概述

正向代理：局域网中的客户端不能直接访问Internet，则需要通过代理服务器来访问，这种代理服务就称为正向代理，nginx本身只支持http的正向代理，并通过ngx_http_proxy_connect_module模块支持http、https的正向代理。

反向代理：如果局域网向Internet提供资源服务，让Internet上的其他客户端来访问局域网内不的资源，使它们必须通过一个代理服务器来进行访问内部资源，这种服务就称为反向代理；nginx通过proxy模块实现反向代理功能。

机器环境：

安装部署

nginx下载安装：nginx配置与启动.note

cd /root/soft
wget https://codeload.github.com/chobits/ngx_http_proxy_connect_module/zip/master
unzip ngx_http_proxy_connect_module-master.zip
cd /root/soft/nginx-1.10.2
patch -p1 < /root/soft/ngx_http_proxy_connect_module-master/patch/proxy_connect.patch
./configure --prefix=/usr/local/nginx1.10 --with-http_ssl_module --add-module=/root/soft/ngx_devel_kit-0.3.0 --add-module=/root/soft/ngx_http_proxy_connect_module-master
make && make install

配置nginx http正向代理：

server {
    #指定DNS服务器IP地址
    resolver 114.114.114.114;
    listen 8001;
    location / {
        #设定代理服务器的协议和地址  
        proxy_pass http://$http_host$request_uri;
        proxy_set_header HOST $http_host;
        proxy_buffers 256 4k;
        proxy_max_temp_file_size 0k;
        proxy_connect_timeout 30;
        proxy_send_timeout 60;
        proxy_read_timeout 60;
        proxy_next_upstream error timeout invalid_header http_502;
    }
}

配置nginx https正向代理：

server {
    resolver 114.114.114.114;
    listen 8002;
    proxy_connect;
    proxy_connect_allow 443 563;
    proxy_connect_connect_timeout 10s;
    proxy_connect_send_timeout 30s;
    proxy_connect_read_timeout 60s;
    # forward proxy for non-CONNECT request
    location / { 
        proxy_pass http://$http_host$request_uri;
        proxy_set_header HOST $http_host;
    }
}

curl测试：

curl -x 172.17.1.225:8001 http://www.baidu.com
curl -x 172.17.1.225:8002 https://www.baidu.com

浏览器设置：

浏览器选项->Internet选项->连接->局域网设置->代理服务器->勾选"为LAN使用代理服务器"->高级->输入地址:172.17.1.225，端口:8002->勾选"对所有协议均使用相同的代理服务器"，确定保存

浏览器访问https://www.baidu.com，查看nginx日志输出

nginx.conf代理优化配置

worker_processes 64;
worker_rlimit_nofile 409600;
pid logs/nginx.pid;

events {
    use epoll;
    worker_connections 5120;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    # log option
    log_format access_log '{'
    '"time":"$time_local","client":"$remote_addr:$remote_port",'
    '"host":"$host","request":"$request","status":$status,"body_bytes_sent":$body_bytes_sent,'
    '"user_agent":"$http_user_agent","request_time":$request_time'
    '}';
    access_log logs/access.log access_log;

    # for debug
    #error_log logs/error.log debug;

    # net option
    sendfile          on;
    keepalive_timeout 65;

    # tcp options
    tcp_nodelay on;
    tcp_nopush  on;

    # compression
    gzip              on;
    gzip_buffers      4 16k;
    gzip_comp_level   9;
    gzip_http_version 1.0;
    gzip_min_length   1k;
    gzip_types        text/plain text/css application/x-javascript application/xml text/javascript application/json;
    gzip_vary         on;

    # 配置nginx http正向代理：
    server {
        #指定DNS服务器IP地址
        resolver 114.114.114.114;
        listen 8001;
        location / {
        #设定代理服务器的协议和地址  
        proxy_pass http://$http_host$request_uri;
        proxy_set_header HOST $http_host;
        proxy_buffers 256 4k;
        proxy_max_temp_file_size 0k;
        proxy_connect_timeout 30;
        proxy_send_timeout 60;
        proxy_read_timeout 60;
        proxy_next_upstream error timeout invalid_header http_502;
        }
    }

    # 配置nginx https正向代理：
    server {
        resolver 114.114.114.114;
        listen 8002;
        proxy_connect;
        proxy_connect_allow 443 563;
        proxy_connect_connect_timeout 10s;
        proxy_connect_send_timeout 30s;
        proxy_connect_read_timeout 60s;
        # forward proxy for non-CONNECT request
        location / { 
            proxy_pass http://$http_host$request_uri;
            proxy_set_header HOST $http_host;
        }
    }
}

参考链接

• nginx 正向代理
• nginx做正向代理