正向代理
GitHub - chobits/ngx_http_proxy_connect_module: A forward proxy module for CONNECT request handling
准备编译安装环境
dnf install libxml2 libxml2-devel libxslt-devel gcc gcc-c++ make pcre pcre-devel zlib zlib-devel openssl openssl-devel patch perl-ExtUtils-Embed gd-devel geoip-devel gperftools gperftools-devel
nginx添加ngx_http_proxy_connect_module模块并重新编译nginx
wget -P /opt http://nginx.org/download/nginx-1.21.5.tar.gz
tar -xzvf /opt/nginx-1.21.5.tar.gz
cd /opt/nginx-1.21.5
patch -p1 < /opt/ngx_http_proxy_connect_module-master/patch/proxy_connect_rewrite_102101.patch
./configure --add-module=/opt/ngx_http_proxy_connect_module
make -j8 && make install
配置文件示例
server {
listen 8443;
resolver 223.5.5.5 114.114.114.114 valid=300s;
resolver_timeout 10s;
#server_name localhost;
proxy_connect;
proxy_connect_allow 443 80;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_set_header Host $host;
proxy_pass $scheme://$http_host$request_uri;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_next_upstream error timeout invalid_header http_502;
}
}
测试代理
# 本机上测试
curl -I --proxy localhost:8443 http://nginx.org
curl -I --proxy localhost:8443 https://www.baidu.com
# linux客户端上测试
vim /etc/profile
export http_proxy=http://192.168.199.107:8443
export https_proxy=http://192.168.199.107:8443
# 全局代理
export ALL_PROXY='192.168.99.107:8443'
正向代理账户认证
htpasswd -c -d /etc/nginx/.passwd username
location /proxy-auth {
auth_basic "secret";
auth_basic_user_file "/etc/nginx/.passwd";
}
curl -I --proxy localhost:8443 http://nginx.org -U username:passwd