Nginx配置http https正向代理
1.编译安装nginx,需要安装第三方模块ngx_http_proxy_connect_module
#安装依赖 yum -y install patch unzip gcc gcc-c++ autoconf automake zlib zlib-devel libtool cd /data1/softwares tar -zxf pcre-8.32.tar.gz tar -zxf openssl-1.0.2h.tar.gz #该版本nginx不支持openssl 1.1.1ntar -zxf nginx-1.21.1.tar.gz
mkdir /usr/lib64/nginx/ngx_http_proxy_connect_module-master -p unzip ngx_http_proxy_connect_module-master.zip #nginx https正向代理需要该module,安装方式参考:https://github.com/chobits/ngx_http_proxy_connect_module cp -r /data1/softwares/ngx_http_proxy_connect_module-master /usr/lib64/nginx/ngx_http_proxy_connect_module cd /data1/softwares/nginx-1.21.1 patch -p1 < /usr/lib64/nginx/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch ./configure --add-module=/usr/lib64/nginx/ngx_http_proxy_connect_module --prefix=/usr/local/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/usr/local/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-pcre=/data1/softwares/pcre-8.32 --with-openssl=/data1/softwares/openssl-1.0.2h make && make install
编辑nginx.service,内容如下:
[Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ After=network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking PIDFile=/var/run/nginx.pid ExecStart=/usr/sbin/nginx -c /usr/local/nginx/nginx.conf ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)" ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)" [Install] WantedBy=multi-user.target
systemctl start nginx
nginx.conf内容如下:

user nginx; worker_rlimit_nofile 655350; worker_processes auto; worker_cpu_affinity auto; pid /var/run/nginx.pid; error_log /var/log/nginx/error.log warn; events { use epoll; worker_connections 655350; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" ' '--"$upstream_addr" $upstream_status $upstream_response_time "$upstream_http_content_type" "$ssl_protocol" "$ssl_cipher"'; log_format access '{"@timestamp":"$time_iso8601",' '"remote_IP":"$remote_addr",' '"time_local":"[$time_local]",' '"request":"$request",' '"status_code":$status,' '"size":$body_bytes_sent,' '"referer":"$http_referer",' '"http_host":"$http_host",' '"DeviceIdentifier":"$http_DeviceIdentifier",' '"DeviceType":"$http_DeviceType",' '"LoanUserID":"$http_LoanUserID",' '"reqs_body":"$request_body",' '"ssl_protocol":"$ssl_protocol",' '"ssl_cipher":"$ssl_cipher",' '"user_agent":"$http_user_agent",' '"x_forward_for":"$http_x_forwarded_for",' '"upstream_addr":"$upstream_addr",' '"upstream_statcode":"$upstream_status",' '"request_time":"$request_time",' '"upstream_resptime":"$upstream_response_time",' '"upstream_conttype":"$upstream_http_content_type",' '"http_Content-Type":"$sent_http_content_type",' '"http_Content-Length":"$sent_http_content_length",' '"http_Connection":"$sent_http_connection",' '"http_Cache-Control":"$sent_http_cache_control",' '"http_Expires":"$sent_http_expires",' '"http_Last-Modified":"$sent_http_last_modified",' '"http_Location":"$sent_http_location",' '"http_X-AspNetMvc-Version":"$sent_http_x_aspnetmvc_version",' '"http_X-AspNet-Version":"$sent_http_x_aspnet_version",' '"http_X-Powered-By":"$sent_http_x_powered_by"}'; log_format access_extend '{"@timestamp":"$time_iso8601",' '"remote_IP":"$remote_addr",' '"time_local":"[$time_local]",' '"request":"$request",' '"status_code":$status,' '"size":$body_bytes_sent,' '"referer":"$http_referer",' '"http_host":"$http_host",' '"DeviceIdentifier":"$http_DeviceIdentifier",' '"DeviceType":"$http_DeviceType",' '"LoanUserID":"$http_LoanUserID",' '"reqs_body":"$request_body",' '"ssl_protocol":"$ssl_protocol",' '"ssl_cipher":"$ssl_cipher",' '"user_agent":"$http_user_agent",' '"x_forward_for":"$http_x_forwarded_for",' '"upstream_addr":"$upstream_addr",' '"upstream_statcode":"$upstream_status",' '"upstream_resptime":"$upstream_response_time",' '"upstream_conttype":"$upstream_http_content_type",' '"http_Cookie":"$http_cookie",' '"http_Content-Type":"$sent_http_content_type",' '"http_Content-Length":"$sent_http_content_length",' '"http_Connection":"$sent_http_connection",' '"http_Cache-Control":"$sent_http_cache_control",' '"http_Expires":"$sent_http_expires",' '"http_Last-Modified":"$sent_http_last_modified",' '"http_Location":"$sent_http_location",' '"http_X-AspNetMvc-Version":"$sent_http_x_aspnetmvc_version",' '"http_X-AspNet-Version":"$sent_http_x_aspnet_version",' '"http_X-Powered-By":"$sent_http_x_powered_by"}'; client_body_temp_path /tmp/nginx_client_body_temp; scgi_temp_path /tmp/nginx_scgi_temp; uwsgi_temp_path /tmp/nginx_uwsgi_temp; fastcgi_temp_path /tmp/nginx_fastcgi_temp; proxy_temp_path /tmp/nginx_proxy_temp; sendfile on; tcp_nopush on; server_tokens off; keepalive_timeout 120; tcp_nodelay on; server_names_hash_bucket_size 128; client_header_buffer_size 32k; client_max_body_size 300m; large_client_header_buffers 4 32k; proxy_pass_request_headers on; proxy_intercept_errors on; proxy_ignore_client_abort on; gzip on; gzip_comp_level 9; gzip_min_length 1K; gzip_buffers 16 32K; gzip_proxied any; gzip_http_version 1.1; gzip_types text/plain text/css text/javascript application/x-httpd-php application/x-javascript application/javascript application/xml image/jpeg image/gif image/png; gzip_vary on; include http.d/*.conf; } stream { include tcp.d/*.conf; }
httpd/httpproxy.conf内容如下:
server{ listen 8080; resolver 10.10.100.114 10.10.100.115; resolver_timeout 30s; proxy_connect; proxy_connect_allow 80 443; proxy_connect_timeout 10; proxy_send_timeout 600; proxy_read_timeout 600; location / { proxy_pass http://$host; proxy_set_header Host $host; } }
2.配置客户端使用代理:
vim /etc/profile,添加如下内容:
http_proxy=http://10.10.20.2:8080/ https_proxy=https://10.10.20.2:8080/ export http_proxy export https_proxy
source /etc/profile
3.使用curl http://www.baidu.com curl https://www.baidu.com
4.查看nginx代理日志,可以看到访问日志
tail -n 100 /var/log/nginx/access.log