nginx如何代理ssl

核心是用到这个第三方模块: https://github.com/chobits/ngx_http_proxy_connect_module

下载相关软件
nginx
https://nginx.org/en/download.html

我使用了当前最新的版本: nginx-1.27.2

wget https://nginx.org/download/nginx-1.27.2.tar.gz
！！！注意！！！

版本是一个很关键的问题来的，下面会讲到

http代理模块
我使用了当前最新的版本: 0.0.7

wget https://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/tags/v0.0.7.tar.gz
！！！注意！！！

该模块安装说明里面，有个很关键的地方

由于我使用的nginx是1.27.2，所以上面的命令，需要改为

patch -p1 < /path/to/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch

[kod.hzgmmy.com）
[kod.huxianzhi.com）
[kod.huiyinzhan.com）
[kod.huikitchen.com）
[kod.i-meil.com）
[kod.jfgsdl.com）
[kod.jcbxdc.com）
[kod.ideaphp.com）
[kod.jiajuxiuli.com）
[kod.jinshihua.com）
编译安装
打补丁

tar -xzvf nginx-1.27.2.tar.gz
cd nginx-1.27.2/
patch -p1 < /path/to/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch
编译

./configure \
--user=nginx \
--group=nginx \
--prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-threads \
--with-stream \
--with-stream_ssl_preread_module \
--with-stream_ssl_module
安装

make && make install

配置参考
http配置
server {
listen 443;

 # dns resolver used by forward proxying
 resolver  114.114.114.114;

 # forward proxy for CONNECT request
 proxy_connect;
 proxy_connect_allow            443;
 proxy_connect_connect_timeout  10s;
 proxy_connect_read_timeout     10s;
 proxy_connect_send_timeout     10s;

 # forward proxy for non-CONNECT request
 location / {
     proxy_pass http://$host;
     proxy_set_header Host $host;
 }

}

stream配置
stream {
resolver 114.114.114.114;
server {
listen 443;
ssl_preread on;
proxy_connect_timeout 5s;
proxy_pass $ssl_preread_server_name:$server_port;
}
}

设置nginx为系统启动
cat > /etc/systemd/system/nginx.service << EOF
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF
启动nginx

systemctl daemon-reload
systemctl start nginx