Nginx解決ip地址攔截問題，Nginx搭建部署，Nginx支持websocket，Nginx支持https

環境準備：Centos7

依賴準備：

yum install gcc-c++  
yum install pcre pcre-devel  
yum install zlib zlib-devel  
yum install openssl openssl--devel
yum install zip unzip

下載安裝包和插件：

自行去官網下載nginx  http://nginx.org 我用的是nginx-1.17.8.tar.gz

下載nginx插件：echo-nginx-module-master.zip

 安裝nginx：

tar -zxvf nginx-1.17.8.tar.gz
unzip echo-nginx-module-master.zip 
cd nginx-1.17.8
mkdir -p /usr/local/nginx
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module
make -j2
make install
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module --add_module=../echo-nginx-module-master
make -j2
make install

配置nginx：

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  120;

    #gzip  on;


    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;


         location ~ /nginx/.* {
            if ($request_uri ~ ^/nginx/([a-zA-Z0-9]+\:\/\/[0-9a-zA-Z\.\-\w/\:#\$%\?=&]*)) {
                set $url $1;
        #       set $urlparam $2;
            }
        #    echo "url : $url";
        #    echo "param : $urlparam";
            if ($url ~ ^ws(.*)){
                set $url http$1;
            }
            root html;
            index index.html index.htm;

            proxy_http_version 1.1;
            proxy_connect_timeout 20s;
            proxy_read_timeout 120s;
            proxy_send_timeout 120s;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Sec-WebSocket-Version "13";
            # echo "url : $url";
            proxy_pass $url;

        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

        server {
                listen       443 ssl;
                server_name  localhost;
        # resolver 1.2.4.8;
                ssl_certificate      /tmp/cert/cert.pem;
                ssl_certificate_key  /tmp/cert/cert.key;

                ssl_session_cache    shared:SSL:1m;
                ssl_session_timeout  5m;

                ssl_ciphers  HIGH:!aNULL:!MD5;
                ssl_prefer_server_ciphers  on;

                location ~ /nginx/.* {
                if ($request_uri ~ ^/nginx/([a-zA-Z0-9]+\:\/\/[0-9a-zA-Z\.\-\w/\:#\$%\?=&]*)) {
                    set $url $1;
        #       set $urlparam $2;
                }
                if ($url ~ ^ws(.*)){
                    set $url http$1;
                }
        #    echo "url : $url";
        #    echo "param : $urlparam";
                root html;
                index index.html index.htm;
                proxy_http_version 1.1;
                proxy_connect_timeout 20s;
                proxy_read_timeout 120s;
                proxy_send_timeout 120s;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Sec-WebSocket-Version "13";
                proxy_set_header Connection "Upgrade";
                proxy_pass $url;

        }


     }


}

去阿里雲獲取一個https的證書，免費的就行，將證書放在/tmp/cert/目錄下面，並改名爲下面兩個的名稱

/tmp/cert/cert.pem
/tmp/cert/cert.key

啓動nginx：/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

停止nginx：/usr/local/nginx/sbin/nginx -s stop

請求連接的樣子：https://域名/nginx/總被攔截的請求連接

支持 websocket，支持http，需要將nginx部署到一個不會被攔截的域名下面，被攔截的鏈接不能直接用域名