今天研究了一下 Nginx 反代理,整个实现过程还不算完美,暂且做一下记录。
参考文献:
前面的编译安装工作,可以照搬参考文献 1。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# # 安装 gcc & git # apt-get install build-essential git gcc g++ make # # 下载最新版源码 # nginx 官网: # http://nginx.org/en/download.html # wget "http://nginx.org/download/nginx-1.7.8.tar.gz" # # 下载最新版 pcre # pcre 官网: # http://www.pcre.org/ # wget "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.36.tar.gz" # # 下载最新版 openssl # opessl 官网: # https://www.openssl.org/ # wget "https://www.openssl.org/source/openssl-1.0.1j.tar.gz" # # 下载最新版 zlib # zlib 官网: # http://www.zlib.net/ # wget "http://zlib.net/zlib-1.2.8.tar.gz" # # 下载本扩展 # git clone https://github.com/cuber/ngx_http_google_filter_module # # 下载 substitutions 扩展 # git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module # # 解压缩 # tar xzvf nginx-1.7.8.tar.gz tar xzvf pcre-8.36.tar.gz tar xzvf openssl-1.0.1j.tar.gz tar xzvf zlib-1.2.8.tar.gz # # 进入 nginx 源码目录 # cd nginx-1.7.8 # # 设置编译选项 # ./configure \ --prefix=/opt/nginx-1.7.8 \ --with-pcre=../pcre-8.36 \ --with-openssl=../openssl-1.0.1j \ --with-zlib=../zlib-1.2.8 \ --with-http_ssl_module \ --add-module=../ngx_http_google_filter_module \ --add-module=../ngx_http_substitutions_filter_module # # 编译, 安装 # make sudo make install # # 启动Nginx # sudo /opt/nginx-1.7.8/sbin/nginx # 停止Nginx sudo killall nginx |
添加 Nginx 至启动项:创建文件/etc/init.d/nginx:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
#! /bin/sh ### BEGIN INIT INFO # Provides: nginx # Required-Start: $all # Required-Stop: $all # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: starts the nginx web server # Description: starts nginx using start-stop-daemon ### END INIT INFO PATH=/opt/bin:/opt/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/opt/nginx-1.7.8/sbin/nginx NAME=nginx DESC=nginx test -x $DAEMON || exit 0 # Include nginx defaults if available if [ -f /etc/default/nginx ] ; then . /etc/default/nginx fi set -e case "$1" in start) echo -n "Starting $DESC: " start-stop-daemon --start --pidfile /var/run/nginx.pid \ --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; stop) echo -n "Stopping $DESC: " killall nginx start-stop-daemon --stop --quiet --pidfile /var/run/nginx.pid \ --exec $DAEMON echo "$NAME." ;; restart|force-reload) echo -n "Restarting $DESC: " killall nginx sleep 1 start-stop-daemon --start --quiet --pidfile \ /var/run/nginx.pid --exec $DAEMON -- $DAEMON_OPTS echo "$NAME." ;; reload) echo -n "Reloading $DESC configuration: " start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/nginx.pid \ --exec $DAEMON echo "$NAME." ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0 |
添加执行权限并设置为自动启动:
1 2 |
sudo chmod +x /etc/init.d/nginx sudo update-rc.d /etc/init.d/nginx defaults |
修改 Nginx 配置:/opt/nginx-1.7.8/conf/nginx.conf:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
http { ... #gzip on; upstream www.google.com { server 74.125.224.80:443 max_fails=3; server 74.125.224.81:443 max_fails=3; server 74.125.224.82:443 max_fails=3; server 74.125.224.83:443 max_fails=3; server 74.125.224.84:443 max_fails=3; } server { listen 80; listen 443 ssl; server_name mstar.top; resolver 8.8.8.8; #charset koi8-r; #ssl on; ssl_certificate /etc/nginx/mstar.top.crt; ssl_certificate_key /etc/nginx/mstar.top.key; #rewrite to SSL if ($scheme = http) { return 301 https://$server_name$request_uri; } #access_log logs/host.access.log main; location / { google on; #root html; #index index.html index.htm; } ... |
设置 upstream 的目的是避免 Google 提示输入验证码,我想大概是因为不同地区得到的 Google IP 段不一样,如果你一会使用 Nginx 反代,一会儿使用原 Google.com,会导致 Google 猜测你的网络环境异常,强制要求你输入验证码。
为了强制 HTTPS 所以改用了 443 端口,此时需要导入 SSL 证书。如果没有 HTTPS,可以参考文献 1 中的做法。
最后重启 Nginx 即可。