前言
利用nginx的sni反向代理,可以无需证书实现反代,当然sniproxy也可以实现这个功能,但是我配置的sniproxy时灵时不灵,所以我选择了nginx来实现这个功能。
安装nginx
安装nginx可以使用apt-get yum或者各种一键脚本,当然我这里记录一下一键脚本安装和编译安装两种不同的方式。
编译安装
安装相关依赖
apt-get install gcc make libpcre3 libpcre3-dev openssl libssl-dev zlib1g-dev -y
安装nginx
官网最新版:http://nginx.org/en/download.html
| wget http://nginx.org/download/nginx-1.14.0.tar.gz | |
| tar -zxvf nginx-1.14.0.tar.gz | |
| cd nginx-1.14.0 | |
| ./configure —with-http_stub_status_module —with-http_ssl_module —with-http_v2_module —with-http_gzip_static_module —with-http_sub_module —with-stream —with-stream_ssl_module —with-stream_ssl_preread_module | |
| make && make install |
常用命令
| ln -s /usr/local/nginx/sbin/nginx /usr/local/bin //快捷方式 | |
| /usr/local/nginx/sbin/nginx //启动nginx | |
| /usr/local/nginx/sbin/nginx -s reload //重启nginx | |
| /usr/local/nginx/sbin/nginx -s stop //关闭nginx |
也可以使用脚本来管理nginx,vi /etc/init.d/nginx
把一下内容复制进去
| ### BEGIN INIT INFO | |
| # Provides: nginx | |
| # Required-Start: $all | |
| # Required-Stop: $all | |
| # Default-Start: 2 3 4 5 | |
| # Default-Stop: 0 1 6 | |
| # Short-Description: starts the nginx web server | |
| # Description: starts nginx using start-stop-daemon | |
| ### END INIT INFO | |
| PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin | |
| DAEMON=/usr/local/nginx/sbin/nginx | |
| NAME=nginx | |
| DESC=nginx | |
| test -x $DAEMON || exit 0 | |
| # Include nginx defaults if available | |
| if [ -f /etc/default/nginx ] ; then | |
| . /etc/default/nginx | |
| fi | |
| set -e | |
| . /lib/lsb/init-functions | |
| case “$1“ in | |
| start) | |
| echo -n “Starting $DESC: “ | |
| start-stop-daemon –start –quiet –pidfile /usr/local/nginx/logs/$NAME.pid \ | |
| —exec $DAEMON — $DAEMON_OPTS || true | |
| echo “$NAME.” | |
| ;; | |
| stop) | |
| echo -n “Stopping $DESC: “ | |
| start-stop-daemon –stop –quiet –pidfile /usr/local/nginx/logs/$NAME.pid \ | |
| —exec $DAEMON || true | |
| echo “$NAME.” | |
| ;; | |
| restart|force-reload) | |
| echo -n “Restarting $DESC: “ | |
| start-stop-daemon –stop –quiet –pidfile \ | |
| /usr/local/nginx/logs/$NAME.pid —exec $DAEMON || true | |
| sleep 1 | |
| start-stop-daemon –start –quiet –pidfile \ | |
| /usr/local/nginx/logs/$NAME.pid —exec $DAEMON — $DAEMON_OPTS || true | |
| echo “$NAME.” | |
| ;; | |
| reload) | |
| echo -n “Reloading $DESC configuration: “ | |
| start-stop-daemon –stop –signal HUP –quiet –pidfile /usr/local/nginx/logs/$NAME.pid \ | |
| —exec $DAEMON || true | |
| echo “$NAME.” | |
| ;; | |
| status) | |
| status_of_proc -p /usr/local/nginx/logs/$NAME.pid “$DAEMON“ nginx && exit 0 || exit $? | |
| ;; | |
| *) | |
| N=/etc/init.d/$NAME | |
| echo “Usage: $N {start|stop|restart|reload|force-reload|status}” >&2 | |
| exit 1 | |
| ;; | |
| esac | |
| exit 0 |
增加执行权限
sudo chmod +x /etc/init.d/nginx
现在管理 Nginx 只需使用以下命令即可:
sudo service nginx start|stop|restart|reload
如果要开机自动启动 Nginx,请执行以下命令:
sudo update-rc.d -f nginx defaults
一键脚本安装nginx
各种一键脚本很多,这里介绍一下用lnmp.org的一键脚本安装的办法。
当然这里只安装了nginx,没有完全安装lnmp环境,lnmp命令也是用不了的。
| wget -c http://soft.vpser.net/lnmp/lnmp1.5beta.tar.gz && tar zxf lnmp1.5beta.tar.gz && cd lnmp1.5 | |
| sed -i ‘s/’“Nginx_Modules_Options=””/“Nginx_Modules_Options=’–with-stream_ssl_preread_module'”‘/’ lnmp.conf | |
| ./install.sh nginx |
启动nginx
service nginx start
设置nginx
修改配置文件,vi /usr/local/nginx/conf/nginx.conf,添加以下内容到nginx.conf的顶部
| stream { | |
| server { | |
| listen 443; | |
| ssl_preread on; | |
| resolver 8.8.8.8; | |
| proxy_pass $ssl_preread_server_name:$server_port; | |
| } | |
| } |
注意:这对所有解析到这个IP的域名都会进行转发,保护好你的服务器,注意监控带宽,否则你的流量会飞速流失。
重启nginx
service nginx restart
想使用这个代理,需要在本地设置hosts,C:\Windows\System32\drivers\etc\hosts添加以下内容
| 127.0.0.1 domian.com | |
| #服务器IP 欲反代的域名 |
要发表评论,您必须先登录。