NGINX实现TCP加密代理
实现转发MySql、Redis、矿池ssl 以及各种TCP转发
NGINX实现TCP代理
源码安装NGINX
NGINX官网源码包:NGINX官网下载地址
wget https://nginx.org/download/nginx-1.20.1.tar.gz
tar -zxf nginx-1.20.1.tar.gz
yum install -y pcre-devel pcre zlib zlib-devel openssl openssl-devel wget gcc gcc-c++ unzip
useradd -s /sbin/nologin nginx
tar -xvf nginx-1.20.1.tar.gz
cd nginx-1.20.1/
sed -i '49s/nginx/Microsoft-IIS/' src/http/ngx_http_header_filter_module.c
sed -i '50s/: /: Microsoft-IIS/' src/http/ngx_http_header_filter_module.c
sed -i '51s/: /: Microsoft-IIS/' src/http/ngx_http_header_filter_module.c
./configure \
--prefix=/opt/nginx/ \
--user=nginx \
--group=nginx \
--with-pcre \
--with-http_v2_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-http_v2_module \
--with-threads \
--with-stream \
--with-stream_ssl_module
make && make install
ln -s /opt/nginx/sbin/nginx /usr/bin/nginx
nginx
ps -aux|grep nginx
修改配置文件
vim /opt/nginx/conf/nginx.conf
worker_processes auto;
error_log logs/error.log error;
pid logs/nginx.pid;
events {
worker_connections 65535;
multi_accept on;
}
stream{
#Ethermine
upstream ethermine{
server asia1.ethermine.org:5555; #这以E池为走ssl
}
server {
listen 5555 ssl;
proxy_connect_timeout 10s;
proxy_timeout 30s;
proxy_ssl on;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_session_reuse on;
ssl_certificate baidu.com.crt; #自己的域名证书
ssl_certificate_key baidu.com.key;
proxy_pass ethermine;
}
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
keepalive_timeout 60;
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Max-Age '3628800';
add_header Access-Control-Allow-Credentials 'true';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_header Access-Control-Allow-Methods 'GET,POST,PUT,OPTIONS';
underscores_in_headers on;
client_header_buffer_size 32k;
client_body_buffer_size 20m;
client_max_body_size 120M;
client_header_timeout 1m;
client_body_timeout 1m;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
large_client_header_buffers 4 32k;
fastcgi_buffers 4 128k;
fastcgi_buffer_size 128k;
fastcgi_busy_buffers_size 256k;
server_tokens off;
tcp_nopush on;
tcp_nodelay on;
sendfile on;
gzip on; #开启gzip
#gzip_static on;
gzip_vary on;
gzip_min_length 1k;
gzip_buffers 8 32k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_proxied any;
gzip_types application/javascript application/json text/css image/png;
real_ip_header X-Real-IP;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
include /opt/nginx/conf.d/*.conf; } 重启NGINX
nginx -t
nginx -s reload
netstat -nutlp
测试
iptables 记得开启端口
telnet xxx.com 端口
今天的文章NGINX实现TCP加密代理分享到此就结束了,感谢您的阅读。
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
如需转载请保留出处:https://bianchenghao.cn/6754.html
