Shulou(Shulou.com)05/31 Report--

This article mainly introduces the relevant knowledge of "how to configure Google reverse proxy on the Nginx server". The editor shows you the operation process through an actual case. The operation method is simple, fast and practical. I hope this article "how to configure Google reverse proxy on the Nginx server" can help you solve the problem.

First, direct reverse proxy, using 7ghost source code to build, the advantage is simple and easy to use, the disadvantage is easy to be shielded, can not search sensitive words.

Second, the use of ssl encryption reverse proxy, the advantage is secure, not easy to be shielded, the disadvantage is relatively technical, there are many places that need to toss about.

Now let's briefly talk about the setting process of the second method.

Step1: you need an overseas vps with a linux.

The establishment of step2:nginx environment (for convenience, the tutorials will use amh keystroke package to build the environment, of course, you can use Junge keystroke package or pure nginx environment # that is, only install nginx, no need to install php, sql and so on. )

Step3: after installing amh, log in to the amh backend (default address is your vps ip address: 8888), click the module extension-download module-search for "ssl", and click download.

OK, now our ssl module has been installed.

Now click on the virtual host, fill in the domain name information, click ssl configuration, configure ssl related information.

Then execute vim / usr/local/nginx/conf/vhost/ your domain name .conf in vps (other environments are subject to your environment, amh's conf is here)

Add the new code (first empty your domain name .conf and then copy and paste the following code), then save the exit and restart nginx. (the code needs to be changed according to the actual situation, which is given here in the form of the complete code. The last part of the code is to let the access http jump to https.)

Server {listen 443 * serverroomname guance.com;ssl on;ssl_certificate / usr/local/nginx/conf/ssl/www.guance.com.crt;ssl_certificate_key / usr/local/nginx/conf/ssl/www.guance.com.pem;ssl_protocols sslv3 tlsv1;ssl_ciphers all:-adh:+high:+medium:-low:-sslv2:-exp;location / {proxy_redirect off;proxy_pass https://www.google.co.jp/;proxy_redirect http://www.google.com/ / Proxy_cookie_domain google.com guance.com;proxy_set_header accept-encoding ""; proxy_set_header user-agent $http_user_agent;proxy_set_header accept-language "zh-cn"; proxy_set_header cookie "pref=id=047808f19f6de346:u=0f62f33dd8549d11:ff=2:ld=zh-cn:nw=1:tm=1325338577:lm=1332142444:gm=1:sg=2:s=re0syjh2w1iq-maw";}} server {listen 80 guance.com;rewrite guance.com;rewrite ^ (. *) serverSecretname} server {listen 80 guance.com;rewrite www.guance.com Rewrite ^ (. *) https://guance.com$1 permanent;} server {listen www.guance.com:80;server_name guance.com;rewrite ^ (. *) $https://$host$1 permanent;}

It's all done here.

Ps: about ssl encryption

The full name of ssl is security socket layer. If the website uses ssl encryption, gf encryption cannot seal the domain name, because url is also encrypted during transmission, and gf encryption is powerless. But gf ports can block port 443 of ip, but in that case, you can still avoid being blocked by changing ip.

Gf blocks google's ssl encrypted search by blocking port 443 of google's designated ip. Because the first step in establishing a https connection is to request google to issue a certificate: send a http packet to the ip address of google, which says port 443. At a glance, gf seal!

Port 443 is the web browsing port, which is mainly used for https services and is another kind of http that provides encryption and transmission through secure ports. Https services are used in some websites with high security requirements, such as banks, securities, shopping, etc., so that the exchange information on these sites can not be seen by others, which ensures the security of the transaction. The address of the web page starts with https://, not the usual http://.

Ssl certificates need to be purchased, and there are many cheap ssl certificates online, about $10 a year, which is about the same as the annual fee for a .com domain name. And in fact, you can find free ssl certificates, such as those provided by startssl.com. In terms of effectiveness, cheap certificates are certainly a little worse than certificates issued by large institutions, but almost all mainstream browsers accept these certificates.

The use of ssl encryption on websites is not very friendly to search engines. Baidu basically does not include https sites (except for some major sites), but it has no impact on Google.

This is the end of the introduction on "how to configure the Google reverse proxy on the Nginx server". Thank you for reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.