常规的Http或者Socket代理都是共享的,在计算机上配置好代理服务的Ip和端口就可以使用代理服务。 本次改进代理的新思路是实现独享使用自建的代理服务,技术上选用openresty+lua+redis实现。 在公网上建立好本地(127.0.0.1)代理服务后,通过openresty对外开发,拦截请求IP实现过滤非法代理。 思路:每次有电脑需要使用代理时候,首先请求一个url进行请求白名单IP绑定,然后在计算机上配置代理参数使用。如果直接配置代理参数会被拦截禁止访问。 openresty上进行配置: 使用代理:
stream{
lua_add_variable $proxy;
server {
listen 0.0.0.0:6300;
preread_by_lua_block {
local redis = require "resty.redis"
local red = redis:new()
local client_ip = ngx.var.remote_addr
red:set_timeouts(1000, 1000, 1000) -- 1 sec
local ok, err = red:connect("127.0.0.1", 6379)
if not ok then
ngx.say("failed to connect: ", err)
return
end
local res, err = red:auth("a1b2c3d4")
if not res then
ngx.say("failed to authenticate: ", err)
return
end
local res, err = red:get("dog")
if not res then
ngx.say("failed to get dog: ", err)
return
end
if client_ip == res then
ngx.var.proxy ="127.0.0.1:7890"
else
ngx.var.proxy = client_ip
end
}
proxy_pass $proxy;
}
绑定IP:
server {
listen 81;
location /lua {
default_type text/html;
content_by_lua_file lua/redis.lua;
}
}
其中,redis.lua:
local redis = require "resty.redis"
local red = redis:new()
local client_ip = ngx.var.remote_addr
red:set_timeouts(1000, 1000, 1000) -- 1 sec
local ok, err = red:connect("127.0.0.1", 6379)
if not ok then
ngx.say("failed to connect: ", err)
return
end
local res, err = red:auth("a1b2c3d4")
if not res then
ngx.say("failed to authenticate: ", err)
return
end
ok, err = red:set("dog", client_ip)
if not ok then
ngx.say("failed to set dog: ", client_ip)
return
end
ngx.say("set result: ", ok)
local res, err = red:get("dog")
if not res then
ngx.say("failed to get dog: ", err)
return
end
if res == ngx.null then
ngx.say("dog not found.")
return
end
os.execute("d:")
os.execute("cd D:\\openresty-1.27.1.2-win64\\")
os.execute("nginx -s reload")
ngx.say("dog: ", res)