Use the Nginx proxy to access the Internet
- 2020-05-15 03:44:18
- OfStack
I usually use nginx for reverse proxy tomcat and other applications, but nginx also supports forward proxy
The so-called forward proxy means that Intranet users access external resources through the gateway, which means that when the computer surfs the Internet, http proxy address is set by the browser to access the Internet
A reverse proxy is an external user accessing an Intranet resource through a gateway. In plain English, your website is running on port 8080 of the Intranet, and others can access it through port 80
http proxy configuration
# Forward proxy Internet access
server {
listen 38080;
# Parsing the domain name
resolver 8.8.8.8;
location / {
proxy_pass $scheme://$http_host$request_uri;
}
}
Browser configuration agent IP and port, then visit http: / / www ip138. com, can find IP has changed, that to take effect
However, access to the https website is not open, this is because the native nginx only supports http forward agent, in order to support nginx https forward agent, you can call ngx_http_proxy_connect_module patch + ssl module support
Add the https agent module
Here you need to recompile nginx, you need to check the current version of nginx and the compilation options, and then go to the official website to download the same version of nginx source code to recompile
/usr/local/nginx/sbin/nginx -V
wget http://nginx.org/download/nginx-1.15.12.tar.gz
tar -zxvf nginx-1.15.12.tar.gz
Download the module ngx_http_proxy_connect_module
git clone https://github.com/chobits/ngx_http_proxy_connect_module
Patch, modify the nginx source code, this step is very important, or the make behind
patch -d /root/nginx-1.15.12/ -p 1 < /root/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite
Append the module after the original configuration, and avoid install after make
cd /root/nginx-1.15.12/
./configure --with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module --add-module=/root/ngx_http_proxy_connect_module/
make
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
cp /root/nginx-1.15.12/objs/nginx /usr/local/nginx/sbin/
Change the configuration file as follows, and then start the service
# Forward proxy Internet access
server {
listen 38080;
# Parsing the domain name
resolver 8.8.8.8;
# ngx_http_proxy_connect_module
proxy_connect;
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_pass $scheme://$http_host$request_uri;
}
}
conclusion
The proxy doesn't feel very stable, and sometimes it won't open, especially on the https site. Do not do this when visiting foreign websites, just to familiarize yourself with the positive proxy function of nginx