【免费】ngx-http-proxy-connect-module-master.tar.gz_nginxproxy

需积分: 0 55 浏览量 2024-06-14 18:03:22 上传评论收藏 27KB GZ 举报

共20个文件

patch：8个

t：4个

md：4个

ngx_http_proxy_connect模块是Nginx的一个扩展模块，主要用于实现HTTP代理服务器的“CONNECT”方法。在HTTP协议中，"CONNECT"方法主要用于建立一个到特定主机和端口的隧道，通常用于HTTPS或Websocket通信。这个模块使得Nginx不仅能够处理常规的HTTP和HTTPS请求，还能作为SSL终止代理，允许客户端通过HTTP代理与目标服务器建立TCP连接，从而实现对加密通信的支持。了解Nginx的基本架构和工作原理至关重要。Nginx是一款高性能的反向代理服务器和负载均衡器，采用事件驱动模型，能有效处理高并发请求。其核心功能包括静态文件服务、HTTP缓存、反向代理等。当添加了ngx_http_proxy_connect模块后，Nginx可以处理更多样化的代理场景，特别是需要通过HTTP代理进行安全通信的情况。在部署ngx_http_proxy_connect模块时，我们需要先获取源码，这正是“ngx_http_proxy_connect_module-master.tar.gz”文件的作用。该文件是一个压缩包，解压后包含了模块的源代码和其他相关文件。通常，我们会将这个模块源码编译进Nginx的源码树，然后重新编译和安装Nginx，确保模块被正确加载。编译Nginx并添加模块的步骤大致如下： 1. 下载Nginx源码。 2. 解压“ngx_http_proxy_connect_module-master.tar.gz”文件。 3. 将模块源码复制到Nginx的`src/http/modules/`目录下。 4. 配置Nginx，指定要编译的模块，如`./configure --with-http_proxy_module --add-module=src/http/modules/ngx_http_proxy_connect_module`。 5. 编译Nginx：`make`。 6. 安装Nginx：`make install`。配置Nginx以启用ngx_http_proxy_connect模块，我们需要在Nginx的配置文件（如`nginx.conf`）中定义一个代理服务器块，例如： ```nginx http { server { listen 8080; location / { proxy_pass http://backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_connect allow all; } } } ``` 在这个配置中，Nginx监听8080端口，接收到客户端的CONNECT请求后，会尝试建立到`http://backend`（这里可能是目标服务器的地址）的连接，并允许所有连接请求。值得注意的是，使用此模块可能存在安全风险，因为它允许任意的TCP连接。为了提高安全性，可能需要限制可连接的主机或端口，或者使用防火墙规则来进一步控制访问。 ngx_http_proxy_connect模块扩展了Nginx的功能，使其能够处理HTTPS和Websocket的代理需求，这对于那些需要在企业网络环境中实现HTTP代理服务器的场景特别有用。同时，正确配置和管理这个模块也是确保系统安全的重要环节。

资源推荐

资源详情

资源评论

收起资源包目录

ngx_http_proxy_connect_module-master.tar.gz （20个子文件）

ngx_http_proxy_connect_module-master

http_proxy_connect_timeout.t 9KB

http_proxy_connect_resolve_variables.t 11KB

http_proxy_connect.t 16KB

http_proxy_connect_lua.t 7KB

runtest.sh 365B

.github

ISSUE_TEMPLATE

feature_request.md 495B

bug_report.md 794B

question-about-this-project.md 149B

patch

proxy_connect_1014.patch 10KB

proxy_connect_rewrite_1018.patch 9KB

proxy_connect_rewrite_102101.patch 9KB

proxy_connect_rewrite_1014.patch 9KB

proxy_connect_rewrite_101504.patch 9KB

proxy_connect_rewrite_1015.patch 9KB

proxy_connect.patch 9KB

proxy_connect_rewrite.patch 9KB

LICENSE 1KB

ngx_http_proxy_connect_module.c 63KB

README.md 22KB

config 441B

name ==== This module provides support for [the CONNECT method request](https://tools.ietf.org/html/rfc7231#section-4.3.6). This method is mainly used to [tunnel SSL requests](https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling) through proxy servers. Table of Contents ================= * [name](#name) * [Example](#example) * [configuration example](#configuration-example) * [example for curl](#example-for-curl) * [example for browser](#example-for-browser) * [example for basic authentication](#example-for-basic-authentication) * [Install](#install) * [select patch](#select-patch) * [build nginx](#build-nginx) * [build as a dynamic module](#build-as-a-dynamic-module) * [build OpenResty](#build-openresty) * [Test Suite](#test-suite) * [Error Log](#error-log) * [Directive](#directive) * [proxy_connect](#proxy_connect) * [proxy_connect_allow](#proxy_connect_allow) * [proxy_connect_connect_timeout](#proxy_connect_connect_timeout) * [proxy_connect_read_timeout](#proxy_connect_read_timeout) * [proxy_connect_send_timeout](#proxy_connect_send_timeout) * [proxy_connect_address](#proxy_connect_address) * [proxy_connect_bind](#proxy_connect_bind) * [proxy_connect_response](#proxy_connect_response) * [Variables](#variables) * [$connect_host](#connect_host) * [$connect_port](#connect_port) * [$connect_addr](#connect_addr) * [$proxy_connect_connect_timeout](#proxy_connect_connect_timeout-1) * [$proxy_connect_read_timeout](#proxy_connect_read_timeout-1) * [$proxy_connect_send_timeout](#proxy_connect_send_timeout-1) * [$proxy_connect_resolve_time](#proxy_connect_resolve_time) * [$proxy_connect_connect_time](#proxy_connect_connect_time) * [$proxy_connect_first_byte_time](#proxy_connect_first_byte_time) * [$proxy_connect_response](#proxy_connect_response-1) * [Compatibility](#compatibility) * [Nginx Compatibility](#nginx-compatibility) * [OpenResty Compatibility](#openresty-compatibility) * [Tengine Compatibility](#tengine-compatibility) * [FAQ](#faq) * [Known Issues](#known-issues) * [See Also](#see-also) * [Author](#author) * [License](#license) Example ======= Configuration Example --------------------- ```nginx server { listen 3128; # dns resolver used by forward proxying resolver 8.8.8.8; # forward proxy for CONNECT request proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s; proxy_connect_read_timeout 10s; proxy_connect_send_timeout 10s; # forward proxy for non-CONNECT request location / { proxy_pass http://$host; proxy_set_header Host $host; } } ``` Example for curl ---------------- With above configuration, you can get any https website via HTTP CONNECT tunnel. A simple test with command `curl` is as following: ``` $ curl https://github.com/ -v -x 127.0.0.1:3128 * Trying 127.0.0.1... -. * Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0) | curl creates TCP connection with nginx (with proxy_connect module). * Establish HTTP proxy tunnel to github.com:443 -' > CONNECT github.com:443 HTTP/1.1 -. > Host: github.com:443 (1) | curl sends CONNECT request to create tunnel. > User-Agent: curl/7.43.0 | > Proxy-Connection: Keep-Alive -' > < HTTP/1.0 200 Connection Established .- nginx replies 200 that tunnel is established. < Proxy-agent: nginx (2)| (The client is now being proxied to the remote host. Any data sent < '- to nginx is now forwarded, unmodified, to the remote host) * Proxy replied OK to CONNECT request * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -. * Server certificate: github.com | * Server certificate: DigiCert SHA2 Extended Validation Server CA | curl sends "https://github.com" request via tunnel, * Server certificate: DigiCert High Assurance EV Root CA | proxy_connect module will proxy data to remote host (github.com). > GET / HTTP/1.1 | > Host: github.com (3) | > User-Agent: curl/7.43.0 | > Accept: */* -' > < HTTP/1.1 200 OK .- < Date: Fri, 11 Aug 2017 04:13:57 GMT | < Content-Type: text/html; charset=utf-8 | Any data received from remote host will be sent to client < Transfer-Encoding: chunked | by proxy_connect module. < Server: GitHub.com (4)| < Status: 200 OK | < Cache-Control: no-cache | < Vary: X-PJAX | ... | ... <other response headers & response body> ... | ... '- ``` The sequence diagram of above example is as following: ``` curl nginx (proxy_connect) github.com | | | (1) |-- CONNECT github.com:443 -->| | | | | | |----[ TCP connection ]--->| | | | (2) |<- HTTP/1.1 200 ---| | | Connection Established | | | | | | | ========= CONNECT tunnel has been established. =========== | | | | | | | | | [ SSL stream ] | | (3) |---[ GET / HTTP/1.1 ]----->| [ SSL stream ] | | [ Host: github.com ] |---[ GET / HTTP/1.1 ]-->. | | [ Host: github.com ] | | | | | | | | | | | | [ SSL stream ] | | [ SSL stream ] |<--[ HTTP/1.1 200 OK ]---' (4) |<--[ HTTP/1.1 200 OK ]------| [ < html page > ] | | [ < html page > ] | | | | | ``` Example for browser ------------------- You can configure your browser to use this nginx as PROXY server. * Google Chrome HTTPS PROXY SETTING: [guide & config](https://github.com/chobits/ngx_http_proxy_connect_module/issues/22#issuecomment-346941271) for how to configure this module working under SSL layer. Example for Basic Authentication -------------------------------- We can do access control on CONNECT request using nginx auth basic module. See [this guide](https://github.com/chobits/ngx_http_proxy_connect_module/issues/42#issuecomment-502985437) for more details. Install ======= Select patch ------------ * Select right pat

评论收藏

内容反馈