用nginx做正向代理,即(使内网机器可以通过互联网服务器上互联网)
https://nginx.org/en/download.html 官网下载地址
https://github.com/chobits/ngx_http_proxy_connect_module 下载地址
nginx版本与代理模块对照表
此处使用的是nginx-1.20.2,对应proxy_connect_rewrite_1018.patch
3.1. 上传nginx包和正向模块包至互联网服务器
3.2 解压 改名
tar -xf nginx.tar.gzunzip ngx_http_proxy_connect_module-master.zipmv ngx_http_proxy_connect_module-master ngx_http_proxy_connect_module
3.3 安装nginx
基础运行环境安装
yum -y install make gcc openssl openssl-devel pcre-devel zlib zlib-devel
查看正向代理模块proxy_connect_rewrite_1018.patch的位置
ll ../ngx_http_proxy_connect_module/patch/
导入模块 后面为模块路径
patch -p1 < /nginx/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch
编译
#配置configure --prefix 代表安装的路径,--with-http_ssl_module 安装ssl,--with-http_stub_status_module查看nginx的客户端状态./configure --add-module=/nginx/ngx_http_proxy_connect_module --prefix=/usr/local/nginx-1.20.2 --with-http_ssl_module --with-http_stub_status_module
安装nginx 安装位置根据 编译时配置的–prefix=
make && make install
3.4 配置正向代理(举例,将正向代理端口配置在8030上)
在nginx.conf文件里的http节点下增加
server { listen 8030; server_name localhost; resolver 114.114.114.114 ipv6=off; proxy_connect; proxy_connect_allow all; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; location / { proxy_pass https://$host$request_uri; proxy_set_header HOST $host; proxy_http_version 1.1; proxy_ssl_server_name on; }}
3.5 测试nginx所在的互联网机器是否正常
curl -I http://www.baidu.com/ -v -x 127.0.0.1:8030 curl -I https://www.baidu.com/ -v -x 127.0.0.1:8030 HTTP/1.1 200 Connection EstablishedProxy-agent: nginxHTTP/1.1 200 OKAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformConnection: keep-aliveContent-Length: 277Content-Type: text/htmlDate: Sun, 12 Feb 2023 09:31:07 GMTEtag: "575e1f60-115"Last-Modified: Mon, 13 Jun 2016 02:50:08 GMTPragma: no-cacheServer: bfe/1.0.8.18
3.6 内网机器全局配置,所有请求都能够正常使用代理访问外网
# 追加配置vim /etc/profile# 这里的地址要写代理的服务器地址http_proxy=192.168.0.20:80# 这里的地址要写代理的服务器地址https_proxy=192.168.0.20:443# 这里的地址要写代理的服务器地址ftp_proxy=192.168.0.20:443export http_proxyexport https_proxyexport ftp_proxy# 加载配置source /etc/profile
3.7测试内网服务器(即不能访问外网的服务器),使用代理上网
curl -I https://www.baidu.com -v -x http://ip:8030HTTP/1.1 200 Connection EstablishedProxy-agent: nginxHTTP/1.1 200 OKAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformConnection: keep-aliveContent-Length: 277Content-Type: text/htmlDate: Sun, 12 Feb 2023 09:31:07 GMTEtag: "575e1f60-115"Last-Modified: Mon, 13 Jun 2016 02:50:08 GMTPragma: no-cacheServer: bfe/1.0.8.18
此时内网机器已经可以通过互联网机器对应的正向代理端口访问互联网了
来源地址:https://blog.csdn.net/chen_CJH/article/details/131827744