Nginx 搭建代理服务器

Linux 2024-09-10 12:18 341 0

下载`ngx_http_proxy_connect_module`模块

[root@tky ~]# wget https://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/tags/v0.0.7.tar.gz
[root@tky ~]# tar xf v0.0.7.tar.gz

安装Openresty

[root@tky package]# wget https://openresty.org/download/openresty-1.25.3.2.tar.gz
[root@tky package]# tar xf openresty-1.25.3.2.tar.gz 
[root@tky package]# cd openresty-1.25.3.2
[root@tky openresty-1.25.3.2]# ./configure --prefix=/usr/local/openresty --with-cc-opt=-O2 --with-pcre --with-http_realip_module --with-http_sub_module --with-http_stub_status_module --with-stream --with-stream_ssl_module --with-http_v2_module --with-stream --with-stream_ssl_preread_module --with-http_ssl_module --add-module=/root/ngx_http_proxy_connect_module-0.0.7/
[root@tky openresty-1.25.3.2]# yum -y install patch
[root@tky openresty-1.25.3.2]# patch -d build/nginx-1.25.3/ -p 1 < /root/ngx_http_proxy_connect_module-0.0.7/patch/proxy_connect_rewrite_102101.patch 
[root@tky openresty-1.25.3.2]# gmake -j2 && gmake install

conf配置

[root@tky ~]# cat /usr/local/openresty/nginx/conf/www/proxy.conf
server {
    listen 8443;
    resolver 8.8.8.8;
    proxy_connect;
    proxy_connect_allow            all;
    proxy_connect_connect_timeout  60s;
    proxy_connect_read_timeout     60s;
    proxy_connect_send_timeout     60s;
    access_log logs/proxy_access.log main;
    error_log logs/proxy_error.log;
    auth_basic "Proxy Authentication.";
    auth_basic_user_file /usr/local/openresty/nginx/conf/passwd/proxy.pass;
    rewrite_by_lua_file /usr/local/openresty/nginx/conf/lua/proxy_auth.lua;
    location / {
        proxy_set_header Host $host;
        proxy_pass $scheme://$host$request_uri;
        proxy_hide_header Authorization;
        proxy_hide_header Proxy-Authorization;
    }
}

lua配置

[root@tky ~]# cat /usr/local/openresty/nginx/conf/lua/proxy_auth.lua
-- check Proxy-Authorization for https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/407
if not ngx.var.http_proxy_authorization then
    ngx.header["Proxy-Authenticate"] = "Basic realm=\"Access To Internal Site.\""
    ngx.exit(407)
end

-- transfer Proxy-Authorization header to Authorization for auth basic module
ngx.req.set_header("Authorization", ngx.var.http_proxy_authorization)