准备:
购买一台香港区服务器
购买一个跨境带宽包, (需要拿企业营业执照备案)
购买一个云企业网

安装nginx

这个nginx是阿里云二次开发的,引入的也是特殊的模块,配置也不一样

  1. sudo yum install yum-utils -y
  2. vim /etc/yum.repos.d/nginx.repo
  3. [root@iZj6c0od2gvqtan4qpaapcZ ~]# cat /etc/yum.repos.d/nginx.repo
  4. [nginx-stable]
  5. name=nginx stable repo
  6. baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
  7. gpgcheck=1
  8. enabled=1
  9. gpgkey=https://nginx.org/keys/nginx_signing.key
  10. module_hotfixes=true
  11. [nginx-mainline]
  12. name=nginx mainline repo
  13. baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
  14. gpgcheck=1
  15. enabled=0
  16. gpgkey=https://nginx.org/keys/nginx_signing.key
  17. module_hotfixes=true
  18. sudo yum install yum-sudo yum-config-manager --enable nginx-mainline
  19. sudo yum install nginx -y
  20. sudo setsebool -P httpd_can_network_connect 1
  21. systemctl start nginx

配置

  1. user nginx;
  2. worker_processes auto;
  3. error_log /var/log/nginx/error.log;
  4. pid /run/nginx.pid;
  5. include /usr/share/nginx/modules/*.conf;
  6. events {
  7. use epoll;
  8. worker_connections 4096;
  9. }
  10. stream {
  11. map $ssl_preread_server_name $backend_pool {
  12. https://www.apple.com $ssl_preread_server_name:$server_port;
  13. https://www.google.com $ssl_preread_server_name:$server_port;
  14. https://www.facebook.com $ssl_preread_server_name:$server_port;
  15. https://www.googleapis.com $ssl_preread_server_name:$server_port;
  16. https://oauth2.googleapis.com $ssl_preread_server_name:$server_port;
  17. googleapis.com $ssl_preread_server_name:$server_port;
  18. oauth2.googleapis.com $ssl_preread_server_name:$server_port;
  19. apple.com $ssl_preread_server_name:$server_port;
  20. ~.*\.apple\.com $ssl_preread_server_name:$server_port;
  21. google.com $ssl_preread_server_name:$server_port;
  22. facebook.com $ssl_preread_server_name:$server_port;
  23. ~.*\.facebook\.com $ssl_preread_server_name:$server_port;
  24. ~.*\.oauth2.googleapis\.com $ssl_preread_server_name:$server_port;
  25. ~.*\.googleapis\.com $ssl_preread_server_name:$server_port;
  26. ~.*\.google\.com $ssl_preread_server_name:$server_port;
  27. default "";
  28. }
  29. server {
  30. listen 443;
  31. ssl_preread on;
  32. resolver 8.8.8.8;
  33. proxy_pass $backend_pool;
  34. }
  35. }
  36. http {
  37. log_format main '$remote_addr - $remote_user [$time_local] $host$request_uri "$request" '
  38. '$status $body_bytes_sent "$http_referer" '
  39. '"$http_user_agent" "$http_x_forwarded_for"';
  40. access_log /var/log/nginx/access.log main;
  41. sendfile on;
  42. tcp_nopush on;
  43. tcp_nodelay on;
  44. keepalive_timeout 65;
  45. types_hash_max_size 2048;
  46. gzip on;
  47. gzip_comp_level 6;
  48. gzip_http_version 1.1;
  49. gzip_proxied any;
  50. gzip_min_length 1k;
  51. gzip_buffers 16 8k;
  52. gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
  53. gzip_vary on;
  54. #end gzip
  55. client_max_body_size 10m; client_body_buffer_size 128k;
  56. proxy_buffer_size 128k;
  57. proxy_buffers 32 64k;
  58. proxy_busy_buffers_size 256k;
  59. proxy_connect_timeout 60;
  60. proxy_send_timeout 60;
  61. proxy_read_timeout 60;
  62. include /etc/nginx/mime.types;
  63. default_type application/octet-stream;
  64. include /etc/nginx/conf.d/*.conf;
  65. server {
  66. listen 80 default_server;
  67. listen [::]:80 default_server;
  68. server_name _;
  69. # Load configuration files for the default server block.
  70. include /etc/nginx/default.d/*.conf;
  71. location / {
  72. set $is_allow 0;
  73. if ($host = 'www.apple.com') {
  74. set $is_allow 1;
  75. }
  76. if ($host = 'www.facebook.com') {
  77. set $is_allow 1;
  78. }
  79. if ($host = 'www.google.com') {
  80. set $is_allow 1;
  81. }
  82. if ($host = 'www.googleapis.com') {
  83. set $is_allow 1;
  84. }
  85. if ($host = 'apple.com') {
  86. set $is_allow 1;
  87. }
  88. if ($host = 'facebook.com') {
  89. set $is_allow 1;
  90. }
  91. if ($host = 'google.com') {
  92. set $is_allow 1;
  93. }
  94. if ($host = 'googleapis.com') {
  95. set $is_allow 1;
  96. }
  97. if ($host ~ '.*\.office365\.com') {
  98. set $is_allow 1;
  99. }
  100. if ($is_allow = 0) {
  101. return 404;
  102. }
  103. proxy_set_header Host $host;
  104. proxy_set_header Accept-Encoding "";
  105. proxy_set_header X-Real-IP $remote_addr;
  106. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  107. proxy_set_header Cookie $http_cookie;
  108. resolver 8.8.8.8;
  109. proxy_pass http://$host:$server_port$request_uri;
  110. }
  111. }
  112. }

PrivateZone

云解析DNS—-》PrivateZone—-》添加Zone
图片.png
点击解析设置,进去添加记录,解析泛域名,记录值是香港服务器内网ip:172.21.15.93