nginx正向代理配置详解

一、nginx正向代理介绍及配置

1、环境介绍#

代理服务器系统环境为：centos

nginx代理服务器为：192.168.10.10

测试客户端为局域网内任意windows电脑或Linux电脑

2、正向代理简介#

nginx不仅可以做反向代理，还能用作正向代理来进行上网等功能。如果把局域网外的Internet想象成一个巨大的资源库，则局域网中的客户端要访问Internet，则需要通过代理服务器来访问，这种代理服务就称为正向代理（也就是大家常说的，通过正向代理进行上网功能）

3、nginx正向代理的配置#

现在的网站基本上都是https，要解决既能访问http80端口也能访问https443端口的网站，需要配置两个SERVER节点，一个处理HTTP转发，另一个处理HTTPS转发，而客户端都通过HTTP来访问代理，通过访问代理不同的端口，来区分HTTP和HTTPS请求。

[root@localhost ~]# vim /usr/local/nginx-1.12.1/conf/nginx.conf server {     resolver 114.114.114.114;       #指定DNS服务器IP地址      listen 80;     location / {         proxy_pass http://$host$request_uri;     #设定代理服务器的协议和地址                  proxy_set_header HOST $host;                 proxy_buffers 256 4k;                 proxy_max_temp_file_size 0k;                 proxy_connect_timeout 30;                 proxy_send_timeout 60;                 proxy_read_timeout 60;                 proxy_next_upstream error timeout invalid_header http_502;     } } server {     resolver 114.114.114.114;       #指定DNS服务器IP地址      listen 443;     location / {        proxy_pass https://$host$request_uri;    #设定代理服务器的协议和地址               proxy_buffers 256 4k;              proxy_max_temp_file_size 0k;        proxy_connect_timeout 30;        proxy_send_timeout 60;        proxy_read_timeout 60;        proxy_next_upstream error timeout invalid_header http_502;     } } [root@localhost ~]# /usr/local/nginx-1.12.1/sbin/nginx -s reload

4、Linux客户端访问测试

http的访问测试

[root@localhost ~]# curl  -I --proxy 192.168.10.10:80 www.baidu.com HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 11 Jun 2018 15:37:47 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Thu, 31 May 2018 09:28:16 GMT Connection: keep-alive ETag: 5b0fc030-264 Accept-Ranges: bytes https的访问测试 [root@localhost ~]# curl  -I --proxy 192.168.10.10:443 www.baidu.com HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 11 Jun 2018 15:38:07 GMT Content-Type: text/html Content-Length: 277 Connection: keep-alive Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Etag: 575e1f5c-115 Last-Modified: Mon, 13 Jun 2016 02:50:04 GMT Pragma: no-cache 5、设置Linux客户端全局代理 [root@localhost ~]# vim /etc/profile export http_proxy='192.168.10.10:80' export http_proxy='192.168.10.10:443' export ftp_proxy='192.168.10.10:80' [root@localhost ~]# source /etc/profile [root@localhost ~]# curl -I www.baidu.com:80 HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 11 Jun 2018 16:10:18 GMT Content-Type: text/html Content-Length: 277 Connection: keep-alive Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Etag: 575e1f5c-115 Last-Modified: Mon, 13 Jun 2016 02:50:04 GMT Pragma: no-cache [root@localhost ~]# curl -I www.baidu.com:443 HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Mon, 11 Jun 2018 16:10:27 GMT Content-Type: text/html Content-Length: 277 Connection: keep-alive Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Etag: 575e1f59-115 Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT Pragma: no-cache

链接 https://cloud.tencent.com/developer/article/1521322