下载ngx_http_proxy_connect_module
模块
[root@tky ~]# wget https://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/tags/v0.0.7.tar.gz
[root@tky ~]# tar xf v0.0.7.tar.gz
安装Openresty
[root@tky package]# wget https://openresty.org/download/openresty-1.25.3.2.tar.gz
[root@tky package]# tar xf openresty-1.25.3.2.tar.gz
[root@tky package]# cd openresty-1.25.3.2
[root@tky openresty-1.25.3.2]# ./configure --prefix=/usr/local/openresty --with-cc-opt=-O2 --with-pcre --with-http_realip_module --with-http_sub_module --with-http_stub_status_module --with-stream --with-stream_ssl_module --with-http_v2_module --with-stream --with-stream_ssl_preread_module --with-http_ssl_module --add-module=/root/ngx_http_proxy_connect_module-0.0.7/
[root@tky openresty-1.25.3.2]# yum -y install patch
[root@tky openresty-1.25.3.2]# patch -d build/nginx-1.25.3/ -p 1 < /root/ngx_http_proxy_connect_module-0.0.7/patch/proxy_connect_rewrite_102101.patch
[root@tky openresty-1.25.3.2]# gmake -j2 && gmake install
conf配置
[root@tky ~]# cat /usr/local/openresty/nginx/conf/www/proxy.conf
server {
listen 8443;
resolver 8.8.8.8;
proxy_connect;
proxy_connect_allow all;
proxy_connect_connect_timeout 60s;
proxy_connect_read_timeout 60s;
proxy_connect_send_timeout 60s;
access_log logs/proxy_access.log main;
error_log logs/proxy_error.log;
auth_basic "Proxy Authentication.";
auth_basic_user_file /usr/local/openresty/nginx/conf/passwd/proxy.pass;
rewrite_by_lua_file /usr/local/openresty/nginx/conf/lua/proxy_auth.lua;
location / {
proxy_set_header Host $host;
proxy_pass $scheme://$host$request_uri;
proxy_hide_header Authorization;
proxy_hide_header Proxy-Authorization;
}
}
lua配置
[root@tky ~]# cat /usr/local/openresty/nginx/conf/lua/proxy_auth.lua
-- check Proxy-Authorization for https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/407
if not ngx.var.http_proxy_authorization then
ngx.header["Proxy-Authenticate"] = "Basic realm=\"Access To Internal Site.\""
ngx.exit(407)
end
-- transfer Proxy-Authorization header to Authorization for auth basic module
ngx.req.set_header("Authorization", ngx.var.http_proxy_authorization)