|
2) nginx.conf文件配置
- server {
- listen 443;
-
- # dns resolver used by forward proxying
- resolver 114.114.114.114;
- # forward proxy for CONNECT request
- proxy_connect;
- proxy_connect_allow 443;
- proxy_connect_connect_timeout 10s;
- proxy_connect_read_timeout 10s;
- proxy_connect_send_timeout 10s;
- # forward proxy for non-CONNECT request
- location / {
- proxy_pass http://$host;
- proxy_set_header Host $host;
- }
- }
使用场景
7层需要通过HTTP CONNECT来建立隧道,属于客户端有感知的普通代理方式,需要在客户端手动配置HTTP(S)代理服务器IP和端口。在客户端用curl 加-x参数访问如下:
- # curl https://www.baidu.com -svo /dev/null -x 39.105.196.164:443
- * About to connect() to proxy 39.105.196.164 port 443 (#0)
- * Trying 39.105.196.164...
- * Connected to 39.105.196.164 (39.105.196.164) port 443 (#0)
- * Establish HTTP proxy tunnel to www.baidu.com:443
- > CONNECT www.baidu.com:443 HTTP/1.1
- > Host: www.baidu.com:443
- > User-Agent: curl/7.29.0
- > Proxy-Connection: Keep-Alive
- >
- < HTTP/1.1 200 Connection Established
- < Proxy-agent: nginx
- <
- * Proxy replied OK to CONNECT request
- * Initializing NSS with certpath: sql:/etc/pki/nssdb
- * CAfile: /etc/pki/tls/certs/ca-bundle.crt
- CApath: none
- * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- * Server certificate:
- * subject: CN=baidu.com,O="Beijing Baidu Netcom Science Technology Co., Ltd",OU=service operation department,L=beijing,ST=beijing,C=CN
- ...
- > GET / HTTP/1.1
- > User-Agent: curl/7.29.0
- > Host: www.baidu.com
- > Accept: */*
- >
- < HTTP/1.1 200 OK
- ...
- { [data not shown]
从上面-v参数打印出的细节,可以看到客户端先往代理服务器39.105.196.164建立了HTTP CONNECT隧道,代理回复HTTP/1.1 200 Connection Established后就开始交互TLS/SSL握手和流量了。
NGINX stream (4层解决方案) (编辑:西安站长网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
