使用nginx搭建正向代理,配置到docker解决官方仓库无法访问

分享 2024-06-18

实验准备:

1、一台可以正常访问官方仓库的服务器(例如:阿里云香港,或其他)
2、准备ssl证书(如果买过域名可以免费申请)

实验步骤:

安装nginx with proxy

1、在代理服务器安装带有ngx_http_proxy_connect_module模块的nginx
以nginx 1.24为例


su - root 
apt update
#安装nginx依赖
apt install libpcre3 libpcre3-dev
cd
#下载源码包
wget https://nginx.org/download/nginx-1.24.0.tar.gz
wget https://github.com/chobits/ngx_http_proxy_connect_module/archive/refs/tags/v0.0.5.tar.gz
tar -zxvf nginx-1.24.0.tar.gz
tar -zxvf v0.0.5.tar.gz
cd nginx-1.24.0
#应用模块,并编译安装
patch -p1 < /root/ngx_http_proxy_connect_module-0.0.5/patch/proxy_connect_rewrite_102101.patch
./configure --add-module=/root/ngx_http_proxy_connect_module-0.0.5 --prefix=/opt/nginx --with-http_ssl_module
make 
make install

编译安装完成后,在/opt/nginx,你也可以在configure时自行修改

配置nginx作为正向代理

nginx.conf配置如下

/opt/nginx/conf/nginx.conf

#user  nobody;
worker_processes  1;
events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
         resolver 114.114.114.114;       #指定DNS服务器IP地址
         listen 7890;
         location / {
         proxy_pass http://$host$request_uri;     #设定代理服务器的协议和地址
        proxy_set_header HOST $host;
        proxy_buffers 256 4k;
        proxy_max_temp_file_size 0k;
        proxy_connect_timeout 30;
        proxy_send_timeout 60;
        proxy_read_timeout 60;
        proxy_next_upstream error timeout invalid_header http_502;
    }
}
server {
    listen                         7891 ssl;

    # self signed certificate generated via openssl command
    ssl_certificate_key            /opt/nginx/conf/server.key;
    ssl_certificate                /opt/nginx/conf/server.pem;
    ssl_session_cache              shared:SSL:1m;

    # dns resolver used by forward proxying
    resolver                       8.8.8.8 ipv6=off;

    # forward proxy for CONNECT request
    proxy_connect;
    proxy_connect_allow            all;
    proxy_connect_connect_timeout  10s;
    proxy_connect_data_timeout     10s;

    # defined by yourself for non-CONNECT request
    # Example: reverse proxy for non-CONNECT requests
    location / {
        proxy_pass http://$host;
        proxy_set_header Host $host;
    }
}





}

检查配置文件是否有误

/opt/nginx/sbin/nginx -t

启动nginx

/opt/nginx/sbin/nginx

docker代理配置:

登录到docker需要使用代理访问的服务器

修改docker配置如下
vi /etc/docker/daemon.json


{
"proxies": {
    "http-proxy": "http://proxy.example.com:7890",
    "https-proxy": "https://proxy.example.com:7891",
    "no-proxy": "*.test.example.com,.example.org,127.0.0.0/8"
  }
}

重启docker服务
systemctl restart docker


本文由 nobinobita 创作,采用 知识共享署名 3.0,可自由转载、引用,但需署名作者且注明文章出处。

还不快抢沙发

添加新评论