配置http(https)正向代理【ngx_http_proxy_connect_module】
nginx一般用于负载均衡,反向代理比较多;当然nginx也是可以充当正向代理的,但是nginx本身并没有自带支持正向代理的模块。其实更准确地说,nginx是没有支持七层正向代理的模块,只有实现四层正向代理的模块(具体可以参考一下这篇文章–使用NGINX作为HTTPS正向代理服务器)。本文讨论的是使用第三方模块实现的七层正向代理。
第三方包下载:/chobits/ngx_http_proxy_connect_module.git
(如果没有安装nginx的则需要下载nginx的包,已经装好的可以重新编译,下面介绍安装nginx1.14的过程。)
注意:nginx版本不可过高,此模块最高支持nginx1.19
[root@zabbix-agent-1 opt]# lsnginx-1.14.2.tar.gz ngx_http_proxy_connect_module_master[root@zabbix-agent-1 opt]# mv ngx_http_proxy_connect_module-master/ ngx_http_proxy_connect_module[root@zabbix-agent-1 opt]# ls ngx_http_proxy_connect_module/config LICENSE ngx_http_proxy_connect_module.c patch README.md t
阅读README文件,有以下几个地方要注意
文档中给出了配置正向代理的配置
根据nginx的版本选择patch目录下对应的补丁
低版本nginx编译有所不同
阅读完文档之后,下面开始安装
[root@zabbix-agent-1 opt]# yum install gcc gcc-c++ make -y[root@zabbix-agent-1 opt]# yum install rpm-build rpmdevtools -y[root@zabbix-agent-1 opt]# yum install pcre-devel pcre -y[root@zabbix-agent-1 opt]# yum install zlib-devel zlib -y[root@zabbix-agent-1 opt]# yum install openssl-devel openssl -y[root@zabbix-agent-1 opt]# yum install redhat-lsb-core -y[root@zabbix-agent-1 opt]# cd nginx-1.14.2/[root@zabbix-agent-1 nginx-1.14.2]# yum -y install patch[root@zabbix-agent-1 nginx-1.14.2]# patch -p1 < /opt/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1014.patch[root@zabbix-agent-1 nginx-1.14.2]# ./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/opt/ngx_http_proxy_connect_module[root@zabbix-agent-1 nginx-1.14.2]# make && make install
安装完成之后,修改配置文件,添加以下内容
检查配置文件并启动
[root@zabbix-agent-1 conf]# ../sbin/nginx -tnginx: the configuration file /opt/nginx/conf/nginx.conf syntax is oknginx: configuration file /opt/nginx/conf/nginx.conf test is successful[root@zabbix-agent-1 conf]# ../sbin/nginx
测试访问
[root@zabbix-agent-1 conf]# curl --proxy 192.168.186.11:8000 <!DOCTYPE html><!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=/r/www/cache/bdorz/baidu.min.css><title>百度一下,你就知道</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> <div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=///img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=///s class=fm> <input type=hidden name=bdorz_come value=1> <input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr"><input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=百度一下 class="bg s_btn"></span> </form> </div> </div> <div id=u1> <a href= name=tj_trnews class=mnav>新闻</a> <a href= name=tj_trhao123 class=mnav>hao123</a> <a href= name=tj_trmap class=mnav>地图</a> <a href= name=tj_trvideo class=mnav>视频</a> <a href= name=tj_trtieba class=mnav>贴吧</a> <noscript> <a href=/bdorz/login.gif?login&tpl=mn&u=http%3A%2F%%2f%3fbdorz_come%3d1 name=tj_login class=lb>登录</a> </noscript> <script>document.write('<a href="/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponent(window.location.href+ (window.location.search === "" ? "?" : "&")+ "bdorz_come=1")+ '" name="tj_login" class="lb">登录</a>');</script> <a href=///more/ name=tj_briicon class=bri style="display: block;">更多产品</a> </div> </div> </div> <div id=ftCon> <div id=ftConw> <p id=lh> <a href=>关于百度</a> <a href=>About Baidu</a> </p> <p id=cp>© Baidu <a href=/duty/>使用百度前必读</a> <a href=/ class=cp-feedback>意见反馈</a> 京ICP证030173号 <img src=///img/gs.gif> </p> </div> </div> </div> </body> </html>[root@zabbix-agent-1 conf]# curl --proxy 192.168.186.11:8000 <!DOCTYPE html><!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=/5eN1bjq8AAUYm2zgoY3K/r/www/cache/bdorz/baidu.min.css><title>百度一下,你就知道</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> <div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=///img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=///s class=fm> <input type=hidden name=bdorz_come value=1> <input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr"><input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus=autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=百度一下 class="bg s_btn" autofocus></span> </form> </div> </div> <div id=u1> <a href= name=tj_trnews class=mnav>新闻</a> <a href= name=tj_trhao123 class=mnav>hao123</a> <a href= name=tj_trmap class=mnav>地图</a> <a href= name=tj_trvideo class=mnav>视频</a> <a href= name=tj_trtieba class=mnav>贴吧</a> <noscript> <a href=/bdorz/login.gif?login&tpl=mn&u=http%3A%2F%%2f%3fbdorz_come%3d1 name=tj_login class=lb>登录</a> </noscript> <script>document.write('<a href="/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponent(window.location.href+ (window.location.search === "" ? "?" : "&")+ "bdorz_come=1")+ '" name="tj_login" class="lb">登录</a>');</script> <a href=///more/ name=tj_briicon class=bri style="display: block;">更多产品</a> </div> </div> </div> <div id=ftCon> <div id=ftConw> <p id=lh> <a href=>关于百度</a> <a href=>About Baidu</a> </p> <p id=cp>© Baidu <a href=/duty/>使用百度前必读</a> <a href=/ class=cp-feedback>意见反馈</a> 京ICP证030173号 <img src=///img/gs.gif> </p> </div> </div> </div> </body> </html>
可以看到,无论是访问http,还是https,都能正常通过代理访问,配置完成!