差别
这里会显示出您选择的修订版和当前版本之间的差别。
| 两侧同时换到之前的修订记录 前一修订版 | |||
| itwiki:nginx-proxy [2024/01/04 10:11] – ovwx@live.io | itwiki:nginx-proxy [Unknown date] (当前版本) – 移除 - 外部编辑 (Unknown date) 127.0.0.1 | ||
|---|---|---|---|
| 行 1: | 行 1: | ||
| - | ===== Nginx 作为代理服务器 ===== | ||
| - | |||
| - | ===== Nginx + 反向代理 + SSL ===== | ||
| - | |||
| - | <file site-xxx.conf> | ||
| - | server { | ||
| - | listen 80; | ||
| - | listen [::]:80; | ||
| - | server_name www.xxx.com; | ||
| - | return 301 https:// | ||
| - | } | ||
| - | |||
| - | server { | ||
| - | listen | ||
| - | listen | ||
| - | server_name c.ezua.com; | ||
| - | charset utf-8; | ||
| - | |||
| - | # ssl配置 | ||
| - | ssl_protocols TLSv1.1 TLSv1.2; | ||
| - | ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256: | ||
| - | ssl_ecdh_curve secp384r1; | ||
| - | ssl_prefer_server_ciphers on; | ||
| - | ssl_session_cache shared: | ||
| - | ssl_session_timeout 10m; | ||
| - | ssl_session_tickets off; | ||
| - | ssl_certificate / | ||
| - | ssl_certificate_key / | ||
| - | |||
| - | root / | ||
| - | location / { | ||
| - | proxy_ssl_server_name on; | ||
| - | proxy_pass https:// | ||
| - | proxy_set_header Accept-Encoding ''; | ||
| - | sub_filter " | ||
| - | sub_filter_once off; | ||
| - | } | ||
| - | | ||
| - | location / | ||
| - | proxy_redirect off; | ||
| - | proxy_pass http:// | ||
| - | proxy_http_version 1.1; | ||
| - | proxy_set_header Upgrade $http_upgrade; | ||
| - | proxy_set_header Connection " | ||
| - | proxy_set_header Host $host; | ||
| - | # 向后端传送真实IP地址 | ||
| - | proxy_set_header X-Real-IP $remote_addr; | ||
| - | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| - | } | ||
| - | } | ||
| - | |||
| - | </ | ||
| - | |||
| - | 其中: | ||
| - | - 第一个 location 是通用路径反代,获取之后数据之后对部分内容进行替换。'' | ||
| - | - 使用了高级功能的一些网站可能需要进行传递 Upgrade,以及 Connection 头部,如:WebSocket | ||
| - | - X-Real-IP 多用于代理服务器,向真实服务器传递远程客户端IP地址 | ||
| - | - Server Listen 80 端口,并使用301重定向 | ||
| - | - X-Forwarded-For XFF头不是标准HTTP头部 | ||
| - | - 第二个 location 可以设置的长一点,这样可以把该路径隐藏在转发的网站中 | ||
| - | |||
| - | ===== Nginx + 正向代理 ===== | ||
| - | |||
| - | 将 Nginx 作为一个HTTP代理服务器使用 | ||
| - | |||
| - | ==== 最小化配置 ==== | ||
| - | |||
| - | < | ||
| - | |||
| - | # Proxy-serv.conf | ||
| - | |||
| - | server { | ||
| - | |||
| - | listen 18081; | ||
| - | server_name _; | ||
| - | # other settings for example ssl | ||
| - | | ||
| - | # 代理CONNECT连接请求,代理443及503端口 | ||
| - | proxy_connect; | ||
| - | proxy_connect_allow 443 563; | ||
| - | proxy_connect_connect_timeout 10s; | ||
| - | proxy_connect_read_timeout 10s; | ||
| - | proxy_connect_send_timeout 10s; | ||
| - | | ||
| - | location / { | ||
| - | | ||
| - | resolver 8.8.8.8; #DNS Server used | ||
| - | proxy_pass $scheme:// | ||
| - | proxy_set_header HOST $host; | ||
| - | | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | | ||
| - | } | ||
| - | |||
| - | error_page 500 502 503 504 /50x.html; | ||
| - | | ||
| - | location = /50x.html { | ||
| - | root / | ||
| - | } | ||
| - | } | ||
| - | </ | ||
| - | |||
| - | 注意:被注释掉的部分都是可以不需要的,是配置代理服务器的一般参数 | ||
| - | |||
| - | ==== 测试正向代理 ==== | ||
| - | |||
| - | 设置代理,如须在系统中一直启用,须在启动文件,诸如:'' | ||
| - | < | ||
| - | export http_proxy=$IP: | ||
| - | export https_proxy=$IP: | ||
| - | </ | ||
| - | |||
| - | 使用代理下载数据或者获取参数 | ||
| - | < | ||
| - | $ curl --proxy=$IP: | ||
| - | $ curl -x https:// | ||
| - | </ | ||
| - | 注:如果命令中包含引号,& | ||
| - | |||