一、资源准备
1.nginx-1.20.2
2.proxy_connect_rewrite_1018.patch
3.nginx版本和patch版本要对应
二、资源部署(互联网区服务器)
1.将nginx资源与patch资源进行解压
tar -xf nginx.tar.gzunzip ngx_http_proxy_connect_module-master.zip
2.将ngx_http_proxy_connect_module-master 改名为ngx_http_proxy_connect_module
mv ngx_http_proxy_connect_module-master ngx_http_proxy_connect_module
3.nginx安装要先安装gcc
yum -y install make gcc openssl openssl-devel pcre-devel zlib zlib-devel
4.查看正向代理模块proxy_connect_rewrite_1018.patch的位置
ll ../ngx_http_proxy_connect_module/patch/
5.导入模块
patch -p1 < /nginx/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch
6.编译
--prefix 代表nginx安装的路径(我的nginx-1.20.2已经改名为nginx),--with-http_ssl_module 安装ssl,--with-http_stub_status_module查看nginx的客户端状态
./configure --add-module=/nginx/ngx_http_proxy_connect_module --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module
7.安装nginx 安装位置根据 编译时配置的–prefix=
cd /usr/local/nginx
make && make install
8.配置nginx.conf文件
#user nobody;worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;events { worker_connections 1024;}http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { #代理后端口 listen 9090; charset utf-8; # dns resolver used by forward proxying resolver 114.114.114.114; # forward proxy for CONNECT request proxy_connect; #设置为all,允许转发所有的端口 proxy_connect_allow all; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; # forward proxy for non-CONNECT request location / { if ($scheme = 'http') { proxy_pass http://$host$request_uri; } if ($scheme = 'https') { proxy_pass https://$host$request_uri; } proxy_set_header Host $host; proxy_buffers 256 4k; proxy_max_temp_file_size 0k; } } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #}}
如果没有代理端口要求可直接复制使用,此处代理端口为9090
9.访问互联网测试,出现以下互联网区的正向代理就成了
curl -I http://www.baidu.com/ -v -x 127.0.0.1:9090 curl -I https://www.baidu.com/ -v -x 127.0.0.1:9090 HTTP/1.1 200 Connection EstablishedProxy-agent: nginxHTTP/1.1 200 OKAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformConnection: keep-aliveContent-Length: 277Content-Type: text/htmlDate: Sun, 12 Feb 2023 09:31:07 GMTEtag: "575e1f60-115"Last-Modified: Mon, 13 Jun 2016 02:50:08 GMTPragma: no-cacheServer: bfe/1.0.8.18
三、内网服务器配置
1.编辑全局配置
vim /etc/profile
# 这里的地址要写代理的服务器IP地址+代理端口export http_proxy=互联网区服务器IP:9090# 这里的地址要写代理的服务器IP地址+代理端口export https_proxy=互联网区服务器IP:9090
如果互联网区服务器的IP+端口还做了安全网闸代理,则替换为代理后的
使配置生效
source /etc/profile
2.访问互联网测试
curl -I http://www.baidu.com -v -x http://互联网区IP:9090HTTP/1.1 200 Connection EstablishedProxy-agent: nginxHTTP/1.1 200 OKAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformConnection: keep-aliveContent-Length: 277Content-Type: text/htmlDate: Sun, 12 Feb 2023 09:31:07 GMTEtag: "575e1f60-115"Last-Modified: Mon, 13 Jun 2016 02:50:08 GMTPragma: no-cacheServer: bfe/1.0.8.18
出现上述画面则代表成功了!
额外测试:
telnet 互联网区服务器IP 代理端口
curl www.baidu.com
curl指令可以通,telnet也没问题,但java程序使用htttpClient调用失败:java.net.ConnectException或jUnknownHostException可参考以下文章:
Linux系统curl指令可以通,telnet也没问题,但java程序使用htttpClient调用失败:java.net.ConnectException或jUnknownHostException-CSDN博客