(a) brief description
Nginx can not only do reverse proxy, but also can be used as a forward proxy to the Internet and other functions. Forward Proxy: If you think of the internet outside the LAN as a huge repository, then the client in the LAN to access the Internet, you need to access through a proxy server, this proxy service is called a forward proxy (which is what we often say, through the forward proxy to the Internet function)
(b) The function of Nginx forward proxy
1. Because the Nginx forward agent has fewer function instructions, it only needs simple configuration.
server { resolver 114.114.114.114; #指定DNS服务器IP地址 listen 8080; location / { proxy_pass http://$http_host$request_uri; #设定代理服务器的协议和地址 } }
The above configuration can only access the 80-port Web site, and cannot access the https443 port of the website, now the site is basically HTTPS to solve the skills to access the HTTP80 port can also access the https443 port of the site, need to set two server nodes, a processing HTTP forwarding, The other handles HTTPS forwarding, and the client accesses the proxy over HTTP, differentiating HTTP and HTTPS requests by accessing the different ports of the proxy.
Server {resolver 114.114.114.114; #指定DNS服务器IP地址 Listen 80; Location/{Proxy_pass http:/$http _host$request_uri; #设定代理服务器的协议和地址 proxy_set_header HOST $http _host; Proxy_buffers 4k; Proxy_max_temp_file_size 0k; Proxy_connect_timeout 30; Proxy_send_timeout 60; Proxy_read_timeout 60; Proxy_next_upstream error timeout Invalid_header http_502; }} server {resolver 114.114.114.114; #指定DNS服务器IP地址 Listen 443; Location/{Proxy_pass https://$host $request_uri; #设定代理服务器的协议和地址 Proxy_buffers 4k; Proxy_max_temp_file_size 0k; Proxy_connect_timeout 30; Proxy_send_timeout 60; Proxy_read_timeout 60; Proxy_next_upstream error timeout Invalid_header http_502; } }
2. Client Access settings:
2.1 Windows System :
To configure the HTTP proxy for your browser, follow these steps: "Open your browser,->internet options," "Connection", "LAN Settings", "Proxy Server", and set the following:
2.2 Linux access addresses are as follows:
If you visit an HTTP website, you can do this directly: Curl--proxy proxy_server:80 http://www.taobao.com/
If you visit an HTTPS Web site, such as https://www.alipay.com, you can use the Nginx HTTPS forwarding server:
Curl--proxy proxy_server:443 http://www.alipay.com
###通过http的访问[[email protected] ~]# curl -I --proxy 192.168.99.99:80 www.baidu.com ###显示http访问的状态码HTTP/1.1 200 OKServer: nginx/1.12.2Date: Wed, 07 Feb 2018 02:09:03 GMTContent-Type: text/htmlContent-Length: 277Connection: keep-aliveLast-Modified: Mon, 13 Jun 2016 02:50:40 GMTETag: "575e1f80-115"Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transformPragma: no-cacheAccept-Ranges: bytes[[email protected] ~]# curl --proxy 192.168.99.99:80 www.baidu.com ####显示http访问整个网页
# # #通过https的访问 [[email protected] ~]# curl-i--proxy 192.168.99.99:443 http://www.taobao.com/# # #HTTP/ 1.1 okserver:nginx/1.12.2date:wed, 2018 02:13:14 gmtcontent-type:text/html; CHARSET=UTF-8CONNECTION:KEEP-ALIVEVARY:ACCEPT-ENCODINGVARY:ALI-DETECTOR-TYPECACHE-CONTROL:MAX-AGE=60, s-maxage= 90x-snapshot-age:1content-md5:lih52+3gpe2b2ellp/cffq==etag:w/"295b-1616605047e" via:cache47.l2cn624[14,304-0,c] , cache29.l2cn624[11,0], cache2.cn12[0,200-0,h], Cache5.cn12[0,0]age:17x-cache:hit tcp_mem_hit dirn:26:913567405 mlen:-1x-swift-savetime:wed, 2018 02:12:57 gmtx-swift-cachetime:90timing-allow-origin: *EagleId: 7250AE1715179695945657582ESET-COOKIE:THW=CN; path=/; domain=.taobao.com; Expires=thu, 07-feb-19 02:13:14 GMT; Strict-transport-security:max-age=31536000[[email protected] ~]# Curl--proxy 192.168.99.99:443/http www.taobao.com/# # #通过https代理访问
(iii) Linux Setup agent to access the Internet method:
Online environment for security period, the server is not allow Sisu network, if need to update through yum or download the corresponding software package is more troublesome, now can be set up proxy way to do the operation of Sisu network, the method is as follows:
(1) The method of setting up the proxy using Yum . If you only need to use Yum to update the package, just do the Yum configuration.
[[email protected] ~]# vim/etc/yum.conf proxy=http://192.168.99.99:80proxy=ftp://192.168.99.99:80#proxy_ Username=username # # # # # # # # #代理的用户名 #proxy_password=password # # #代理的密码 [[email protected] ~ ]# Yum Install iotop-yloaded plugins:fastestmirrorbase | 3.6 KB 00:00:00 Extras | 3.4 KB 00:00:00 Updates | 3.4 KB 00:00:00 Loading mirror speeds from cached hostfileresolving dependencies--> Running transaction Check---&G T Package Iotop.noarch 0:0.6-2.el7 'll be installed--> finished Dependency resolutiondependencies resolved=========== ============================================================================================================================= Package Arch Version Repository size===================================================================== ===================================================================installing:iotop Noarch 0.6-2.EL7 Base Ktransaction summary============ =============================================================================================================== =============install 1 packagetotal Download size:52 kinstalled size:156 kdownloading packages:iotop-0.6-2.el7.noarch. RPM | 00:00:00 KB Running Transaction checkrunning transaction testtransaction test succeededrunning transaction instal Ling:iotop-0.6-2.el7.noarch 1/1 Verifying:iotop-0.6-2.el7.noarch 1/1 Installed:iotop.noarch 0:0.6-2.el7 complete!
***备注:vi /etc/yum.conf***
Add the following:
Proxy = http://username:[email protected]: 8080/
Or
proxy=http://yourproxy:808
proxy=ftp://yourproxy:808
Proxy_username=username
Proxy_password=password
2.wget How to set up the proxy:
[Email protected] ~]# VIM/ETC/WGETRC
Http_proxy=192.168.99.99:80
http_proxy=192.168.99.99:443
3.curl How to Access Proxy settings:
如果访问HTTP网站,可以直接这样的方式: curl --proxy proxy_server:80 http://www.taobao.com/如果访问HTTPS网站,例如https://www.alipay.com,那么可以使用nginx的HTTPS转发的server:curl --proxy proxy_server:443 http://www.alipay.com[[email protected] ~]# curl -I --proxy 192.168.99.99:80 www.baidu.com ###显示http访问的状态码HTTP/1.1 200 OK备注:上边有介绍,详见上边内容。
4. Use the method to set the global proxy:
[[email protected] ~]# vim/etc/profilehttp_proxy = Http://192.168.99.99:80http_proxy =/http 192.168.99.99:443ftp_proxy = Http://192.168.99.99:80/export http_proxyexport ftp_proxy
[Email protected] ~]# curl-i https://www.taobao.com
http/1.1 OK
Server:tengine
date:wed, 2018 02:50:49 GMT
content-type:text/html; Charset=utf-8
Connection:keep-alive
Vary:accept-encoding
Vary:ali-detector-type
CACHE-CONTROL:MAX-AGE=60, s-maxage=90
X-snapshot-age:2
content-md5:p7moah71pi2hqtq/lcsw4q==
etag:w/"295b-1616605047e"
VIA:CACHE40.L2ET15-1[0,304-0,H], cache20.l2et15-1[0,0], cache10.cn418[0,200-0,h], cache5.cn418[1,0]
Age:22
X-cache:hit Tcp_mem_hit dirn:25:104405114 mlen:-1
x-swift-savetime:wed, 2018 02:50:27 GMT
X-swift-cachetime:90
Timing-allow-origin: *
eagleid:65e3d1e515179718498223532e
SET-COOKIE:THW=CN; path=/; domain=.taobao.com; Expires=thu, 07-feb-19 02:50:49 GMT;
strict-transport-security:max-age=31536000
Linux server via Nginx forward proxy online