Nginx在绝大数的场景中我们使用其用于做web中间件或反向代理使用,但是nginx实际上也提供了正向代理的功能 。下面我们来进行nginx正向代理配置操作,以便大家能够掌握nginx正向代理配置方法 。
第一步:获取nginx正向代理模块
git clone https://github.com/chobits/ngx_http_proxy_connect_module第二步:下载nginx源码包
wget http://nginx.org/download/nginx-1.9.12.tar.gztar xf nginx-1.9.12.tar.gz第三步:通过补丁方法把上述下载的正向代理模块导入到nginx模块存储目录
cd nginx-1.9.12/patch -p1 < /root/ngx_http_proxy_connect_module/patch/proxy_connect.patch第四步:编译安装nginx
yum -y install openssl-devel zlib-devel prce-devel ./configure--add-dynamic-module=/root/ngx_http_proxy_connect_modulemake && make install第五步:配置所允许通过代理主机的主机列表
cat /usr/local/nginx/conf/client-allow.confallow 127.0.0.1;allow 192.168.216.1;allow 192.168.216.185;第六步:修改nginx配置文件
cat /usr/local/nginx/conf/nginx.confusernobody;worker_processes1;error_loglogs/error.log;error_loglogs/error.lognotice;error_loglogs/error.loginfo;pidlogs/nginx.pid;load_module /usr/local/nginx/modules/ngx_http_proxy_connect_module.so; #位置注意events {worker_connections1024;}http {includemime.types;default_typeApplication/octet-stream;log_formatmain'$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_loglogs/access.logmain;sendfileon;tcp_nopushon;keepalive_timeout0;keepalive_timeout65;gzipon;server {listen8080; #代理端口resolver119.29.29.29; #域名解析服务器proxy_connect;proxy_connect_allow443 563;proxy_connect_connect_timeout10s;proxy_connect_read_timeout10s;proxy_connect_send_timeout10s;location / {proxy_passhttp://$host;proxy_set_header Host $host;}include client-allow.conf; #主机白名单deny all; #除了主机白名单中的主机,拒绝所有error_page404/404.html;redirect server error pages to the static page /50x.htmlerror_page500 502 503 504/50x.html;location = /50x.html {roothtml;}proxy the php scripts to Apache listening on 127.0.0.1:80location ~ .php$ {proxy_passhttp://127.0.0.1;}pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000location ~ .php$ {roothtml;fastcgi_pass127.0.0.1:9000;fastcgi_indexindex.php;fastcgi_paramSCRIPT_FILENAME/scripts$fastcgi_script_name;includefastcgi_params;}deny access to .htaccess files, if Apache's document rootconcurs with nginx's onelocation ~ /.ht {denyall;}}another virtual host using mix of IP-, name-, and port-based configurationserver {listen8000;listensomename:8080;server_namesomenamealiasanother.alias;location / {roothtml;indexindex.html index.htm;}}HTTPS serverserver {listen443 ssl;server_namelocalhost;ssl_certificatecert.pem;ssl_certificate_keycert.key;ssl_session_cacheshared:SSL:1m;ssl_session_timeout5m;ssl_ciphersHIGH:!aNULL:!MD5;ssl_prefer_server_cipherson;location / {roothtml;indexindex.html index.htm;}}}第七步:检查并启动nginx服务
/usr/local/nginx/sbin/nginx -t #检查配置文件/usr/local/nginx/sbin/nginx # 启动服务/usr/local/nginx/sbin/nginx -s stop #关闭/usr/local/nginx/sbin/nginx -s reload #重启加载配置文件ss -anput | grep ":8080" #检查端口第八步:被代理主机配置
文章插图
文章插图
文章插图
文章插图
第九步:被代理主机验证nginx正向代理可用性
ss -anput | grep ":8080"tcp LISTEN 0 128 *:8080 *:* users:(("nginx",pid=19515,fd=6),("nginx",pid=19514,fd=6))tcp ESTAB 0 0 192.168.216.184:8080 192.168.216.185:35718 users:(("nginx",pid=19515,fd=11))tcp ESTAB 0 0 192.168.216.184:8080 192.168.216.185:35712 users:(("nginx",pid=19515,fd=3))建议关注收藏,没事可以过来找找有用的文章哦 。【五分钟9步搞定nginx正向代理配置】
推荐阅读
- 电脑蓝黑屏只会重启?3种方法教你轻松搞定,不花一分钱
- 据说让你抓狂的Nginx性能调优,我却这么轻松就搞定了
- 晨起十五分钟瘦身瑜伽的方法
- 想实现高可用?先搞定负载均衡原理
- 搞定MySQL安装难安装贵问题
- Mybatis 中xml和注解映射,分分钟搞定
- 原来只需这一操作,3分钟就能搞定黑屏蓝屏,你学会了吗?
- 五分钟极速搭建kubernetes集群
- 让excel自动取舍小数点,这三个函数都能轻松搞定
- 春季拒绝皮肤过敏 可用这些妙招搞定