nginx正向代理

由于默认的nginx发布版本不支持正向代理功能，需要借助ngx_http_proxy_connect_module这个三方插件来完成，所以需编译安装nginx。

下载nginx源码包

cd /usr/local/src/
wget http://nginx.org/download/nginx-1.19.10.tar.gz
tar xf nginx-1.19.10.tar.gz

获取nginx正向代理模块

git clone https://github.com/chobits/ngx_http_proxy_connect_module

通过补丁方法把上述下载的正向代理模块导入到nginx模块存储目录

cd nginx-1.19.10/
patch -p1 < /usr/local/src/ngx_http_proxy_connect_module/patch/proxy_connect.patch

编译安装nginx

./configure --prefix=/opt/nginx --add-module=/tmp/ngx_http_proxy_connect_module
make && make install

编写systemd启动脚本

cat > /etc/systemd/system/nginx.service << EOF
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/opt/nginx/logs/nginx.pid
ExecStartPre=/opt/nginx/sbin/nginx -t
ExecStart=/opt/nginx/sbin/nginx
ExecReload=/opt/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT 
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF

启动nginx

systemctl daemon-reload
systemctl start nginx

配置nginx代理

vim  /opt/nginx/conf/nginx.conf

#user  nobody;
worker_processes  1;
worker_rlimit_nofile 60000;
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       8888;
        server_name                      192.168.1.2;
        resolver                         114.114.114.114;
        proxy_connect;
        proxy_connect_allow              443 80;
        proxy_connect_connect_timeout    10s;
        proxy_connect_read_timeout       10s;
        proxy_connect_send_timeout       10s;
        location / {
            proxy_pass http://$host;
            #proxy_pass $scheme://$http_host$request_uri;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

          }
        #include client-allow.conf; #主机白名单
        #deny all; #除了主机白名单中的主机，拒绝所有
        error_page  404              /404.html;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }



}

重启nginx

systemctl restart nginx

防火墙放行8888端口

测试

curl -I --proxy 192.168.1.2:8888  http://www.baidu.com