如果是为了隐藏源站IP而使用Nginx 反向代理,可以将源站域名替换为一个不存在的子域名,然后在代理机上vi /etc/hosts,将这个不存在的子域名指向源站IP。
安装nginx
cd /root
apt-get update
apt-get install -y git gcc g++ make automake
sudo apt-get install libpcre3 libpcre3-dev
sudo apt-get install openssl libssl-devapt-get install zlib1g-dev
或者
yum -y install pcre-devel openssl openssl-devel
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module
wget http://nginx.org/download/nginx-1.2.8.tar.gzwget http://nginx.org/download/nginx-1.19.0.tar.gz
tar zxvf nginx-1.2.8.tar.gz
cd nginx-1.2.8
./configure –user=www –group=www –prefix=/usr/local/nginx –with-http_stub_status_module –with-http_ssl_module –with-http_gzip_static_module –with-ipv6 –with-http_sub_module –add-module=/root/ngx_http_substitutions_filter_module
make
make install
修改nginx.conf,配置反向代理以及替换内容
添加缓存文件夹
mkdir /home/cache/path -p
mkdir /home/cache/temp
chmod 777 -R /home/cache
cd /usr/local/nginx/conf/
新增虚拟主机配置:
vi /usr/local/nginx/conf/vhosts/xxx.com.conf
修改nginx.conf
#在 http 配置节的结束花括号 } 前一行加入如下语句
include /usr/local/nginx/conf/vhosts/*;
创建www这个用户
/usr/sbin/groupadd -f www
/usr/sbin/useradd -g www www
查看配置文件是否正确
由于系统默认会查找/usr/bin下的命令
ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
/usr/local/nginx/sbin/nginx -t
重新加载 Nginx配置文件
service apache2 stop
sudo nginx -c /usr/local/nginx/conf/nginx.conf
sudo nginx -s reload
示例:
server {
listen 80;
server_name xxx.com yyy.com; #绑定域名
access_log off;
#off 关闭日志
location / {
#添加开始
#subs_filter_types text/html text/css text/xml;
subs_filter yyy.com xxx.com gi;
proxy_cache cache_one;
proxy_cache_valid 200 304 3h;
proxy_cache_valid 301 3d;
proxy_cache_valid any 10s;
proxy_pass http://yyy.com/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";#特别重要
#添加结束
}
}
替换规则
subs_filter_types text/html text/css text/xml;
subs_filter st(\d*).example.com $1.example.com ir;
subs_filter a.example.com s.example.com;
*subs_filter* 是用来替换文本的,可以使用正则
* *g*(默认):替换匹配项。
* *i*:区分大小写的匹配
* *o*: 只匹配发现的第一个。
* *r*: 正则。
oneinstack添加ngx_http_substitutions_filter_module:
nginx -V
cd /root/oneinstack/src
tar zxvf nginx-1.14.2.tar.gz
tar zxvf pcre-8.42.tar.gz
tar zxvf openssl-1.1.1a.tar.gz
cd nginx-1.14.2
./configure –user=www –group=www –prefix=/usr/local/nginx –user=www –group=www –with-http_stub_status_module –with-http_v2_module –with-http_ssl_module –with-http_gzip_static_module –with-http_realip_module –with-http_flv_module –with-http_mp4_module –with-openssl=../openssl-1.1.1a –with-pcre=../pcre-8.42 –with-pcre-jit –with-ld-opt=-ljemalloc –add-module=/root/ngx_http_substitutions_filter_module
make && make install
覆盖原nginx文件
service nginx stop
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
cp /root/oneinstack/src/nginx-1.14.2/objs/nginx /usr/local/nginx/sbin/
service nginx start
vi /etc/hosts
kill -9 $(ps -ef|grep “nginx”|grep -v “grep”|awk ‘{print $2}’)
/usr/local/nginx/sbin/nginx -t
nginx -c /usr/local/nginx/conf/nginx.conf
nginx -s reload
