Of Stack

Use the Nginx proxy to access the Internet

  • 2020-05-15 03:44:18
  • OfStack

I usually use nginx for reverse proxy tomcat and other applications, but nginx also supports forward proxy

The so-called forward proxy means that Intranet users access external resources through the gateway, which means that when the computer surfs the Internet, http proxy address is set by the browser to access the Internet

A reverse proxy is an external user accessing an Intranet resource through a gateway. In plain English, your website is running on port 8080 of the Intranet, and others can access it through port 80

http proxy configuration 


#  Forward proxy Internet access 
server {
  listen    38080;

  #  Parsing the domain name 
  resolver   8.8.8.8;

  location / {
    proxy_pass $scheme://$http_host$request_uri;
  }
}

Browser configuration agent IP and port, then visit http: / / www ip138. com, can find IP has changed, that to take effect

However, access to the https website is not open, this is because the native nginx only supports http forward agent, in order to support nginx https forward agent, you can call ngx_http_proxy_connect_module patch + ssl module support

Add the https agent module

Here you need to recompile nginx, you need to check the current version of nginx and the compilation options, and then go to the official website to download the same version of nginx source code to recompile 


/usr/local/nginx/sbin/nginx -V

wget http://nginx.org/download/nginx-1.15.12.tar.gz
tar -zxvf nginx-1.15.12.tar.gz

Download the module ngx_http_proxy_connect_module 


git clone https://github.com/chobits/ngx_http_proxy_connect_module

Patch, modify the nginx source code, this step is very important, or the make behind 


patch -d /root/nginx-1.15.12/ -p 1 < /root/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite

Append the module after the original configuration, and avoid install after make 


cd /root/nginx-1.15.12/
./configure --with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module --add-module=/root/ngx_http_proxy_connect_module/
make
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
cp /root/nginx-1.15.12/objs/nginx /usr/local/nginx/sbin/

Change the configuration file as follows, and then start the service 


#  Forward proxy Internet access 
server {
  listen    38080;

  #  Parsing the domain name 
  resolver   8.8.8.8;

  # ngx_http_proxy_connect_module
  proxy_connect;
  proxy_connect_allow      443 563;
  proxy_connect_connect_timeout 10s;
  proxy_connect_read_timeout   10s;
  proxy_connect_send_timeout   10s;

  location / {
    proxy_pass $scheme://$http_host$request_uri;
  }
}

conclusion

The proxy doesn't feel very stable, and sometimes it won't open, especially on the https site. Do not do this when visiting foreign websites, just to familiarize yourself with the positive proxy function of nginx

Related articles: