某些公司会墙特定网站,如果你有一个可访问的域名和服务器,就可以通过nginx反向代理来来解决这些问题。比如现在我们用mirror.example.com镜像www.baidu.com,以下是详细操作。

  • DNS里添加A记录,新增子域名,如:mirror.example.com

  • 在nginx里新增解析文件。注意下面的配置是用https去镜像https。

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    server {
    server_name mirror.example.com;
    # 下面这段location配置是关键
    location / {
    sub_filter www.baidu.com mirror.example.com;
    sub_filter_once off;
    proxy_ssl_session_reuse off;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Referer https://www.baidu.com;
    proxy_set_header Host www.baidu.com;
    proxy_pass https://www.baidu.com;
    proxy_set_header Accept-Encoding "";
    }
    # 下面这段SSL配置,是由Certbot生成的,这里不再赘述,可以查看我早期的文章
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/mirror.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mirror.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    # 这个配置是关键,否则会产生shake error
    proxy_ssl_server_name on;
    }
    server {
    if ($host = mirror.example.com) {
    return 301 https://$host$request_uri;
    } # managed by Certbot
    listen 80;
    server_name mirror.example.com;
    return 404; # managed by Certbot
    }
  • 重启nginx即可。

    1
    sudo systemctl restart nginx

END