nginx正向代理

携手创作，共同成长！这是我参与「掘金日新计划 · 8 月更文挑战」的第3天，点击查看活动详情

环境：10.0.0.41：服务端 10.0.0.42：客户端

服务端操作

1.安装

[root@ c7-41 ~]# yum -y install make zlib zlib-devel gcc-c++ libtool  openssl openssl-devel  wget pcre pcre-devel git
[root@ c7-41 ~]# git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
[root@ c7-41 ~]# wget http://nginx.org/download/nginx-1.14.2.tar.gz
[root@ c7-41 ~]# tar -xzvf nginx-1.14.2.tar.gz
[root@ c7-41 ~]# cd nginx-1.14.2/
##patch是补丁
[root@ c7-41 nginx-1.14.2]# patch -p1 <../ngx_http_proxy_connect_module/patch/proxy_connect_1014.patch
##安装到了/usr/local/nginx
[root@ c7-41 nginx-1.14.2]# ./configure  --with-http_stub_status_module --with-http_ssl_module --add-module=../ngx_http_proxy_connect_module

[root@ c7-41 nginx-1.14.2]# make && make install

2、虚拟主机配置

[root@ c7-41 nginx-1.14.2]#  mkdir -p /usr/local/nginx/conf/conf.d/
[root@ c7-41 nginx-1.14.2]# vim /usr/local/nginx/conf/nginx.conf
[root@ c7-41 nginx-1.14.2]# cat /usr/local/nginx/conf/nginx.conf
user  nobody;
worker_processes  1;                ##把80一些没有用的东西都给删掉，还有80端口
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    include /usr/local/nginx/conf/conf.d/*.conf; ##添加90的端口配置文件
}

[root@ c7-41 ~]# vim /usr/local/nginx/conf/conf.d/test.conf

server {
        listen 90;
        server_name 10.0.0.44;
        resolver 223.5.5.5;
        proxy_connect;
        proxy_connect_allow            443 563;
        proxy_connect_connect_timeout  10s;
        proxy_connect_read_timeout     10s;
        proxy_connect_send_timeout     10s;
location / {
		##负载
        proxy_pass http://$host;
        proxy_set_header Host $host;
        }
}

# 启动nginx

[root@ c7-41 ~]# /usr/local/nginx/sbin/nginx
[root@ c7-41 ~]# ss -lntp | grep nginx
LISTEN     0      128          *:90                       *:*                   users:(("nginx",pid=9346,fd=6),("nginx",pid=9070,fd=6))

客户端操作

全局的代理设置

[root@ c7-42 ~]# vim /etc/profile
##代理
export http_proxy=http://10.0.0.41:90
export https_proxy=http://10.0.0.41:90
export ftp_proxy=http://10.0.0.41:90
##使它生效
[root@ c7-42 ~]# source /etc/profile

yum的代理设置

[root@ c7-42 ~]# vim /etc/yum.conf
proxy=http://http://10.0.0.41:90

wget的代理设置

[root@ c7-42 ~]# vim /etc/wgetrc
http_proxy=http://10.0.0.41:90
ftp_proxy=http://10.0.0.41:90

停掉

[root@ c7-42 ~]# vim /etc/resolv.conf
nameserver 223.5.5.5

测试代理 方法一： 访问HTTP网站

[root@ c7-41 ~]# tailf /usr/local/nginx/logs/access.log

方法二：