准备:
购买一台香港区服务器
购买一个跨境带宽包, (需要拿企业营业执照备案)
购买一个云企业网
安装nginx
这个nginx是阿里云二次开发的,引入的也是特殊的模块,配置也不一样
sudo yum install yum-utils -y
vim /etc/yum.repos.d/nginx.repo
[root@iZj6c0od2gvqtan4qpaapcZ ~]# cat /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
sudo yum install yum-sudo yum-config-manager --enable nginx-mainline
sudo yum install nginx -y
sudo setsebool -P httpd_can_network_connect 1
systemctl start nginx
配置
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
use epoll;
worker_connections 4096;
}
stream {
map $ssl_preread_server_name $backend_pool {
https://www.apple.com $ssl_preread_server_name:$server_port;
https://www.google.com $ssl_preread_server_name:$server_port;
https://www.facebook.com $ssl_preread_server_name:$server_port;
https://www.googleapis.com $ssl_preread_server_name:$server_port;
https://oauth2.googleapis.com $ssl_preread_server_name:$server_port;
googleapis.com $ssl_preread_server_name:$server_port;
oauth2.googleapis.com $ssl_preread_server_name:$server_port;
apple.com $ssl_preread_server_name:$server_port;
~.*\.apple\.com $ssl_preread_server_name:$server_port;
google.com $ssl_preread_server_name:$server_port;
facebook.com $ssl_preread_server_name:$server_port;
~.*\.facebook\.com $ssl_preread_server_name:$server_port;
~.*\.oauth2.googleapis\.com $ssl_preread_server_name:$server_port;
~.*\.googleapis\.com $ssl_preread_server_name:$server_port;
~.*\.google\.com $ssl_preread_server_name:$server_port;
default "";
}
server {
listen 443;
ssl_preread on;
resolver 8.8.8.8;
proxy_pass $backend_pool;
}
}
http {
log_format main '$remote_addr - $remote_user [$time_local] $host$request_uri "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
gzip on;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_proxied any;
gzip_min_length 1k;
gzip_buffers 16 8k;
gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
gzip_vary on;
#end gzip
client_max_body_size 10m; client_body_buffer_size 128k;
proxy_buffer_size 128k;
proxy_buffers 32 64k;
proxy_busy_buffers_size 256k;
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_read_timeout 60;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
set $is_allow 0;
if ($host = 'www.apple.com') {
set $is_allow 1;
}
if ($host = 'www.facebook.com') {
set $is_allow 1;
}
if ($host = 'www.google.com') {
set $is_allow 1;
}
if ($host = 'www.googleapis.com') {
set $is_allow 1;
}
if ($host = 'apple.com') {
set $is_allow 1;
}
if ($host = 'facebook.com') {
set $is_allow 1;
}
if ($host = 'google.com') {
set $is_allow 1;
}
if ($host = 'googleapis.com') {
set $is_allow 1;
}
if ($host ~ '.*\.office365\.com') {
set $is_allow 1;
}
if ($is_allow = 0) {
return 404;
}
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie $http_cookie;
resolver 8.8.8.8;
proxy_pass http://$host:$server_port$request_uri;
}
}
}
PrivateZone
云解析DNS—-》PrivateZone—-》添加Zone
点击解析设置,进去添加记录,解析泛域名,记录值是香港服务器内网ip:172.21.15.93