The company's R & D is generally in the Intranet environment, but some third-party interfaces need to be called during the development.
At this time, a server can be used as nginx reverse proxy, and then the R & D machine can modify the host file to point the domain name to the server to realize proxy forwarding.
However, the normal nginx http reverse proxy proxy https needs to configure a certificate. We can't have a certificate for the domain name of a third-party interface, so we need to use the stream module of nginx.
The normal nginx reverse proxy is the seventh layer proxy, while the stream module is the fourth layer proxy, forwarding tcp/ip protocol, so no certificate is needed.
The stream module can only be supported after nginx 1.9.0. Currently, nginx-1.17.3 already contains this module by default.
However, in order to implement multiple interfaces of proxy, it is necessary to unpack and analyze the domain name and other information in the tcp package before the request can be distributed. Therefore, the NGX stream SSL preread module is also used. This module is not included in the official release package and needs to be compiled by itself.
nginx profile
user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; server { listen 80; server_name i.bosity.com; location / { proxy_pass http://i-bosity-com.oss-cn-hongkong.aliyuncs.com; #proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection $connection_upgrade; } } include /etc/nginx/conf.d/*.conf; } stream { log_format proxy '$proxy_protocol_addr $remote_addr [$time_local] ' '$protocol $status $bytes_sent $bytes_received ' '$session_time "$upstream_addr" ' '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"'; #access_log /usr/local/nginx/logs/access.log proxy; #error_log /usr/local/nginx/logs/error.log info; map_hash_bucket_size 64; map $ssl_preread_server_name $backend_pool { i.bosity.com server_cn; default server_baidu; } upstream server_cn{ server i-bosity-com.oss-cn-hongkong.aliyuncs.com:443; } upstream server_baidu{ server 127.0.0.1:443; } server{ listen 443; ssl_preread on; proxy_pass $backend_pool; proxy_connect_timeout 15s; proxy_timeout 15s; proxy_next_upstream_timeout 15s; } }