nginx反向代理制作google翻墙

#安装nginx依赖、初始化服务

yum install -y gcc gdb strace gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs patch e2fsprogs-devel krb5-devel libidn libidn-devel openldap-devel nss_ldap openldap-clients openldap-servers libevent-devel libevent uuid-devel uuid mysql-devel libxslt-devel gd* perl perl-devel  gzip openssl  openssl-devel vim

#下载编译安装

wget http://nginx.org/download/nginx-1.9.3.tar.gz

tar -xf nginx-1.9.3.tar.gz

#下载扩展模块

yum install git -y

#下载 substitutions 的源码

git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module

#下载google代理模块ngx_http_google_filter_module

git clone https://github.com/cuber/ngx_http_google_filter_module

#安装nginx

cd ./nginx-1.9.3

#预编译模式一

./configure \

–prefix=/usr/local/nginx  –http-client-body-temp-path=/var/lib/nginx/body –http-fastcgi-temp-path=/var/lib/nginx/fastcgi –http-proxy-temp-path=/var/lib/nginx/proxy –http-scgi-temp-path=/var/lib/nginx/scgi –http-uwsgi-temp-path=/var/lib/nginx/uwsgi –with-debug –with-pcre-jit –with-ipv6 –with-http_ssl_module –with-http_stub_status_module –with-http_realip_module –with-http_auth_request_module –with-http_addition_module –with-http_dav_module  –with-http_gzip_static_module  –with-http_spdy_module –with-http_sub_module –with-mail –with-mail_ssl_module \

–add-module=../ngx_http_substitutions_filter_module \

–add-module=../ngx_http_google_filter_module

#注意预编译报错问题的修复

#预编译模式二:该模式下模块较多,依赖也较多:gd库、zlib依赖、image依赖等等

–prefix=/usr/share/nginx –conf-path=/etc/nginx/nginx.conf –http-log-path=/var/log/nginx/access.log –error-log-path=/var/log/nginx/error.log –lock-path=/var/lock/nginx.lock –pid-path=/run/nginx.pid –http-client-body-temp-path=/var/lib/nginx/body –http-fastcgi-temp-path=/var/lib/nginx/fastcgi –http-proxy-temp-path=/var/lib/nginx/proxy –http-scgi-temp-path=/var/lib/nginx/scgi –http-uwsgi-temp-path=/var/lib/nginx/uwsgi –with-debug –with-pcre-jit –with-ipv6 –with-http_ssl_module –with-http_stub_status_module –with-http_realip_module –with-http_auth_request_module –with-http_addition_module –with-http_dav_module –with-http_geoip_module –with-http_gzip_static_module –with-http_image_filter_module –with-http_spdy_module –with-http_sub_module –with-http_xslt_module –with-mail –with-mail_ssl_module \

<span style=”color: rgb(4, 51, 255);”–<add-module=../ngx_http_substitutions_filter_module \

<span style=”color: rgb(4, 51, 255);”–<add-module=../ngx_http_google_filter_module

#编译、安装

make && make install

mkdir -pv /var/lib/nginx/body

mkdir -pv /var/log/nginx/

mkdir -pv /usr/local/nginx/conf/vhost/

vim /usr/local/nginx/conf/nginx.conf

#user  nobody;
worker_processes  1;
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    #log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘
    #                  ‘$status $body_bytes_sent “$http_referer” ‘
    #                  ‘”$http_user_agent” “$http_x_forwarded_for”‘;
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;
    include /usr/local/nginx/conf/vhost/*;
}

vim /usr/local/nginx/conf/vhost/google.conf    #下面的网址都是直接替换成自己的,这里使用了aws的美国EC2

# upstream配置google的ip,ip可以通过 nslookup www.google.com 命令获取,
# 多运行几次nslookup会获取到多个IP,有助于避免触发google的防机器人检测。
upstream www.google.com {
    server 172.217.0.4:443 weight=1;
    server 172.217.1.36:443 weight=1;
    server 216.58.193.196:443 weight=1;
    server 216.58.216.4:443 weight=1;
    server 216.58.216.36:443 weight=1;
    server 216.58.219.36:443 weight=1;
    server 74.125.25.99:443 weight=1;
    server 74.125.25.103:443 weight=1;
    server 74.125.25.104:443 weight=1;
    server 74.125.25.105:443 weight=1;
    server 74.125.25.106:443 weight=1;
    server 74.125.25.147:443 weight=1;
}
# 这里将http的访问强制跳转到https,ec2-34-208-131-86.us-west-2.compute.amazonaws.com改为自己的域名。
server {
    listen 80;
    server_name ec2-34-208-131-86.us-west-2.compute.amazonaws.com;
    # http to https
    location / {
          rewrite ^/(.*)$ https://ec2-34-208-131-86.us-west-2.compute.amazonaws.com$1 permanent;
    }
}
# https的设置
server {
    listen       443 ssl;
    server_name  ec2-34-208-131-86.us-west-2.compute.amazonaws.com;
    resolver 8.8.8.8;
    # SSL证书的设置,<path to ssl.xxx>改为自己的证书路径
    ssl on;
    ssl_certificate /usr/local/nginx/ssl.crt;
    ssl_certificate_key /usr/local/nginx/ssl.key;
    # 防止网络爬虫
    #forbid spider
    if ($http_user_agent ~* “qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners
-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider
|Sogou web spider|MSNBot|ia_archiver|Tomato Bot”)
    {
        return 403;
    }
    # 禁止用其他域名或直接用IP访问,只允许指定的域名
    #forbid illegal domain
    if ( $host != “ec2-34-208-131-86.us-west-2.compute.amazonaws.com” ) {
        return 403;
    }
    access_log  off;
    error_log   on;
    error_log  /var/log/nginx/google-proxy-error.log;
    # 编译时加了 ngx_http_google_filter_module 模块,location的设置就非常简单
    location / {
        google on;
    }
}

cd /usr/local/nginx

openssl 根据自己的需要使用CA证书或者私有证书

openssl genrsa -out server.key 1024

openssl req -new -key server.key -out server.csr

openssl x509 -req -days 365 -in ssl.csr -signkey server.key -out ssl.crt

/usr/local/nginx/sbin/nginx -t

/usr/local/nginx/sbin/ngin

发表评论

电子邮件地址不会被公开。 必填项已用*标注