空白网络

Nginx反向代理Google
之前有人写过一篇比较简单的Nginx反向代理教程,不过比较难用今天在Liunx运维笔记中又发现了一个Ngxin反向...
扫描右侧二维码阅读全文
06
2017/07

Nginx反向代理Google

之前有人写过一篇比较简单的Nginx反向代理教程,不过比较难用
今天在Liunx运维笔记中又发现了一个Ngxin反向代理,不过用的是Ngxin的模块,暂时还未进行测试
项目地址:github

模块介绍

ngx_http_google_filter_module是一个过滤器模块,能够让谷歌镜像更便捷的部署。内建了正则表达式、URI locations和其他复杂的配置。原生nginx模块确保了更加高效地处理cookies, gstatic scoures和重定向。

安装Nginx

使用《OneinStack》Nginx选择y,其余n
重新编译Nginx,安装ngx_http_google_filter_module模块
cd /root/oneinstack/src
git clone https://github.com/cuber/ngx_http_google_filter_module
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module
wget http://mirrors.linuxeye.com/oneinstack/src/pcre-8.39.tar.gz
wget http://mirrors.linuxeye.com/oneinstack/src/openssl-1.0.2j.tar.gz
tar xzf pcre-8.39.tar.gz
tar xzf openssl-1.0.2j.tar.gz
tar xzf nginx-1.10.2.tar.gz
cd nginx-1.10.2
./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module \
--with-http_v2_module --with-http_ssl_module --with-ipv6 --with-http_gzip_static_module \
--with-http_realip_module --with-http_flv_module --with-openssl=../openssl-1.0.2j \
--with-pcre=../pcre-8.39 --with-pcre-jit --with-ld-opt='-ljemalloc' \
--add-module=../ngx_http_google_filter_module \
--add-module=../ngx_http_substitutions_filter_module
make
mv /usr/local/nginx/sbin/nginx{,_date +%m%d} #备份现有nginx
cp objs/nginx /usr/local/nginx/sbin/ #更新nginx
nginx -t #检查nginx语法
service nginx restart

  • 要正确使用ngx_http_google_filter_module模块,需要依赖扩展:

· pcre 正则
· ngx_http_proxy_module 反向代理
· ngx_http_substitutions_filter_module 多重替换

安装Let's Encrypt

cd /root/oneinstack
./addons.sh
选择7安装Let's Encrypt,具体参考《OneinStack自动部署Let’s Encrypt证书》

绑定域名

cd /root/oneinstack
./vhost.sh
vhost.sh绑定域名(demo.linuxeye.com,请改成自己域名),ssl选择y,Let's Encrypt选择y,具体参考《OneinStack自动部署Let’s Encrypt证书》

更改配置文件

vi /usr/local/nginx/conf/vhost/demo.linuxeye.com.conf,保持内容如下:
server {
listen 443 ssl http2;
server_name demo.linuxeye.com;
ssl_certificate /usr/local/nginx/conf/ssl/demo.linuxeye.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/demo.linuxeye.com.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers CHACHA20:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
ssl_session_cache builtin:1000 shared:SSL:10m;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
location / {
google on;
google_scholar on; #google_scholar 依赖于 google, 所以 google_scholar 无法独立使用。由于谷歌学术近日升级, 强制使用 https 协议, 并且 ncr 已经支持, 所以不再需要指定谷歌学术的 tld
google_language en; #语言偏好,默认使用 zh-CN (中文)
}
}
server {
listen 80;
server_name demo.linuxeye.com;
rewrite ^(.*)$ https://$host$1 permanent; #访问http跳转至https
}

保持配置文件重启nginx:service nginx restart

Last modification:July 6th, 2017 at 06:11 pm
If you think my article is useful to you, please feel free to appreciate

Leave a Comment