Nginx正向代理配置 |
您所在的位置:网站首页 › nginx做正向代理 › Nginx正向代理配置 |
一、Nginx正向代理介绍及配置(需要在客户端配置代理服务器进行指定网站访问) #模块 ngx_http_proxy_module:http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header 1、环境介绍 代理服务器系统环境为:centos nginx代理服务器为:192.168.10.10 测试客户端为局域网内任意windows电脑或linux电脑 2、正向代理简介 通过代理服务器来访问服务器的过程 就叫 正向代理。(常见示例,通过正向代理进行上网功能) 3、nginx正向代理的配置 3.1 http 80端口访问 3.2 https 443端口访问。 一个处理HTTP转发,另一个处理HTTPS转发,而客户端都通过HTTP来访问代理,通过访问代理不同的端口,来区分HTTP和HTTPS请求。 ##/usr/local/nginx/conf/nginx.conf server { resolver 114.114.114.114; #resolver 定义域名解析。改成一个不存在的ip都不影响。 listen 80; resolver_timeout 5s; #用于设置DNS服务器域名解析超时时间 access_log /usr/local/openresty/nginx/logs/access.log; error_log /usr/local/openresty/nginx/logs/error.log; location / { proxy_redirect off; proxy_pass http://$host$request_uri; #设定代理服务器的协议和地址 proxy_set_header HOST $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffers 256 4k; #配置缓存大小,关闭磁盘缓存读写减少I/O,以及代理连接超时时间。 proxy_max_temp_file_size 0k; proxy_connect_timeout 30; proxy_send_timeout 60; proxy_read_timeout 60; proxy_next_upstream error timeout invalid_header http_502; proxy_cache_valid 200 302 10m; #配置代理服务器 Http 状态缓存时间。 proxy_cache_valid 301 1h; proxy_cache_valid any 1m; client_max_body_size 100m; client_body_buffer_size 128k; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; } } server { resolver 114.114.114.114; #指定DNS服务器IP地址 listen 443; resolver_timeout 5s; access_log /usr/local/openresty/nginx/logs/access.log; error_log /usr/local/openresty/nginx/logs/error.log; location / { proxy_pass https://$http_host$request_uri; #设定代理服务器的协议和地址 proxy_buffers 256 4k; proxy_max_temp_file_size 0k; proxy_connect_timeout 30; proxy_send_timeout 60; proxy_read_timeout 60; proxy_next_upstream error timeout invalid_header http_502; } } # /usr/local/nginx/sbin/nginx -s reload 4、Linux客户端访问测试 #http的访问测试 # curl -I --proxy 192.168.10.10:80 www.baidu.com HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 11 Jun 2018 15:37:47 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Thu, 31 May 2018 09:28:16 GMT Connection: keep-alive ETag: "5b0fc030-264" Accept-Ranges: bytes https的访问测试 # curl -I --proxy 192.168.10.10:443 www.baidu.com HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 11 Jun 2018 15:38:07 GMT Content-Type: text/html Content-Length: 277 Connection: keep-alive Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Etag: "575e1f5c-115" Last-Modified: Mon, 13 Jun 2016 02:50:04 GMT Pragma: no-cache 5、设置Linux客户端全局代理 # vim /etc/profile export http_proxy='192.168.10.10:80' export http_proxy='192.168.10.10:443' export ftp_proxy='192.168.10.10:80' # source /etc/profile # curl -I www.baidu.com:80 HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 11 Jun 2018 16:10:18 GMT Content-Type: text/html Content-Length: 277 Connection: keep-alive Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Etag: "575e1f5c-115" Last-Modified: Mon, 13 Jun 2016 02:50:04 GMT Pragma: no-cache # curl -I www.baidu.com:443 HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 11 Jun 2018 16:10:27 GMT Content-Type: text/html Content-Length: 277 Connection: keep-alive Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Etag: "575e1f59-115" Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT Pragma: no-cache 上面结果就说明我们的服务端nginx正向代理和客户端使用nginx做为全局代理设置成功。 6、取消代理unset http_proxy |
今日新闻 |
推荐新闻 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |