Nginx代理被墙域名

转载请注明出处:http://www.firefoxbug.com/?p=2042

今天一用户想用OpenCDN使用被墙域名,所谓被墙域名和未备案域名还是有区别的。域名被墙,是指被中国的GFW防火墙屏蔽,使用域名访问时,出现连接重置的情况。我猜想就是GFW把HTTP的URL和Host字段进行过滤,所以某个域名的包都被deny了,但是可以通过Nginx反向代理来解决这个问题。下面大概说明下

www.ooxx.com是被墙域名
源站IP是192.168.1.1(国外)
反代NginxIP是192.168.2.1(国内)


通过下面程序来看什么情况会被墙,你懂的。
#!/usr/bin/python
# -*- coding: UTF-8 -*-

# author : firefoxbug
# E-Mail : wanghuafire@gmail.com
# Blog   : www.firefoxbug.net

import os
import sys
import socket
import urllib2

url_deny_ip = "http://192.168.1.1/"
url_deny_domain = "http://www.ooxx.com/"
header_host_ip = "192.168.1.1"
header_host_domain = "www.ooxx.com"

def send_packet(url,header):
	req = urllib2.Request(url)
	req.add_header('Host',header)
	print "\nurl:%s host:%s\n"%(url,header)
	response = urllib2.urlopen(req)
	try :
		code = response.code
		print "Successfully"
	except urllib2.HTTPError,e:
		code = e.code
		print "Faliured"
	print ""

socket.setdefaulttimeout(5)
send_packet(url_deny_domain,header_host_domain) //被墙
send_packet(url_deny_ip,header_host_ip)  //成功pass
[/code]
知道什么时候不会被墙就好了,只需要通过Nginx把Http请求包重组下就行,替换原站点域名为源站IP就行。具体实现是用Nginx的proxy_set_header就行
server {
        listen 80;
        server_name www.ooxx.com;
        gzip on;
                        
        if (-d $request_filename) {
                rewrite ^/(.*)([^/])$ $scheme://$host/$1$2/ permanent;
        }

        ## Cache For Total
        location / {
                proxy_cache cache_one;
                proxy_cache_valid  200 304 30m; #Cache for 30Minutes
                proxy_cache_key $host$uri$is_args$args;
                proxy_redirect off;
                proxy_pass http://$host; 
                proxy_set_header Host  "192.168.1.1";
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Accept-Encoding "";
                
        ## Ignore Head
                proxy_ignore_headers Cache-Control;
                proxy_hide_header Cache-Control;
                proxy_ignore_headers Expires;
                proxy_hide_header Expires;
                #proxy_hide_header Set-Cookie;
                #proxy_ignore_headers Set-Cookie;
                
                add_header  OpenCDN-Cache "$upstream_cache_status";
                expires 5m;


                }

        ## Cache For Common Static Files
        location ~ .*\.(ico|jpg|jpeg|bmp|gif|png|js|css)$ {
                proxy_cache cache_one;
                proxy_cache_valid 200 304 30m; #Cache for 30Minutes
                proxy_cache_key $host$uri$is_args$args;
                proxy_set_header Host   "192.168.1.1";
                
                add_header  OpenCDN-Cache "$upstream_cache_status";     
                expires 5m;
                if (!-f $request_filename) {
                        proxy_pass      http://$host;
                        break;
                }
        }
        
        ## Not Cache
        location ~ .*\.(php|jsp|cgi|asp|aspx|flv|swf|xml|do|rar|zip|rmvb|mp3|doc|docx|xls|pdf|gz|tgz|rm|exe)?$ {
                proxy_pass              http://$host;
                proxy_set_header Host     "192.168.1.1";
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
        }
}

不仅仅可以通过换IP,还可以通过换不被墙的域名。

标签:none

评论已关闭