正向代理
安装依赖软件
yum -y install git make gcc gcc-c++ gperftools autoconf automake libtool
支持 HTTPS 流量转发_模块
ngx_http_proxy_connect_module
# GitHub项目地址
https://github.com/chobits/ngx_http_proxy_connect_module
获取 ngx_http_proxy_connect_module
git clone --recursive https://github.com/chobits/ngx_http_proxy_connect_module.git
mkdir -pv /usr/local/modules
mv ngx_http_proxy_connect_module /usr/local/modules
下载 Nginx-1.9.2 源码包
wget http://nginx.org/download/nginx-1.9.2.tar.gz
tar -xf nginx-1.9.2.tar.gz && cd nginx-1.9.2/
patch -p1 < /usr/local/modules/ngx_http_proxy_connect_module/patch/proxy_connect.patch
创建 Nginx 运行用户
groupadd www
useradd www -g www -s /sbin/nologin -M
openssl
wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_1.tar.gz
tar -xf OpenSSL_1_1_1.tar.gz && mv openssl-OpenSSL_1_1_1 /usr/local/openssl-1.1.1
可选功能
--with-google_perftools_module
--with-ld-opt=-ltcmalloc_minimal
# 启用以上功能,需要操作下面的步骤
# 先编译安装libunwind
wget http://mirror.yongbok.net/nongnu/libunwind/libunwind-1.1.tar.gz
tar -xf libunwind-1.1.tar.gz && cd libunwind-1.1
CFLAGS=-fPIC ./configure
make CFLAGS=-fPIC
make CFLAGS=-fPIC install
# 编译 TCMalloc
wget https://github.com/gperftools/gperftools/archive/gperftools-2.7.tar.gz
tar -xf gperftools-2.7.tar.gz && cd gperftools-gperftools-2.7/
./autogen.sh
./configure --enable-frame-pointers
make && make install ; echo $?
# 编译时添加 "--with-google_perftools_module"
# 将TCMalloc库加载到Linux系统中
echo '/usr/local/lib' >> /etc/ld.so.conf.d/local.conf
ldconfig
编译 Nginx
bash configure \
--add-module=/usr/local/modules/ngx_http_proxy_connect_module \
--prefix=/usr/local/forward \
--user=www \
--group=www \
--with-stream \
--with-google_perftools_module \
--with-ld-opt=-ltcmalloc_minimal \
--with-openssl-opt=-fPIC \
--with-openssl=/usr/local/openssl-1.1.1 \
--without-http_gzip_module \
--lock-path=/data/forward/PID/forward.lock \
--pid-path=/data/forward/PID/forward.pid \
--error-log-path=/data/forward/logs/error.log \
--http-log-path=/data/forward/logs/access.log ; echo $?
make && make install
conf 配置
user www www;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
use epoll;
multi_accept off;
worker_connections 65535;
accept_mutex on;
}
error_log /data/forward/logs/error.log warn;
pid /data/forward/PID/nginx.pid;
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
keepalive_timeout 120;
keepalive_requests 30;
client_header_timeout 10;
client_body_timeout 10;
reset_timedout_connection on;
send_timeout 10;
log_not_found off;
server_names_hash_bucket_size 4096;
client_header_buffer_size 256k;
large_client_header_buffers 4 256k;
open_file_cache max=65536 inactive=30s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
server_tokens off;
autoindex off;
autoindex_exact_size off;
autoindex_localtime on;
log_format main '{"remote_addr":"$remote_addr",'
'"time":"[$time_local]",'
'"method":"$request_method",'
'"scheme":"$scheme",'
'"protocol":"$server_protocol",'
'"domain":"$host",'
'"uri":"$request_uri",'
'"http_response":"$status",'
'"http_referer":"$http_referer",'
'"UA":"$http_user_agent",'
'"X_forwarded_for":"$http_x_forwarded_for",'
'"request_time":"$request_time",'
'"body_bytes_sent":"$body_bytes_sent"'
'}';
access_log /data/forward/logs/access.log main;
server {
resolver 114.114.114.114 8.8.8.8;
listen 12345;
access_log /data/forward/logs/access.log main;
proxy_connect;
proxy_connect_allow all;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_pass http://$host;
proxy_set_header Host $host;
}
}
}
