1.编译安装nginx,需要安装第三方模块ngx_http_proxy_connect_module
#安装依赖
yum -y install patch unzip gcc gcc-c++ autoconf automake zlib zlib-devel libtool
cd /data1/softwares
tar -zxf pcre-8.32.tar.gz
tar -zxf openssl-1.0.2h.tar.gz #该版本nginx不支持openssl 1.1.1ntar -zxf nginx-1.21.1.tar.gz
mkdir /usr/lib64/nginx/ngx_http_proxy_connect_module-master -p
unzip ngx_http_proxy_connect_module-master.zip #nginx https正向代理需要该module,安装方式参考:https://github.com/chobits/ngx_http_proxy_connect_module
cp -r /data1/softwares/ngx_http_proxy_connect_module-master /usr/lib64/nginx/ngx_http_proxy_connect_module
cd /data1/softwares/nginx-1.21.1
patch -p1 < /usr/lib64/nginx/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch
./configure --add-module=/usr/lib64/nginx/ngx_http_proxy_connect_module --prefix=/usr/local/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/usr/local/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-pcre=/data1/softwares/pcre-8.32 --with-openssl=/data1/softwares/openssl-1.0.2h
make && make install
编辑nginx.service,内容如下:
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /usr/local/nginx/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)"
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)"
[Install]
WantedBy=multi-user.target
systemctl start nginx
nginx.conf内容如下:
user nginx;
worker_rlimit_nofile 655350;
worker_processes auto;
worker_cpu_affinity auto;
pid /var/run/nginx.pid;
error_log /var/log/nginx/error.log warn;
events {
use epoll;
worker_connections 655350;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" '
'--"$upstream_addr" $upstream_status $upstream_response_time "$upstream_http_content_type" "$ssl_protocol" "$ssl_cipher"';
log_format access '{"@timestamp":"$time_iso8601",'
'"remote_IP":"$remote_addr",'
'"time_local":"[$time_local]",'
'"request":"$request",'
'"status_code":$status,'
'"size":$body_bytes_sent,'
'"referer":"$http_referer",'
'"http_host":"$http_host",'
'"DeviceIdentifier":"$http_DeviceIdentifier",'
'"DeviceType":"$http_DeviceType",'
'"LoanUserID":"$http_LoanUserID",'
'"reqs_body":"$request_body",'
'"ssl_protocol":"$ssl_protocol",'
'"ssl_cipher":"$ssl_cipher",'
'"user_agent":"$http_user_agent",'
'"x_forward_for":"$http_x_forwarded_for",'
'"upstream_addr":"$upstream_addr",'
'"upstream_statcode":"$upstream_status",'
'"request_time":"$request_time",'
'"upstream_resptime":"$upstream_response_time",'
'"upstream_conttype":"$upstream_http_content_type",'
'"http_Content-Type":"$sent_http_content_type",'
'"http_Content-Length":"$sent_http_content_length",'
'"http_Connection":"$sent_http_connection",'
'"http_Cache-Control":"$sent_http_cache_control",'
'"http_Expires":"$sent_http_expires",'
'"http_Last-Modified":"$sent_http_last_modified",'
'"http_Location":"$sent_http_location",'
'"http_X-AspNetMvc-Version":"$sent_http_x_aspnetmvc_version",'
'"http_X-AspNet-Version":"$sent_http_x_aspnet_version",'
'"http_X-Powered-By":"$sent_http_x_powered_by"}';
log_format access_extend '{"@timestamp":"$time_iso8601",'
'"remote_IP":"$remote_addr",'
'"time_local":"[$time_local]",'
'"request":"$request",'
'"status_code":$status,'
'"size":$body_bytes_sent,'
'"referer":"$http_referer",'
'"http_host":"$http_host",'
'"DeviceIdentifier":"$http_DeviceIdentifier",'
'"DeviceType":"$http_DeviceType",'
'"LoanUserID":"$http_LoanUserID",'
'"reqs_body":"$request_body",'
'"ssl_protocol":"$ssl_protocol",'
'"ssl_cipher":"$ssl_cipher",'
'"user_agent":"$http_user_agent",'
'"x_forward_for":"$http_x_forwarded_for",'
'"upstream_addr":"$upstream_addr",'
'"upstream_statcode":"$upstream_status",'
'"upstream_resptime":"$upstream_response_time",'
'"upstream_conttype":"$upstream_http_content_type",'
'"http_Cookie":"$http_cookie",'
'"http_Content-Type":"$sent_http_content_type",'
'"http_Content-Length":"$sent_http_content_length",'
'"http_Connection":"$sent_http_connection",'
'"http_Cache-Control":"$sent_http_cache_control",'
'"http_Expires":"$sent_http_expires",'
'"http_Last-Modified":"$sent_http_last_modified",'
'"http_Location":"$sent_http_location",'
'"http_X-AspNetMvc-Version":"$sent_http_x_aspnetmvc_version",'
'"http_X-AspNet-Version":"$sent_http_x_aspnet_version",'
'"http_X-Powered-By":"$sent_http_x_powered_by"}';
client_body_temp_path /tmp/nginx_client_body_temp;
scgi_temp_path /tmp/nginx_scgi_temp;
uwsgi_temp_path /tmp/nginx_uwsgi_temp;
fastcgi_temp_path /tmp/nginx_fastcgi_temp;
proxy_temp_path /tmp/nginx_proxy_temp;
sendfile on;
tcp_nopush on;
server_tokens off;
keepalive_timeout 120;
tcp_nodelay on;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
client_max_body_size 300m;
large_client_header_buffers 4 32k;
proxy_pass_request_headers on;
proxy_intercept_errors on;
proxy_ignore_client_abort on;
gzip on;
gzip_comp_level 9;
gzip_min_length 1K;
gzip_buffers 16 32K;
gzip_proxied any;
gzip_http_version 1.1;
gzip_types text/plain
text/css
text/javascript
application/x-httpd-php
application/x-javascript
application/javascript
application/xml
image/jpeg
image/gif
image/png;
gzip_vary on;
include http.d/*.conf;
}
stream {
include tcp.d/*.conf;
}
View Code
httpd/httpproxy.conf内容如下:
server{
listen 8080;
resolver 10.10.100.114 10.10.100.115;
resolver_timeout 30s;
proxy_connect;
proxy_connect_allow 80 443;
proxy_connect_timeout 10;
proxy_send_timeout 600;
proxy_read_timeout 600;
location / {
proxy_pass http://$host;
proxy_set_header Host $host;
}
}
2.配置客户端使用代理:
vim /etc/profile,添加如下内容:
http_proxy=http://10.10.20.2:8080/
https_proxy=https://10.10.20.2:8080/
export http_proxy
export https_proxy
source /etc/profile
3.使用curl http://www.baidu.com curl https://www.baidu.com
4.查看nginx代理日志,可以看到访问日志
tail -n 100 /var/log/nginx/access.log
Original: https://www.cnblogs.com/dreamer-fish/p/16179443.html
Author: momingliu11
Title: Nginx配置http https正向代理
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/543699/
转载文章受原作者版权保护。转载请注明原作者出处!