時間:2023-02-10 20:57:01 | 來源:建站知識
時間:2023-02-10 20:57:01 來源:建站知識
僅供學(xué)習(xí)參考
在線咨詢
https://nginx.org/download/nginx-1.14.2.tar.gzhttps://www.openssl.org/source/openssl-1.1.1m.tar.gzhttp://zlib.net/zlib-1.2.11.tar.gzhttps://free.nchc.org.tw/osdn//sfnet/p/pc/pcre/pcre/8.44/pcre-8.44.tar.gzhttps://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/tags/v0.0.2.ziphttps://www.privoxy.org/sf-download-mirror/Sources/3.0.33%20%28stable%29/privoxy-3.0.33-stable-src.tar.gz# 源代碼下載wget https://nginx.org/download/nginx-1.14.2.tar.gztar -zxvf nginx-1.14.2.tar.gzcd nginx-1.14.2wget https://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/tags/v0.0.2.ziptar -zxvf v0.0.2.zipmv ngx_* ngx_http_proxy_connect_modulewget https://free.nchc.org.tw/osdn//sfnet/p/pc/pcre/pcre/8.44/pcre-8.44.tar.gztar -zxvf pcre-8.44.tar.gz# 安裝補丁patch -p1 < ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1014.patch# 編譯./configure --with-pcre=pcre-8.44 --add-module=ngx_http_proxy_connect_modulemake -j2 && make installcd /usr/local/nginx/conf/vim nginx.conf# 添加一個server配置 server { listen 3128; # dns resolver used by forward proxying resolver 8.8.8.8; # forward proxy for CONNECT request proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; # forward proxy for non-CONNECT request location / { proxy_pass http://$host; proxy_set_header Host $host; } }nginx -tnginx此時正向代理已經(jīng)生效,驗證測試curl -I --proxy NGINX_HOST:3128 https:TARGET_HOST# 返回結(jié)果將包含兩層連接,第一層連接到nginx服務(wù)器,第二層連接到目標(biāo)主機# 3主機驗證,主機A:發(fā)起方,主機B:代理方NGINX_HOST,主機C:TARGET_HOST,80端口提供web服務(wù),僅允許主機B訪問## 僅允許主機B訪問主機C的80端口$HOST_C:iptables -I INPUT -p tcp --dport 80 -j DROP$HOST_C:iptables -I INPUT -s HOST_B_IP -p tcp --dport 80 -j ACCEPT## 主機A訪問主機C80端口被拒絕$HOST_A:curl http://HOST_C### 超時## 全局代理vim /etc/profile### 追加,host替換為指定iphttp_proxy=$HOST_B:3128 https_proxy=$HOST_B$:3128ftp_proxy=$HOST_B:3128export http_proxy export ftp_proxy export https_proxy### 刷新配置source /etc/profileldconfig 共享鏈接庫wget https://www.privoxy.org/sf-download-mirror/Sources/3.0.33%20%28stable%29/privoxy-3.0.33-stable-src.tar.gztar xzvf privoxy-3.0.33-stable-src.tar.gzcd privoxy-3.0.33-stable# 添加privoxy用戶及組groupadd privoxyuseradd privoxy -r -s /usr/sbin/nologin# 編譯pcre庫wget https://free.nchc.org.tw/osdn//sfnet/p/pc/pcre/pcre/8.44/pcre-8.44.tar.gztar -zxvf pcre-8.44cd pcre-8.44./configuremake -j2 && make installldconfig# 編譯privoxycd privoxy-3.0.33-stableautoheaderautoconf./configuremake && make -s install USER=privoxy Group=privoxy配置,編譯安裝后,privoxy執(zhí)行時會讀取當(dāng)前路徑下的config文件cd /usr/local/etc/privoxyvim pac.action---------------------------------------------------{{alias}}default = +forward-override{forward .}pac = +forward-override{forward $NGINX_HOST:3128}{default}/{pac}.sap.com---------------------------------------------------vim config---------------------------------------------------# 添加我們自定義的PAC規(guī)則actionsfile pac.action# 下面這幾行是系統(tǒng)預(yù)定義的轉(zhuǎn)發(fā)規(guī)則,注釋掉# actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.# actionsfile default.action # Main actions file# actionsfile user.action # User customizations# 下面這幾行是系統(tǒng)預(yù)定義的過濾規(guī)則,注釋掉# filterfile default.filter# filterfile user.filter # User customizations---------------------------------------------------privoxy## 代理到privoxyvim /etc/profilehttp_proxy=127.0.0.1:8118https_proxy=127.0.0.1:8118ftp_proxy=127.0.0.1:8118export http_proxy export ftp_proxy export https_proxysource /etc/profile轉(zhuǎn)載請標(biāo)注來源關(guān)鍵詞:代理,指定,通過,服務(wù)
微信公眾號
