某些公司會牆特定網站,如果你有一個可訪問的域名和服務器,就可以通過nginx反向代理來來解決這些問題。比如現在我們用mirror.example.com鏡像www.baidu.com,以下是詳細操作。
一、DNS里添加A記錄,新增子域名,如:mirror.example.com
二、nginx里新增解析文件
(一)http去鏡像http
server {
listen 9999;
server_name mirror.example.com;
charset utf-8;
location / {
proxy_pass http://www.baidu.com;
proxy_set_header Accept-Encoding deflate;
sub_filter_once off;
sub_filter www.baidu.com mirror.example.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
(二)https去鏡像https
server {
listen 9999 ssl;
server_name mirror.example.com;
ssl_certificate /usr/local/ssl/nginx.crt; #證書公鑰
ssl_certificate_key /usr/local/ssl/nginx.key; #證書私鑰
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH:AESGCM:HIGH:!RC4:!DH:!MD5:!3DES:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
proxy_ssl_server_name on;
# 下面這段location配置是關鍵
location / {
sub_filter www.baidu.com mirror.example.com;
sub_filter_once off;
proxy_ssl_session_reuse off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer https://www.baidu.com;
proxy_set_header Host www.baidu.com;
proxy_pass https://www.baidu.com;
proxy_set_header Accept-Encoding "";
}
}
三、重啟nginx