前置:Nginx 不完全食用指北

https://yuwei.cc/posts/nginx.html

基本概念

用户为了从原始服务器(不可直达)取得内容,通过向代理服务器发送请求,然后代理服务器原始服务器转交请求并将获得的内容返回给用户的过程称为:正向代理(forward),代理服务器位于客户端用户原始服务器之间,如:VPN

编译安装

PS.使用 Nginx 正向代理 https 请求需要在编译时添加 ngx_http_proxy_connect_module 模块

1
2
3
4
5
mkdir -pv /app/service/nginx/modules && mkdir -pv /app/logs/nginx
tar -zxvf nginx-1.20.1.tar.gz && tar -zxvf ngx_http_proxy_connect_module-0.0.2.tar.gz
mv ngx_http_proxy_connect_module-0.0.2 /app/service/nginx/modules/ngx_http_proxy_connect
cd nginx-1.20.1
patch -p1 < /app/service/nginx/modules/ngx_http_proxy_connect/patch/proxy_connect_rewrite_1018.patch

打完补丁以后,进行编译安装
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
./configure \
--prefix=/app/service/nginx \
--conf-path=/app/conf/nginx/nginx.conf \
--error-log-path=/app/logs/nginx/error.log \
--http-log-path=/app/logs/nginx/access.log \
--with-compat \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--add-module=/app/service/nginx/modules/ngx_http_proxy_connect
#--add-dynamic-module=/app/service/nginx/modules/ngx_http_proxy_connect
make && make install

安装完成以后,上面已经指定了安装目录,我们 -v、-V 查看下版本信息和编译信息
1
/app/service/nginx/sbin/nginx -v

配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
server {
  resolver 223.5.5.5 114.114.114.114;
  resolver_timeout 10s;
  listen 10086;
  access_log  /app/logs/nginx/https_proxy_access.log;
  error_log   /app/logs/nginx/https_proxy_error.log;
  proxy_connect;
  proxy_connect_allow 443 563;
  proxy_connect_connect_timeout 10s;
  proxy_connect_read_timeout 10s;
  proxy_connect_send_timeout 10s;
  location / {
    proxy_set_header Host $host;
    proxy_pass $scheme://$host$request_uri;
    proxy_buffers 256 4k;
    proxy_max_temp_file_size 0k;
    proxy_connect_timeout 30;
    proxy_send_timeout 60;
    proxy_read_timeout 60;
    proxy_next_upstream error timeout invalid_header http_502;
  }
}

代理验证

然后去其他机器进行测试:

1
curl -v https://qyapi.weixin.qq.com/cgi-bin/gettoken -x 127.0.0.1:10086

全局代理

Linux 设置当前用户环境变量:~/.bashrc(继承 /etc/profile 中的变量)

1
2
3
4
echo 'export https_proxy=xxx.xxx.xxx.xxx:10086' >> ~/.bashrc
echo 'export no_proxy="localhost, 127.0.0.1, ::1"' >> ~/.bashrc
echo 'export no_proxy="xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx"' >> ~/.bashrc
source ~/.bashrc