centos7 下 apache nginx squid https正向代理 代理服务器

• apache

yum install httpd mod_ssl -y

vim /etc/httpd/conf.d/ssl.conf

Listen 443 https
<VirtualHost *:443>
    ServerName example.com
    SSLEngine on
    SSLCertificateFile /cert/server.crt
    SSLCertificateKeyFile /cert/server.key
    ProxyRequests On
    ProxyVia On
    <Proxy *>
        Order deny,allow
        allow from all
    </Proxy>
</VirtualHost>

systemctl restart httpd

• nginx

nginx 默认并不支持代理https需要第三方模块支持

编译安装nginx

yum install gc gcc gcc-c++ pcre-devel zlib-devel openssl-devel patch wget -y

cd /usr/local/src/

wget http://nginx.org/download/nginx-1.9.2.tar.gz

wget https://github.com/chobits/ngx_http_proxy_connect_module/archive/master.zip

tar -xzvf nginx-1.9.2.tar.gz 

unzip master.zip

cd nginx-1.9.2

patch -p1 < ../ngx_http_proxy_connect_module-master/patch/proxy_connect.patch

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-stream --add-module=/usr/local/src/ngx_http_proxy_connect_module-master

make && make install

 nginx配置文件

vim /usr/local/nginx/conf/nginx.conf

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
    listen 443 ssl;
    resolver                       8.8.8.8;
    ssl on;
    ssl_certificate /cert/server.crt;
    ssl_certificate_key /cert/server.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    server_name example.com;
    proxy_connect;
    proxy_connect_allow            443 563;
    proxy_connect_connect_timeout  10s;
    proxy_connect_read_timeout     10s;
    proxy_connect_send_timeout     10s;
    location / {
         proxy_pass https://$host;
         proxy_set_header Host $host;
           }
        }  

}

/usr/local/nginx/sbin/nginx

•  squid

yum install squid -y

vim /etc/squid/squid.conf

https_port 443 cert=/cert/server.crt key=/cert/server.key
dns_nameservers 8.8.8.8
http_access allow all


systemctl restart squid

浏览器可以借助一个叫 SwitchyOmega 插件代理上网

官网 https://www.switchyomega.com/

 

windows10 可以通过系统代理