Frazier, Charles. “Configure Proxy Server.” Configure Proxy Server, Charles Frazier, 29 Oct. 2023, <charlesfrazier.github.io/tech/proxy.html>
Any bug or suggestion, please contact me at charles-frazier@outlook.com
An intranet server is a server that hosts resources and services within a private network known as an intranet. Unlike the internet, which is publicly accessible, an intranet is a restricted network accessible only to authorized users within an organization.
Nginx is a high-performance, open-source web server, reverse proxy server, load balancer, and HTTP cache. Originally developed by Igor Sysoev, it is known for its speed, efficiency, and scalability, making it one of the most popular choices for serving web content and managing internet traffic.
Direct Connection:
The intranet server connects directly to the local area network (LAN) via a router or switch. The LAN is then connected to the external network, such as the internet, through a router.
This method requires proper configuration of the router or switch to allow communication between the intranet server and the external network.
This is what you did when you connected to the campus network using
.
Using a Proxy Server:
This is what I want to introduce in this article.
I highly recommend the following method. nginx
is extremely powerful, not difficult to configure, highly customizable, pure command line, and everything is in your own hands.
If you are using Windows
, then CCproxy is also an extremely simple method. This is a Chinese application with a graphical interface, but it is not so elegant, has a single function and poor performance. I will mention it in the section 3.
nginx
This document is using the
OS X
system, so Windows’scommands
andpath
may differ.
Suppose A is the intranet server which needs to access the internet, and B is the proxy server that connects to the internet and can communicate with A.
To set up a proxy server with nginx, follow these steps:
⚠️Confuse about running too many commands? Try to visit this page for script.
Install nginx on B.
There is no specific version requirement. I downloaded 1.19.9. The following text uses 1.19.9 as an example.
wget http://nginx.org/download/nginx-1.19.9.tar.gz
tar -xzf nginx-1.19.9.tar.gz
Install patch for nginx.
Based on the nginx version you selected, find the corresponding version patch.
git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
cd nginx-1.19.9
patch -p1 < ../ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch
Install dependencies.
cd ..
wget https://www.openssl.org/source/openssl-3.0.13.tar.gz
tar -xzf openssl-3.0.13.tar.gz
wget https://sourceforge.net/projects/pcre/files/pcre/8.35/pcre-8.35.tar.gz
tar -xzf pcre-8.35.tar.gz
wget https://zlib.net/zlib-1.3.1.tar.gz
tar -xzf zlib-1.3.1.tar.gz
Configure and install nginx.
cd nginx-1.19.9
sudo ./configure --with-openssl=../openssl-3.0.13 --with-pcre=../pcre-8.35 --with-zlib=../zlib-1.3.1 --add-module=../ngx_http_proxy_connect_module --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads
sudo make
sudo make install
Check if nginx is installed successfully.
/usr/local/nginx/sbin/nginx -V
The following information should be displayed:
nginx version: nginx/1.19.9 built by clang 15.0.0 (clang-1500.1.0.2.5) built with OpenSSL 3.0.13 30 Jan 2024 TLS SNI support enabled configure arguments: --with-openssl=../openssl-3.0.13 --with-pcre=../pcre-8.35 --with-zlib=../zlib-1.3.1 --add-module=../ngx_http_proxy_connect_module --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads
Keep in mind the two important path
/usr/local/nginx/sbin/nginx # nginx executable file
/usr/local/nginx/conf/nginx.conf # nginx configuration file
Edit the configuration file.
cd /usr/local/nginx/conf/
sudo vim nginx.conf
Change the configuration file content to the following.
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server{
listen 8000;
resolver 114.114.114.114;
proxy_connect;
proxy_connect_allow 443 563;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location / {
proxy_pass http://$host;
proxy_set_header Host $host;
}
}
}
Test the configuration file:
sudo /usr/local/nginx/sbin/nginx -t
If an error is returned, check your configuration file, especially if the brackets match!
If the test is successful, reload nginx:
sudo /usr/local/nginx/sbin/nginx -s reload
If the reload command fails:
nginx: [error] open() "/usr/local/nginx/logs/nginx.pid" failed (2: No such file or directory)
nginx: [error] invalid PID number "" in "/usr/local/nginx/logs/nginx.pid"
You can use the following command first:
sudo /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
Then use the reload command again.
Configure the intranet server to use the proxy server in your bash profile.
Edit the .bash_profile
or .profile
,ect…
vim ~/.bash_profile
Add the following content to the file.
export http_proxy=http://ip:8000
export https_proxy=http://ip:8000
If you’re working on macOS, just open system settings , click on Wi-Fi, click on details, click on TCP/IP, and you will see the IP address.
If you’re working on Linux, you can use the following command to get the IP address.
ipconfig getipaddr en0
ipconfig getipaddr en1
If you’re working on Windows, just open wifi settings, click on the wifi you connected, roll down, you will see the IPv4 address
– that is what you’re looking for.
Make it take effect immediately.
source ~/.bash_profile
CCproxy
Download and install CCproxy
.
Open CCproxy
and configure the proxy server.
Set up the account, set the allowed range
to the allowed part
, click New
on the right, and enter the server IP
that needs to be used as a proxy to access the Internet.
After completion, restart then click Start
.
Operation on A
is the same as the above.
Each time you restart the computer, you need to restart the proxy server.
NJU-WLAN’s IP changes each time you reconnecte, you need to change the IP address in the .bash_profile
or .profile
file.
Confused about .bash_profile
or .profile
file? Another much more direct way is point out explicitly without editing the file.
pip install --proxy=http://ip:8000 package_name
sudo apt install -o Acquire::http::Proxy="http://ip:8000" package_name
wget --proxy=on --proxy=http://ip:8000 download_link
curl -x http://ip:8000 download_link
git config --global http.proxy http://ip:8000