CentOS compiles and configures nginx that supports HTTPS forward proxy

Time:2021-10-16

Because I am in the foreign trade industry, I recently found that the interface connecting eBay in China is becoming more and more unstable. Call an interface for uploading pictures. The request can be completed two or three seconds ago. Now it will probably time out in two minutes. Pulling orders is a similar situation, which has seriously affected the processing of normal business. Therefore, it is considered to deploy an agent service in Hong Kong to realize the transit agent of eBay interface request, so as to achieve the purpose of speed-up.

Nginx itself provides the function of proxy service, so nginx is used. Nginx agents are divided into “reverse agents” and “forward agents”. The concept of “positive and negative” is simply understood as follows: reverse proxy is that the proxy server will forward the client request to the service, and the specific processing host is hidden from the client. Forward proxy is that the proxy server forwards the client request to the website to be visited. At this time, the client source is hidden for the website to be visited. So this time I want to use the forward proxy function of nginx.

Although nginx supports forward proxy by default, it only supports HTTP protocol URLs. For HTTPS protocol, an open source patch is required:chobits/ngx_http_proxy_connect_module。 This patch module needs to be compiled to install nginx. The following is the process journal. The system is CentOS 7.

Download nginx source code:

wget -c https://nginx.org/download/nginx-1.16.1.tar.gz

Pullngx_http_proxy_connect_modulePatch source code:

git cloen https://github.com/chobits/ngx_http_proxy_connect_module.git

Unzip the nginx source code and apply the patch file:

tar zxvf nginx-1.16.1.tar.gz
cd nginx-1.16.1

patch -p1 < /home/zzxworld/src/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_101504.patch

Pay attention herepatchCommand followed bypatchSuffix file. Different nginx versions correspond to different patch files. Refer to NGX for specific correspondence_ http_ proxy_ connect_ Module project description.

Install nginx compilation dependencies:

sudo yum install pcre-devel zlib-devel

Start compiling nginx:

./configure \
    --prefix=/usr/local/nginx \
    --add-module=/home/zzxworld/src/ngx_http_proxy_connect_module

make

sudo make install

Add the following configuration that supports HTTPS forward proxy in nginx:

server {
    listen                         8080;

    resolver                       8.8.8.8;

    proxy_connect;
    proxy_connect_allow            443 563;
    proxy_connect_connect_timeout  10s;
    proxy_connect_read_timeout     10s;
    proxy_connect_send_timeout     10s;

    location / {
        proxy_pass http://$host;
        proxy_set_header Host $host;
    }
}

Use after compilationsudo /usr/local/nginx/sbin/nginxStart nginx, and then you can useIP:8080To proxy the requested address.