使用 Nginx 实现 Google 反代理

今天研究了一下 Nginx 反代理,整个实现过程还不算完美,暂且做一下记录。

参考文献:

  1. Nginx Google 扩展
  2. Debian/Ubuntu Nginx init Script (opt)

前面的编译安装工作,可以照搬参考文献 1。

#
# 安装 gcc & git
#
apt-get install build-essential git gcc g++ make

#
# 下载最新版源码
# nginx 官网: 
# http://nginx.org/en/download.html
#
wget "http://nginx.org/download/nginx-1.7.8.tar.gz"

#
# 下载最新版 pcre
# pcre 官网:
# http://www.pcre.org/
#
wget "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.36.tar.gz"

#
# 下载最新版 openssl
# opessl 官网:
# https://www.openssl.org/
#
wget "https://www.openssl.org/source/openssl-1.0.1j.tar.gz"

#
# 下载最新版 zlib
# zlib 官网:
# http://www.zlib.net/
#
wget "http://zlib.net/zlib-1.2.8.tar.gz"

#
# 下载本扩展
#
git clone https://github.com/cuber/ngx_http_google_filter_module

#
# 下载 substitutions 扩展
#
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module


#
# 解压缩
#
tar xzvf nginx-1.7.8.tar.gz
tar xzvf pcre-8.36.tar.gz
tar xzvf openssl-1.0.1j.tar.gz
tar xzvf zlib-1.2.8.tar.gz

#
# 进入 nginx 源码目录
#
cd nginx-1.7.8

#
# 设置编译选项
#
./configure \
  --prefix=/opt/nginx-1.7.8 \
  --with-pcre=../pcre-8.36 \
  --with-openssl=../openssl-1.0.1j \
  --with-zlib=../zlib-1.2.8 \
  --with-http_ssl_module \
  --add-module=../ngx_http_google_filter_module \
  --add-module=../ngx_http_substitutions_filter_module

#
# 编译, 安装
#
make
sudo make install

#
# 启动 Nginx
#
sudo /opt/nginx-1.7.8/sbin/nginx

# 停止 Nginx
sudo killall nginx

添加 Nginx 至启动项:创建文件/etc/init.d/nginx:

#! /bin/sh
 
### BEGIN INIT INFO
# Provides:          nginx
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the nginx web server
# Description:       starts nginx using start-stop-daemon
### END INIT INFO
 
PATH=/opt/bin:/opt/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/opt/nginx-1.7.8/sbin/nginx
NAME=nginx
DESC=nginx
 
test -x $DAEMON || exit 0
 
# Include nginx defaults if available
if [ -f /etc/default/nginx ] ; then
        . /etc/default/nginx
fi
 
set -e
 
case "$1" in
  start)
        echo -n "Starting $DESC: "
        start-stop-daemon --start  --pidfile /var/run/nginx.pid \
                --exec $DAEMON -- $DAEMON_OPTS
        echo "$NAME."
        ;;
  stop)
        echo -n "Stopping $DESC: "
	killall nginx
        start-stop-daemon --stop --quiet --pidfile /var/run/nginx.pid \
                --exec $DAEMON
        echo "$NAME."
        ;;
  restart|force-reload)
        echo -n "Restarting $DESC: "
        killall nginx
        sleep 1
        start-stop-daemon --start --quiet --pidfile \
                /var/run/nginx.pid --exec $DAEMON -- $DAEMON_OPTS
        echo "$NAME."
        ;;
  reload)
      echo -n "Reloading $DESC configuration: "
      start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/nginx.pid \
          --exec $DAEMON
      echo "$NAME."
      ;;
  *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac
 
exit 0

添加执行权限并设置为自动启动:

sudo chmod +x /etc/init.d/nginx
sudo update-rc.d /etc/init.d/nginx defaults

修改 Nginx 配置:/opt/nginx-1.7.8/conf/nginx.conf:

http {

   ...

    #gzip  on;

	upstream www.google.com {
		server 74.125.224.80:443 max_fails=3;
		server 74.125.224.81:443 max_fails=3;
		server 74.125.224.82:443 max_fails=3;
		server 74.125.224.83:443 max_fails=3;
		server 74.125.224.84:443 max_fails=3;   
	}

	server {

        listen 80;
    
      	listen 443 ssl;
        server_name  mstar.top;
	resolver 8.8.8.8;
        #charset koi8-r;

	#ssl on;
	ssl_certificate         /etc/nginx/mstar.top.crt;
	ssl_certificate_key     /etc/nginx/mstar.top.key;

	#rewrite to SSL
	if ($scheme = http) {
        	return 301 https://$server_name$request_uri;
	}

        #access_log  logs/host.access.log  main;

        location / {
	google on;
	#root   html;
	#index  index.html index.htm;
        }

   ...

设置 upstream 的目的是避免 Google 提示输入验证码,我想大概是因为不同地区得到的 Google IP 段不一样,如果你一会使用 Nginx 反代,一会儿使用原 Google.com,会导致 Google 猜测你的网络环境异常,强制要求你输入验证码。

为了强制 HTTPS 所以改用了 443 端口,此时需要导入 SSL 证书。如果没有 HTTPS,可以参考文献 1 中的做法。

最后重启 Nginx 即可。

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.