使用Nginx正向代理通过互联网区服务器使内网服务器访问互联网

服务器 0

一、资源准备

1.nginx-1.20.2

2.proxy_connect_rewrite_1018.patch

3.nginx版本和patch版本要对应

二、资源部署(互联网区服务器)

1.将nginx资源与patch资源进行解压

tar -xf nginx.tar.gzunzip ngx_http_proxy_connect_module-master.zip

2.将ngx_http_proxy_connect_module-master 改名为ngx_http_proxy_connect_module

mv ngx_http_proxy_connect_module-master ngx_http_proxy_connect_module

3.nginx安装要先安装gcc

yum -y install make gcc openssl openssl-devel pcre-devel zlib zlib-devel

4.查看正向代理模块proxy_connect_rewrite_1018.patch的位置

ll ../ngx_http_proxy_connect_module/patch/

5.导入模块

patch -p1 < /nginx/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch

6.编译

--prefix 代表nginx安装的路径(我的nginx-1.20.2已经改名为nginx),--with-http_ssl_module 安装ssl,--with-http_stub_status_module查看nginx的客户端状态

./configure --add-module=/nginx/ngx_http_proxy_connect_module --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module

7.安装nginx 安装位置根据 编译时配置的–prefix=

cd /usr/local/nginx
make && make install

8.配置nginx.conf文件

#user  nobody;worker_processes  1;#error_log  logs/error.log;#error_log  logs/error.log  notice;#error_log  logs/error.log  info;#pid        logs/nginx.pid;events {    worker_connections  1024;}http {    include       mime.types;    default_type  application/octet-stream;    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '    #                  '$status $body_bytes_sent "$http_referer" '    #                  '"$http_user_agent" "$http_x_forwarded_for"';    #access_log  logs/access.log  main;    sendfile        on;    #tcp_nopush     on;    #keepalive_timeout  0;    keepalive_timeout  65;    #gzip  on;	server {		#代理后端口		listen 9090;		charset utf-8;		# dns resolver used by forward proxying		resolver 114.114.114.114;		# forward proxy for CONNECT request		proxy_connect;		#设置为all,允许转发所有的端口		proxy_connect_allow all; 		proxy_connect_connect_timeout 10s;		proxy_connect_read_timeout 10s;		proxy_connect_send_timeout 10s;		# forward proxy for non-CONNECT request		location / {		  if ($scheme = 'http') {			proxy_pass http://$host$request_uri;		  }		  if ($scheme = 'https') {			proxy_pass https://$host$request_uri;		  }		  proxy_set_header Host $host;		  proxy_buffers 256 4k;		  proxy_max_temp_file_size 0k;		}	}    # another virtual host using mix of IP-, name-, and port-based configuration    #    #server {    #    listen       8000;    #    listen       somename:8080;    #    server_name  somename  alias  another.alias;    #    location / {    #        root   html;    #        index  index.html index.htm;    #    }    #}    # HTTPS server    #    #server {    #    listen       443 ssl;    #    server_name  localhost;    #    ssl_certificate      cert.pem;    #    ssl_certificate_key  cert.key;    #    ssl_session_cache    shared:SSL:1m;    #    ssl_session_timeout  5m;    #    ssl_ciphers  HIGH:!aNULL:!MD5;    #    ssl_prefer_server_ciphers  on;    #    location / {    #        root   html;    #        index  index.html index.htm;    #    }    #}}

如果没有代理端口要求可直接复制使用,此处代理端口为9090

9.访问互联网测试,出现以下互联网区的正向代理就成了

 curl -I http://www.baidu.com/ -v -x 127.0.0.1:9090 curl -I https://www.baidu.com/ -v -x 127.0.0.1:9090 HTTP/1.1 200 Connection EstablishedProxy-agent: nginxHTTP/1.1 200 OKAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformConnection: keep-aliveContent-Length: 277Content-Type: text/htmlDate: Sun, 12 Feb 2023 09:31:07 GMTEtag: "575e1f60-115"Last-Modified: Mon, 13 Jun 2016 02:50:08 GMTPragma: no-cacheServer: bfe/1.0.8.18

三、内网服务器配置

1.编辑全局配置

vim /etc/profile
# 这里的地址要写代理的服务器IP地址+代理端口export http_proxy=互联网区服务器IP:9090# 这里的地址要写代理的服务器IP地址+代理端口export https_proxy=互联网区服务器IP:9090

如果互联网区服务器的IP+端口还做了安全网闸代理,则替换为代理后的

使配置生效

source /etc/profile

2.访问互联网测试

curl -I http://www.baidu.com -v -x http://互联网区IP:9090HTTP/1.1 200 Connection EstablishedProxy-agent: nginxHTTP/1.1 200 OKAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformConnection: keep-aliveContent-Length: 277Content-Type: text/htmlDate: Sun, 12 Feb 2023 09:31:07 GMTEtag: "575e1f60-115"Last-Modified: Mon, 13 Jun 2016 02:50:08 GMTPragma: no-cacheServer: bfe/1.0.8.18

出现上述画面则代表成功了!

额外测试:

telnet 互联网区服务器IP 代理端口

curl www.baidu.com

curl指令可以通,telnet也没问题,但java程序使用htttpClient调用失败:java.net.ConnectException或jUnknownHostException可参考以下文章:

Linux系统curl指令可以通,telnet也没问题,但java程序使用htttpClient调用失败:java.net.ConnectException或jUnknownHostException-CSDN博客

也许您对下面的内容还感兴趣: