginx正向代理配置

Nginx代理——正向反向代理,动静分离和负载均衡

nginx如何配置多IP的HTTP正向代理?

nginx正向代理SFTP整体配置方案