The basic method of configuring Google reverse proxy on a nginx server _nginx

Google has long been intermittent interference in the TC, until today has been completely shielded, to our study and work caused great inconvenience. The following is an anti-generation Google tutorial, there are two different ways.

One, the direct reverse proxy, uses is the 7ghost source code constructs, the advantage is simple easy to use, the disadvantage is easy to be shielded, cannot search the sensitive word.

Second, the use of SSL encryption reverse proxy, the advantage is safe, not easy to be shielded, the disadvantage is relatively strong technical, need to toss more places.

Now the main simple next way to set up the process.

STEP1: You need to have a Linux overseas vps.

The establishment of the STEP2:NGINX environment (for convenience, the tutorial on the use of AMH a key package for the environment construction, of course, you use military brother a key package or a pure nginx environment # is only install Nginx, do not install PHP, sql what the # is OK. ）

STEP3: After installing the AMH, login AMH background (the default address for your VPS IP address: 8888), click on Module Expansion-Download module-Search "SSL", click to download.

OK, now we have the SSL module installed.
Now click on the virtual host, fill out the domain name information, click on SSL configuration, configure SSL-related information.

Then execute vim/usr/local/nginx/conf/vhost/your domain name in the VPS. conf (Other environment based on your environment, AMH's conf here)
Add code (to first put your domain name. conf file all empty and then copy and paste the following code), and then save the exit, restart Nginx can be. (Code needs to make some changes according to the actual situation, here in the form of complete code, the last part of the code is to allow access to HTTP jump to HTTPS)

server {listen 443; server_name guance.com; SSL on; ssl_certificate/usr/local/nginx/conf/ssl/www.guance.com.crt; Ssl_c
ERTIFICATE_KEY/USR/LOCAL/NGINX/CONF/SSL/WWW.GUANCE.COM.PEM;
Ssl_protocols SSLv3 TLSv1;
Ssl_ciphers All:-adh:+high:+medium:-low:-sslv2:-exp; Location/{proxy_redirect off; Proxy_pass https://www.google.co.jp/; proxy_redirect http://www.google.com//; proxy_
Cookie_domain google.com guance.com;
Proxy_set_header accept-encoding "";
Proxy_set_header user-agent $http _user_agent;
Proxy_set_header accept-language "ZH-CN"; Proxy_set_header Cookie "pref=id=047808f19f6de346:u=0f62f33dd8549d11:ff=2:ld=zh-cn:nw=1:tm=1325338577:lm=
1332142444:gm=1:sg=2:s=re0syjh2w1iq-maw "; } server {Listen server_name guance.com rewrite ^ (. *) https://guance.com$1 Permanent;} server {listen; server
_name www.guance.com;
Rewrite ^ (. *) https://guance.com$1 permanent;
 server {Listen www.guance.com:80 server_name guance.com rewrite ^ (. *) $ https://$host $ permanent}

It's all done here.

PS: About SSL encryption
SSL Full name is Security Socket Layer, if the site uses SSL encryption, Gfш can not be sealed domain name, because the transmission process in the URL is also encrypted, gfш powerless. But gfш can be sealed IP 443 port, but in that case can also be replaced by IP to avoid being the object of the wall.

Gfш blocked Google's SSL encryption search, the principle is to block Google designated IP 443 port. Because the first step in establishing an HTTPS connection is to request Google to send a certificate over: Send an HTTP packet to Google's IP address, which says 443 ports, gfш a look, seal!

The 443 port, the Web browsing port, is primarily for HTTPS services and is another HTTP that provides encryption and transmission over a secure port. In some sites with high security requirements, such as banking, securities, shopping, etc., all use HTTPS services, so that the exchange of information on these sites can not be seen by others, to ensure the security of the transaction. The address of the Web page starts with https://rather than the usual http://.

SSL certificates need to be purchased, there are a lot of inexpensive SSL certificates on the Web, about 10 dollars a year, which is about the same as the annual fee for a. com domain name. In fact, you can find free SSL certificates, such as the free certificate provided by startssl.com. In effect, a cheap certificate is certainly a little less than a certificate issued by a large organization, but almost all mainstream browsers accept these certificates.

The website uses the SSL encryption to the search engine not to be very friendly, the Baidu basically does not include the HTTPS website (some main stations except), but has no influence to the Gu GE.