nginx反代那些事儿

vps是centos系统，先用源安装了nginx，后来因为反代需要Substitutions模块，又从源码安装了nginx，并添加了Substitutions模块。

如何从源安装nginx

yum -y install nginx

查看nginx编译参数

nginx -V

nginx的启动重启和停止：

systemctl start nginx #启动 nginx 服务
systemctl stop nginx #停止 nginx 服务
systemctl restart nginx #重启 nginx 服务

从源码编译安装nginx需要先安装依赖包

yum -y install gcc gcc-c++ make libtool zlib zlib-devel openssl openssl-devel pcre pcre-devel

从nginx -V可以知道当前nginx的版本，从网上下载对应版本的源码

wget http://nginx.org/download/nginx-1.12.1.tar.gz

查看configure的参数

tar xf nginx-1.12.1.tar.gz
cd nginx-1.12.1
nginx -V
configure arguments:  --prefix=/etc/nginx \
            --sbin-path=/usr/sbin/nginx \
            --conf-path=/etc/nginx/nginx.conf \
            ...

添加substituion模块

./configure --prefix=/etc/nginx \
            --sbin-path=/usr/sbin/nginx \
            --conf-path=/etc/nginx/nginx.conf \
            ...
            --add-module=../ngx_http_substitutions_filter_module

make && make install

cp /usr/sbin/nginx /usr/sbin/nginx.bak #备份
cp /opt/nginx-1.12.1/objs/nginx /usr/sbin/nginx #替换
systemctl restart nginx #重启 nginx 服务

这样即安装好了从源码编译的nginx。

中间曾经出现几次错误，现记录下来：

—with-ld-opt

checking for gcc -pipe switch ... foundchecking for --with-ld-opt="-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E" ... not found./configure: error: the invalid value in --with-ld-opt="-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E"

解决方案

去掉 --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' 选项

HTTP XSLT

./configure: error: the HTTP XSLT module requires the libxml2/libxsltlibraries. You can either do not enable the module or install the libraries.

解决方案

yum -y install libxml2 libxml2-devyum -y install libxslt-devel

HTTP image

./configure: error: the HTTP image filter module requires the GD library.You can either do not enable the module or install the libraries.

解决方案

yum -y install gd-devel

GenIP

./configure: error: the GeoIP module requires the GeoIP library.You can either do not enable the module or install the library.

解决方案

yum -y install GeoIP GeoIP-devel GeoIP-data

Google perftools

./configure: error: the Google perftools module requires the Google perftoolslibrary. You can either do not enable the module or install the library.

解决方案

yum install gperftools

AIO

./configure: no supported file AIO was foundCurrently file AIO is supported on FreeBSD 4.3+ and Linux 2.6.22+ only

解决方案

去掉 --with-file-aio 选项

can not detect int size

./configure: error: can not detect int size

解决方案

去掉下面这个选项

--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic'

./configure: error: the HTTP XSLT module requires the libxml2/libxslt libraries. 的解决方案

yum install libxslt-devel

./configure: error: the HTTP image filter module requires the GD library.的解决方案

yum install gd gd-devel

 

checking forperl+ perl version: v5.10.1 (*) built forx86_64-linux-thread-multiCan’t locateExtUtils/Embed.pm in@INC

 (@INC contains: /usr/local/lib64/perl5/usr/local/share/perl5/usr/lib64/perl5/

vendor_perl/usr/share/perl5/vendor_perl/usr/lib64/perl5/usr/share/perl5.).BEGIN failed–compilation aborted../configure: error: perl module ExtUtils::Embed is required的解决方案

yum -y install perl-devel perl-ExtUtils-Embed

接下来正式进入反代环节

nginx配置文件中location代码段中添加：

proxy_pass https://wordpress.org #说明要反代的网站地址

替换网页内容：

subs_filter wordpress.org wp101.net #网页中wordpress.org替换成wp101.net

反代添加缓存空间：

proxy_cache cache_one;#cache空间名字

proxy_cache_valid 200 304 3d;

proxy_cache_key $host$uri$is_args$args;

expires 10d;

通过反代访问网站，网站记录的是服务区的IP地址在访问网站，如何告诉网站访客的真实IP呢？

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

如何在反代中添加统计代码

set  $injected  ‘<script>

var _hmt = _hmt || [];

(function() {

  var hm = document.createElement(“script”);

  hm.src = “https://hm.baidu.com/hm.js?50b2a787f170b0cf418daa2ce2546b17”;

  var s = document.getElementsByTagName(“script”)[0]; 

  s.parentNode.insertBefore(hm, s);

})();

</script>

‘;

    sub_filter  ‘</body>’  ‘${injected}</body>’;

反代网站添加https

if ($host = ‘wp101.net’)

{ rewrite ^/(.*)$ https://g.32.pm$1 permanent; #统一www域名到不带www域名 }

ssl_certificate /root/ssl/crt.crt;

ssl_certificate_key /root/ssl/crt.key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS; ssl_prefer_server_ciphers on;

ssl_session_cache shared:SSL:10m;

ssl_session_timeout 5m; #网上照抄的SSL参数

location / {

proxy_redirect off;

proxy_pass https://www.google.com/;

proxy_set_header Host www.google.com;

proxy_set_header User-Agent $http_user_agent;

proxy_set_header Referer http://www.google.com;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto https;