网站地图导出怎么做,wordpress内存耗尽,建设网站用什么服务器,国外网站页面设计目录 1. 缘起2. 部署nginx3. 测试3.1 http测试3.2 https测试4 给centos设置代理访问外网 1. 缘起 最近碰到了一个麻烦事情#xff0c;就是公司的centos测试服务器放在内网环境#xff0c;而且不能直接上外网#xff0c;导致无法通过yum安装软件#xff0c;非常捉急。 幸… 目录 1. 缘起2. 部署nginx3. 测试3.1 http测试3.2 https测试4 给centos设置代理访问外网 1. 缘起 最近碰到了一个麻烦事情就是公司的centos测试服务器放在内网环境而且不能直接上外网导致无法通过yum安装软件非常捉急。 幸好内网还是有可以可以访问外网的机器所以就想到应该可以利用nginx搭建一个代理服务器然后centos通过这个nginx来访问外网。当然如果只是代理http还是很简单的而要代理https还是需要稍费周折因为nginx本身不能部署被代理的网站的证书不能部署成https终结点来因此与被代理客户端之间不能用ssl协议通讯因此需要通过http协议中的CONNECT请求打通和外网的连接然后客户端到nginx走明文nginx到外网走https协议。这里需要用到ngx_http_proxy_connect_module模块来实现CONNECT的代理功能。
2. 部署nginx
步骤1 从nginx官网下载nginx源码包。步骤2 因为nginx原生是不支持CONNECT请求的需要安装一个扩展插件即ngx_http_proxy_connect_module从github下载ngx_http_proxy_connect_module另外还要下载一个nginx内核补丁。步骤3 解压nginx源码包进入nginx源码目录创建modules目录mkdir modules)。步骤4 将ngx_http_proxy_connect_module源码目录放到modules目录中。步骤5 将nginx内核补丁放到nginx源码目录姑且名字叫p1.patch步骤6 在nginx源码目录执行以下命令给nginx内核打上补丁 patch -p 1 p1.patch步骤7编译nginx这里假设nginx安装到/opt/nginx目录中在编译前确认pcre、zlib、openssl的库是否已经正常安装编译命令如下
./configure --prefix/opt/nginx --with-http_ssl_module -add-module./modules/ngx_http_proxy_connect_module
make make install步骤8配置nginx 配置文件如下
#user nobody;
worker_processes 1;#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;#pid logs/nginx.pid;events {worker_connections 1024;
}http {include mime.types;default_type application/octet-stream;#log_format main $remote_addr - $remote_user [$time_local] $request # $status $body_bytes_sent $http_referer # $http_user_agent $http_x_forwarded_for;#access_log logs/access.log main;sendfile on;keepalive_timeout 65;server {# 代理端口listen 8080;server_name localhost;# 解析被代理网站域名的dns服务器根据实际情况自行配置resolver 114.114.114.114;# 开启proxy connect功能proxy_connect;# 设置允许代理的目标端口为443,即https的默认端口proxy_connect_allow 443 80;location / { # 正向代理配置根据请求地址自动解析出目标网站地址并进行代理proxy_pass $scheme://$host$request_uri;# 发送到被代理网站的请求需要添加host头proxy_set_header Host $http_host;proxy_buffers 256 4k; proxy_max_temp_file_size 0;proxy_connect_timeout 30; }}
} 以上配置完成后通过nginx的8080端口既可以代理普通http的请求也可以代理https的请求。
步骤9启动nginx 执行/opt/nginx/sbin/nginx启动nginx
3. 测试
3.1 http测试
curl http://www.baidu.com/ -x 127.0.0.1:8080 -v响应内容
* Trying 127.0.0.1:8080...
* Connected to (nil) (127.0.0.1) port 8080 (#0)GET http://www.baidu.com/ HTTP/1.1Host: www.baidu.comUser-Agent: curl/7.81.0Accept: */*Proxy-Connection: Keep-Alive* Mark bundle as not supporting multiuseHTTP/1.1 200 OKServer: nginx/1.24.0Date: Fri, 23 Feb 2024 09:08:01 GMTContent-Type: text/htmlContent-Length: 2381Connection: keep-aliveAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformEtag: 588604eb-94dLast-Modified: Mon, 23 Jan 2017 13:28:11 GMTPragma: no-cacheSet-Cookie: BDORZ27315; max-age86400; domain.baidu.com; path/!DOCTYPE html
!--STATUS OK--html headmeta http-equivcontent-type contenttext/html;charsetutf-8meta http-equivX-UA-Compatible contentIEEdgemeta contentalways namereferrerlink relstylesheet typetext/css hrefhttp://s1.bdstatic.com/r/www/cache/bdorz/baidu.min.csstitle百度一下你就知道/title/head body link#0000cc div idwrapper div idhead div classhead_wrapper div classs_form div classs_form_wrapper div idlg img hidefocustrue src//www.baidu.com/img/bd_logo1.png width270 height129 /div form idform namef action//www.baidu.com/s classfm input typehidden namebdorz_come value1 input typehidden nameie valueutf-8 input typehidden namef value8 input typehidden namersv_bp value1 input typehidden namersv_idx value1 input typehidden nametn valuebaiduspan classbg s_ipt_wrinput idkw namewd classs_ipt value maxlength255 autocompleteoff autofocus/spanspan classbg s_btn_wrinput typesubmit idsu value百度一下 classbg s_btn/span /form /div /div div idu1 a hrefhttp://news.baidu.com nametj_trnews classmnav新闻/a a hrefhttp://www.hao123.com nametj_trhao123 classmnavhao123/a a hrefhttp://map.baidu.com nametj_trmap classmnav地图/a a hrefhttp://v.baidu.com nametj_trvideo classmnav视频/a a hrefhttp://tieba.baidu.com nametj_trtieba classmnav贴吧/a noscript a hrefhttp://www.baidu.com/bdorz/login.gif?loginamp;tplmnamp;uhttp%3A%2F%2Fwww.baidu.com%2f%3fbdorz_come%3d1 nametj_login classlb登录/a /noscript scriptdocument.write(a hrefhttp://www.baidu.com/bdorz/login.gif?logintplmnu encodeURIComponent(window.location.href (window.location.search ? ? : ) bdorz_come1) nametj_login classlb登录/a);/script a href//www.baidu.com/more/ nametj_briicon classbri styledisplay: block;更多产品/a /div /div /div div idftCon div idftConw p idlh a hrefhttp://home.baidu.com关于百度/a a hrefhttp://ir.baidu.comAbout Baidu/a /p p idcpcopy;2017nbsp;Baidunbsp;a hrefhttp://www.baidu.com/duty/使用百度前必读/anbsp; a hrefhttp://jianyi.baidu.com/ classcp-feedback意见反馈/anbsp;京ICP证030173号nbsp; img src//www.baidu.com/img/gs.gif /p /div /div /div /body /html通过以上的输出可以看到http代理是没有通过CONNECT请求进行连接的响应正常。
3.2 https测试 curl https://www.baidu.com/ -x 127.0.0.1:8080 -v* Trying 127.0.0.1:8080...
* Connected to (nil) (127.0.0.1) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.baidu.com:443CONNECT www.baidu.com:443 HTTP/1.1Host: www.baidu.com:443User-Agent: curl/7.81.0Proxy-Connection: Keep-AliveHTTP/1.1 200 Connection EstablishedProxy-agent: nginx* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CCN; STbeijing; Lbeijing; OBeijing Baidu Netcom Science Technology Co., Ltd; CNbaidu.com
* start date: Jul 6 01:51:06 2023 GMT
* expire date: Aug 6 01:51:05 2024 GMT
* subjectAltName: host www.baidu.com matched certs *.baidu.com
* issuer: CBE; OGlobalSign nv-sa; CNGlobalSign RSA OV SSL CA 2018
* SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):GET / HTTP/1.1Host: www.baidu.comUser-Agent: curl/7.81.0Accept: */** TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuseHTTP/1.1 200 OKAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformConnection: keep-aliveContent-Length: 2443Content-Type: text/htmlDate: Fri, 23 Feb 2024 09:11:25 GMTEtag: 58860410-98bLast-Modified: Mon, 23 Jan 2017 13:24:32 GMTPragma: no-cacheServer: bfe/1.0.8.18Set-Cookie: BDORZ27315; max-age86400; domain.baidu.com; path/!DOCTYPE html
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
!--STATUS OK--html headmeta http-equivcontent-type contenttext/html;charsetutf-8meta http-equivX-UA-Compatible contentIEEdgemeta contentalways namereferrerlink relstylesheet typetext/css hrefhttps://ss1.bdstatic.com/5eN1bjq8AAUYm2zgoY3K/r/www/cache/bdorz/baidu.min.csstitle百度一下你就知道/title/head body link#0000cc div idwrapper div idhead div classhead_wrapper div classs_form div classs_form_wrapper div idlg img hidefocustrue src//www.baidu.com/img/bd_logo1.png width270 height129 /div form idform namef action//www.baidu.com/s classfm input typehidden namebdorz_come value1 input typehidden nameie valueutf-8 input typehidden namef value8 input typehidden namersv_bp value1 input typehidden namersv_idx value1 input typehidden nametn valuebaiduspan classbg s_ipt_wrinput idkw namewd classs_ipt value maxlength255 autocompleteoff autofocusautofocus/spanspan classbg s_btn_wrinput typesubmit idsu value百度一下 classbg s_btn autofocus/span /form /div /div div idu1 a hrefhttp://news.baidu.com nametj_trnews classmnav新闻/a a hrefhttps://www.hao123.com nametj_trhao123 classmnavhao123/a a hrefhttp://map.baidu.com nametj_trmap classmnav地图/a a hrefhttp://v.baidu.com nametj_trvideo classmnav视频/a a hrefhttp://tieba.baidu.com nametj_trtieba classmnav贴吧/a noscript a hrefhttp://www.baidu.com/bdorz/login.gif?loginamp;tplmnamp;uhttp%3A%2F%2Fwww.baidu.com%2f%3fbdorz_come%3d1 nametj_login classlb登录/a /noscript scriptdocument.write(a hrefhttp://www.baidu.com/bdorz/login.gif?logintplmnu encodeURIComponent(window.location.href (window.location.search ? ? : ) bdorz_come1) nametj_login classlb登录/a);/script a href//www.baidu.com/more/ nametj_briicon classbri styledisplay: block;更多产品/a /div /div /div div idftCon div idftConw p idlh a hrefhttp://home.baidu.com关于百度/a a hrefhttp://ir.baidu.comAbout Baidu/a /p p idcpcopy;2017nbsp;Baidunbsp;a hrefhttp://www.baidu.com/duty/使用百度前必读/anbsp; a hrefhttp://jianyi.baidu.com/ classcp-feedback意见反馈/anbsp;京ICP证030173号nbsp; img src//www.baidu.com/img/gs.gif /p /div /div /div /body /html 通过以上的输出可以看到https代理是通过CONNECT请求进行连接的中间有发生ssl的握手过程也已经正常进行了响应。
4 给centos设置代理访问外网 给centos服务器设置两个http_proxy和https_proxy环境变量假设nginx服务器的ip为192.168.0.1那么在命令行执行以下两条命令即 export http_proxyhttp://192.168.0.1:8080
export https_proxyhttps://192.168.0.1:8080 然后就可以顺畅地进行yum了。当然如果可以的话就将以上两条命令配置到bash.rc中这样子免得每次登录都需要敲命令。
