Nginx是一款以轻量级、低内存开销、支持缓存、支持反向代理,负载均衡,电子邮件服务而著称。对于鲜为人知的是,它还可以作为一个简单易用的正向代理服务器。本文简要描述这个正向代理功能并给出演示,供大家参考。
有关Nginx的安装请参考
CentOS 7下yum方式安装Nginx
Nginx 概述及日常管理
Nginx基于IP,端口,域名配置虚拟主机
一、配置Nginx正向代理服务端配置
- 演示环境
- # more /etc/redhat-release
- CentOS Linux release 7.2.1511 (Core)
-
- 当前主机名称及ip
- # hostname
- centos7-router
-
- # ip addr|grep -inet|grep global
- 9: inet 172.24.8.254/24 brd 172.24.8.255 scope global eno16777728
- 15: inet 192.168.1.175/24 brd 192.168.1.255 scope global dynamic eno33554960
-
- 当前主机的dns配置
- # more /etc/resolv.conf
- # Generated by NetworkManager
- nameserver 192.168.1.1
-
- Nginx版本
- # Nginx -v
- Nginx version: Nginx/1.12.2
-
- Nginx正向代理配置
- # vim /etc/Nginx/conf.d/proxy.conf
- server {
- listen 8080; ##指定一个非缺省端口用于提供代理服务
- server_name localhost;
- resolver 192.168.1.1; ##指定DNS服务器IP
-
- location / {
- proxy_pass $scheme://$host$request_uri;
- proxy_set_header Host $http_host;
-
- ##proxy_pass:设置代理服务器的协议和地址以及位置应映射到的可选URI。协议可指定http或https
- ##proxy_set_header:与许字段重新定义或附加请求标头传递给代理服务器
-
- proxy_buffers 256 4k; ## Author : Leshami
- proxy_max_temp_file_size 0; ## Blog : http://blog.csdn.net/leshami
-
- ##proxy_buffers:为单个连接设置用于从代理服务器读取响应的缓冲区个数和缓冲区大小
- ##proxy_max_temp_file_size:禁用缓冲对临时文件的响应
-
- proxy_connect_timeout 30; ##代理连接超时时间
-
- proxy_cache_valid 200 302 10m; ##为不同的响应代码设置缓存时间
- proxy_cache_valid 301 1h;
- proxy_cache_valid any 1m;
- }
- }
-
- # systemctl reload Nginx.service
- # ss -nltp|grep Nginx
- LISTEN 0 128 *:8080 *:* users:(("Nginx",pid=110780,fd=10),("Nginx",pid=19774,fd=10))
- LISTEN 0 128 *:80 *:* users:(("Nginx",fd=6),fd=6))
-
- 防火墙配置
- # firewall-cmd --add-port=8080/tcp --permanent
- # firewall-cmd --reload
二、客户端配置
- 客户端主机名及IP
- # hostname
- centos7-web.example.com
- # ip addr|grep inet|grep global
- inet 172.24.8.128/24 brd 172.24.8.255 scope global eno16777728
-
- 临时设置当前环境变量http_proxy
- # export http_proxy=http://172.24.8.254:8080
-
- # curl -I http://www.baidu.com
- HTTP/1.1 200 OK
- Server: Nginx/1.12.2
- Date: Tue,24 Oct 2017 14:59:44 GMT
- Content-Type: text/html
- Content-Length: 277
- Connection: keep-alive
- Last-Modified: Mon,13 Jun 2016 02:50:26 GMT
- ETag: "575e1f72-115"
- Cache-Control: private,no-cache,no-store,proxy-revalidate,no-transform
- Pragma: no-cache
- Accept-Ranges: bytes
-
- 清除http_proxy
- # unset http_proxy
-
- 演示wget直接使用代理参数方式访问网络
- # wget -e "http_proxy=http://172.24.8.254:8080" www.baidu.com
- --2017-10-24 23:03:48-- http://www.baidu.com/
- Connecting to 172.24.8.254:8080... connected.
- Proxy request sent,awaiting response... 200 OK
- Length: 2381 (2.3K) [text/html]
- Saving to: ‘index.html’
-
- 演示curl直接使用代理参数方式访问网络
- # curl -x http://172.24.8.254:8080 -I http://www.baidu.com
- HTTP/1.1 200 OK
- Server: Nginx/1.12.2
- Date: Tue,24 Oct 2017 15:07:39 GMT
- Content-Type: text/html
- Content-Length: 277
- Connection: keep-alive
- Last-Modified: Mon,no-transform
- Pragma: no-cache
- Accept-Ranges: bytes
-
- 如果需要用户名密码,格式
- curl -x "http://user:pwd@host:port" www.baidu.com
-
- 配置http_proxy以及ftp_proxy到应用程序,如yum代理配置
- /etc/yum.conf里面增加proxy=proxy_addr:port。
-
- # unset http_proxy
- # cp /etc/yum.conf /etc/yum.conf.bk
- # echo "proxy=http://172.24.8.254:8080">>/etc/yum.conf
-
- # tail -1 /etc/yum.conf
- proxy=http://172.24.8.254:8080
-
- # vim /etc/yum.repo.d/Nginx.repo
- [Nginx]
- name=Nginx repo
- baseurl=http://Nginx.org/packages/centos/7/$basearch/
- gpgcheck=0
- enabled=1
-
- # yum clean all
- # yum repolist
- Loaded plugins: fastestmirror,langpacks
- Nginx | 2.9 kB 00:00:00
- Nginx/x86_64/primary_db | 31 kB 00:00:01
- Determining fastest mirrors
- repo id repo name status
- Nginx/x86_64 Nginx repo 90
- repolist: 90
- [root@centos7-web yum.repos.d]# yum makecache
- Loaded plugins: fastestmirror,langpacks
- Nginx | 2.9 kB 00:00:00
- (1/2): Nginx/x86_64/other_db | 16 kB 00:00:00
- (2/2): Nginx/x86_64/filelists_db | 39 kB 00:00:01
- Loading mirror speeds from cached hostfile
- Metadata Cache Created
-
- 全局配置
- # cp /etc/skel/.bash_profile /etc/skel/.bash_profile.bk
- # vim /etc/skel/.bash_profile
- export http_proxy=http://172.24.8.254:8080
- export https_proxy=http://172.24.8.254:8080
-
- # source /etc/skel/.bash_profile
- # env |grep http
- http_proxy=http://172.24.8.254:8080
- https_proxy=http://172.24.8.254:8080
