quakemachineX

Nginx 反代小草的方法 - 境外&境内

为了防止滥用，先生成认证文件：

#生成密码文件，添加用户名
sudo sh -c "echo -n 'sammy:' >> /usr/local/nginx/conf/.htpasswd"
#为此用户设置密码
sudo sh -c "openssl passwd -apr1 >> /usr/local/nginx/conf/.htpasswd"

1. 通过境外 VPS 反代：

nginx 关键代码：

location /
{
#	开启认证防止滥用
	auth_basic "Once A Thief";
	auth_basic_user_file /usr/local/nginx/conf/.htpasswd;

	proxy_pass http://www.t66y.com;
	proxy_set_header Host www.t66y.com;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header REMOTE-HOST $remote_addr;

	add_header X-Cache $upstream_cache_status;
	proxy_set_header Accept-Encoding "";
	proxy_ssl_name www.t66y.com;
	proxy_ssl_server_name on;
	sub_filter "www.t66y.com" "usite.domain.com";
	sub_filter_once off;
	expires 12h;
}

location ~ .*.(php|jsp|cgi|asp|aspx|flv|swf|xml)?$
{
	auth_basic "Once A Thief";
	auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
	proxy_pass http://www.t66y.com;
	proxy_set_header Host www.t66y.com;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header REMOTE-HOST $remote_addr;
	proxy_set_header Accept-Encoding "";
	sub_filter "www.t66y.com" "usite.domain.com";
	sub_filter_once off;
}

location ~ .*.(html|htm|png|gif|jpeg|jpg|bmp|js|css)?$
{
	auth_basic "Once A Thief";
	auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
	proxy_pass http://www.t66y.com;
	proxy_set_header Host www.t66y.com;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header REMOTE-HOST $remote_addr;
	proxy_set_header Accept-Encoding "";
	sub_filter "www.t66y.com" "usite.domain.com";
	sub_filter_once off;
	expires 24h;
}

2. 通过境内 VPS 反代：

nginx 关键代码：

location /
{
#	turn on auth for this location
	auth_basic "Once A Thief";
	auth_basic_user_file /usr/local/nginx/conf/.htpasswd;

	proxy_pass https://127.0.0.1:1024;
	proxy_set_header Host www.t66y.com;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header REMOTE-HOST $remote_addr;

	add_header X-Cache $upstream_cache_status;
	proxy_set_header Accept-Encoding "";
	proxy_ssl_name www.t66y.com;
	proxy_ssl_server_name on;
	sub_filter "www.t66y.com" "usite.domain.com";
	sub_filter_once off;
	expires 12h;
}

需要准备一个可以出去的 socks5 代理，v2ray,ss,trojan 随便你用什么，假设监听在本地的 1080 端口；

安装 socat：

apt install socat

测试时可用命令行：

socat -d -d TCP4-LISTEN:1024,bind=127.0.0.1,reuseaddr,fork PROXY:127.0.0.1:t66y.com:443,proxyport=1080

正式工作的 systemd service 文件：

[Unit]
Description=socat
After=network.target

[Service]
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/socat TCP4-LISTEN:1024,bind=127.0.0.1,reuseaddr,fork PROXY:127.0.0.1:t66y.com:443,proxyport=1080

[Install]
WantedBy=multi-user.target

参考：

https://stackoverflow.com/questions/46803431/nginx-proxy-pass-over-https-proxy
https://gist.github.com/miyouzi/3e3d57cde402b829aeb1d865b14eaa1a

2022-10-10 更新：

location /
    {
        auth_basic "Once A Thief";
        auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
        proxy_ssl_name www.t66y.com;
        proxy_ssl_server_name on;
        gzip on;
        gzip_min_length 1k;
        gzip_buffers 4 16k;
        gzip_comp_level 5;
        gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
        gzip_vary off;
        proxy_redirect off;
        proxy_set_header Host www.t66y.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass https://www.t66y.com;
        proxy_set_header Accept-Encoding "";
        sub_filter 'www.t66y.com' 'cl.249749.xyz';
        sub_filter_types text/xml;
        sub_filter_once off;
    }

Internet - Entertainment - Software | Trackback | Comments [RSS 2.0] | FavLinks |

您还可以参考以下文章: