时间:2023-02-10 20:57:01 | 来源:建站知识
时间:2023-02-10 20:57:01 来源:建站知识
仅供学习参考https://nginx.org/download/nginx-1.14.2.tar.gzhttps://www.openssl.org/source/openssl-1.1.1m.tar.gzhttp://zlib.net/zlib-1.2.11.tar.gzhttps://free.nchc.org.tw/osdn//sfnet/p/pc/pcre/pcre/8.44/pcre-8.44.tar.gzhttps://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/tags/v0.0.2.ziphttps://www.privoxy.org/sf-download-mirror/Sources/3.0.33%20%28stable%29/privoxy-3.0.33-stable-src.tar.gz
# 源代码下载wget https://nginx.org/download/nginx-1.14.2.tar.gztar -zxvf nginx-1.14.2.tar.gzcd nginx-1.14.2wget https://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/tags/v0.0.2.ziptar -zxvf v0.0.2.zipmv ngx_* ngx_http_proxy_connect_modulewget https://free.nchc.org.tw/osdn//sfnet/p/pc/pcre/pcre/8.44/pcre-8.44.tar.gztar -zxvf pcre-8.44.tar.gz# 安装补丁patch -p1 < ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1014.patch# 编译./configure --with-pcre=pcre-8.44 --add-module=ngx_http_proxy_connect_modulemake -j2 && make install
cd /usr/local/nginx/conf/vim nginx.conf# 添加一个server配置 server { listen 3128; # dns resolver used by forward proxying resolver 8.8.8.8; # forward proxy for CONNECT request proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; # forward proxy for non-CONNECT request location / { proxy_pass http://$host; proxy_set_header Host $host; } }nginx -tnginx
此时正向代理已经生效,验证测试curl -I --proxy NGINX_HOST:3128 https:TARGET_HOST# 返回结果将包含两层连接,第一层连接到nginx服务器,第二层连接到目标主机# 3主机验证,主机A:发起方,主机B:代理方NGINX_HOST,主机C:TARGET_HOST,80端口提供web服务,仅允许主机B访问## 仅允许主机B访问主机C的80端口$HOST_C:iptables -I INPUT -p tcp --dport 80 -j DROP$HOST_C:iptables -I INPUT -s HOST_B_IP -p tcp --dport 80 -j ACCEPT## 主机A访问主机C80端口被拒绝$HOST_A:curl http://HOST_C### 超时## 全局代理vim /etc/profile### 追加,host替换为指定iphttp_proxy=$HOST_B:3128 https_proxy=$HOST_B$:3128ftp_proxy=$HOST_B:3128export http_proxy export ftp_proxy export https_proxy### 刷新配置source /etc/profile
ldconfig
共享链接库wget https://www.privoxy.org/sf-download-mirror/Sources/3.0.33%20%28stable%29/privoxy-3.0.33-stable-src.tar.gztar xzvf privoxy-3.0.33-stable-src.tar.gzcd privoxy-3.0.33-stable# 添加privoxy用户及组groupadd privoxyuseradd privoxy -r -s /usr/sbin/nologin# 编译pcre库wget https://free.nchc.org.tw/osdn//sfnet/p/pc/pcre/pcre/8.44/pcre-8.44.tar.gztar -zxvf pcre-8.44cd pcre-8.44./configuremake -j2 && make installldconfig# 编译privoxycd privoxy-3.0.33-stableautoheaderautoconf./configuremake && make -s install USER=privoxy Group=privoxy
配置,编译安装后,privoxy执行时会读取当前路径下的config
文件cd /usr/local/etc/privoxyvim pac.action---------------------------------------------------{{alias}}default = +forward-override{forward .}pac = +forward-override{forward $NGINX_HOST:3128}{default}/{pac}.sap.com---------------------------------------------------vim config---------------------------------------------------# 添加我们自定义的PAC规则actionsfile pac.action# 下面这几行是系统预定义的转发规则,注释掉# actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.# actionsfile default.action # Main actions file# actionsfile user.action # User customizations# 下面这几行是系统预定义的过滤规则,注释掉# filterfile default.filter# filterfile user.filter # User customizations---------------------------------------------------privoxy## 代理到privoxyvim /etc/profilehttp_proxy=127.0.0.1:8118https_proxy=127.0.0.1:8118ftp_proxy=127.0.0.1:8118export http_proxy export ftp_proxy export https_proxysource /etc/profile
转载请标注来源关键词:代理,指定,通过,服务