做网站赚多少,秦皇岛住房和城乡建设网官网,wordpress 响应 主题,公司简介模板word部署ATS#xff08;Apache Traffic Server#xff09;和Nginx正向代理服务性能对比 1. 正向代理的用途2. ATS(Apache Traffic Server)正向代理服务器部署3. Nginx正向代理服务器部署4. 性能对比 1. 正向代理的用途 正向代理一般是用于内部网络出去#xff0c;反向代理一… 部署ATSApache Traffic Server和Nginx正向代理服务性能对比 1. 正向代理的用途2. ATS(Apache Traffic Server)正向代理服务器部署3. Nginx正向代理服务器部署4. 性能对比 1. 正向代理的用途 正向代理一般是用于内部网络出去反向代理一般是用于外部网络进入 某同学喜欢面向搜索引擎编程想通过 百度搜索引擎查找一些学习资料但是有些网站直接访问可能不太安全会暴露自己的IP同学比较苦恼想着怎样才能使用百度 搜索自己想要的学习资料又不会暴露自己的IP在网站上呢这时我告诉该同学手上刚好有一台代理服务器这台代理服务器通过nginx配置了正向代理转发http和https请求你呢只需要在自己的Windows本地电脑的网关配置一下这台代理服务器的IP和端口号就能正常通过代理服务器访问到百度 并搜索相关的学习资料了还不会暴露自己真实的IP 正向代理用来进行上网等功能。如果把局域网外的Internet想象成一个巨大的资源库则局域网中的客户端要访问Internet则需要通过代理服务器来访问这种代理服务就称为正向代理也就是大家常说的通过正向代理进行上网功能 现在的网站基本上都是https要解决既能访问http80端口也能访问https443端口的网站需要配置两个SERVER节点一个处理HTTP转发另一个处理HTTPS转发而客户端都通过HTTP来访问代理通过访问代理不同的端口来区分HTTP和HTTPS请求 2. ATS(Apache Traffic Server)正向代理服务器部署 Apache Traffic Server官方部署手册
[rootvm10-1-248-42 ~]# wget -O /etc/yum.repos.d/aliyun.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[rootvm10-1-248-42 ~]# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[rootvm10-1-248-42 ~]# rpm -Uvh epel-release-latest-7*.rpm
[rootvm10-1-248-42 ~]# yum install trafficserver -y配置Configuring A Forward Proxy正向代理
[rootvm10-1-248-42 ~]# cp /etc/trafficserver/records.config /etc/trafficserver/records.config.bak
[rootvm10-1-248-42 ~]# vim /etc/trafficserver/records.configCONFIG proxy.config.http.server_ports STRING 8088 // 配置traffic server开放的端口。默认端口号是8080推荐更换
CONFIG proxy.config.http.insert_request_via_str INT 0
CONFIG proxy.config.url_remap.remap_required INT 0 // 禁用重映射规则存在的要求并在traffic server将请求代理到远程主机之前匹配传入请求
CONFIG proxy.config.http.cache.http INT 0 // 关闭代理HTTP请求的缓存
CONFIG proxy.config.reverse_proxy.enabled INT 0 // 关闭反向代理
CONFIG proxy.config.log.max_space_mb_for_logs INT 200000[rootvm10-1-248-42 ~]# systemctl start trafficserver
[rootvm10-1-248-42 ~]# systemctl status trafficserver
● trafficserver.service - Apache Traffic Server is a fast, scalable and extensible caching proxy server.Loaded: loaded (/usr/lib/systemd/system/trafficserver.service; disabled; vendor preset: disabled)Active: active (running) since Fri 2024-01-12 13:59:22 CST; 4s agoDocs: man:traffic_server(8)Main PID: 20309 (traffic_manager)CGroup: /system.slice/trafficserver.service├─20309 /usr/bin/traffic_manager└─20314 /usr/bin/traffic_server -M --httpport 8088:fd8Jan 12 13:59:22 vm10-1-248-42.cloud.local systemd[1]: Started Apache Traffic Server is a fast, scalable and extensible caching proxy server..
Jan 12 13:59:22 vm10-1-248-42.cloud.local traffic_manager[20309]: [E. Mgmt] log [TrafficManager] using root directory /usr
Jan 12 13:59:22 vm10-1-248-42.cloud.local traffic_manager[20309]: NOTE: --- Manager Starting ---
Jan 12 13:59:22 vm10-1-248-42.cloud.local traffic_manager[20309]: NOTE: Manager Version: Apache Traffic Server - traffic_manager - 9.2.3 - (build #...:08:30)
Jan 12 13:59:22 vm10-1-248-42.cloud.local traffic_manager[20309]: NOTE: RLIMIT_NOFILE(7):cur(687832),max(687832)
Jan 12 13:59:25 vm10-1-248-42.cloud.local traffic_server[20314]: NOTE: --- traffic_server Starting ---
Jan 12 13:59:25 vm10-1-248-42.cloud.local traffic_server[20314]: NOTE: traffic_server Version: Apache Traffic Server - traffic_server - 9.2.3 - (bu...:08:30)
Jan 12 13:59:25 vm10-1-248-42.cloud.local traffic_server[20314]: NOTE: RLIMIT_NOFILE(7):cur(687832),max(687832)
Hint: Some lines were ellipsized, use -l to show in full.[rootvm10-1-248-42 ~]# ss -tnlp | grep traffic_manager
LISTEN 0 128 *:8088 *:* users:(([TS_MAIN],pid20314,fd8),(traffic_manager,pid20309,fd8))[rootvm10-1-248-48 ~]# vim /etc/profile
export http_proxy10.1.248.42:8088
export https_proxy10.1.248.42:8088[rootvm10-1-248-48 ~]# source /etc/profile
[rootvm10-1-248-48 ~]# echo $http_proxy
10.1.248.42:8088
[rootvm10-1-248-48 ~]# echo $https_proxy
10.1.248.42:8088Linux客户端代理访问
[rootvm10-1-248-48 ~]# curl http://www.baidu.com/ -v
* About to connect() to proxy 10.1.248.42 port 8088 (#0)
* Trying 10.1.248.42...
* Connected to 10.1.248.42 (10.1.248.42) port 8088 (#0)GET http://www.baidu.com/ HTTP/1.1User-Agent: curl/7.29.0Host: www.baidu.comAccept: */*Proxy-Connection: Keep-AliveHTTP/1.1 200 OKAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformContent-Length: 2381Content-Type: text/htmlDate: Fri, 12 Jan 2024 06:26:24 GMTEtag: 588604c8-94dLast-Modified: Mon, 23 Jan 2017 13:27:36 GMTPragma: no-cacheServer: ATS/9.2.3Set-Cookie: BDORZ27315; max-age86400; domain.baidu.com; path/Age: 0Proxy-Connection: keep-alive!DOCTYPE html
!--STATUS OK--html headmeta http-equivcontent-type contenttext/html;[rootvm10-1-248-48 ~]# curl https://www.baidu.com/ -v
* About to connect() to proxy 10.1.248.42 port 8088 (#0)
* Trying 10.1.248.42...
* Connected to 10.1.248.42 (10.1.248.42) port 8088 (#0)
* Establish HTTP proxy tunnel to www.baidu.com:443CONNECT www.baidu.com:443 HTTP/1.1Host: www.baidu.com:443User-Agent: curl/7.29.0Proxy-Connection: Keep-AliveHTTP/1.1 200 OKDate: Fri, 12 Jan 2024 06:27:02 GMTProxy-Connection: keep-aliveServer: ATS/9.2.3* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crtCApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CNbaidu.com,OBeijing Baidu Netcom Science Technology Co., Ltd,Lbeijing,STbeijing,CCN
* start date: Jul 06 01:51:06 2023 GMT
* expire date: Aug 06 01:51:05 2024 GMT
* common name: baidu.com
* issuer: CNGlobalSign RSA OV SSL CA 2018,OGlobalSign nv-sa,CBEGET / HTTP/1.1User-Agent: curl/7.29.0Host: www.baidu.comAccept: */*HTTP/1.1 200 OKAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformConnection: keep-aliveContent-Length: 2443Content-Type: text/htmlDate: Fri, 12 Jan 2024 06:27:03 GMTEtag: 588603eb-98bLast-Modified: Mon, 23 Jan 2017 13:23:55 GMTPragma: no-cacheServer: bfe/1.0.8.18Set-Cookie: BDORZ27315; max-age86400; domain.baidu.com; path/!DOCTYPE html
!--STATUS OK--html headmeta http-equivcontent-type contenttext/html;3. Nginx正向代理服务器部署
[rootvm10-1-248-197 ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.22.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix/usr/local/nginx --usernginx --groupnginx --pid-path/var/run/nginx/nginx.pid --lock-path/var/lock/nginx.lock --error-log-path/var/log/nginx/error.log --http-log-path/var/log/nginx/access.log --with-http_gzip_static_module --with-http_gunzip_module --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --http-client-body-temp-path/usr/local/nginx/client --http-proxy-temp-path/usr/local/nginx/proxy --http-fastcgi-temp-path/usr/local/nginx/fastcgi --http-uwsgi-temp-path/usr/local/nginx/uwsgi --http-scgi-temp-path/usr/local/nginx/scginginx官方并不支持直接转发https请求,但是阿里对nginx拓展了一个ngx_http_proxy_connect_module模块并且在github上开源了 https://github.com/chobits/ngx_http_proxy_connect_module。网络上很多没有patch该模块而是直接用http的配置只是修改一下端口为443这样是不可行的当正向代理https站点时会报非200错误码。 这里安装nginx通过install进行编译安装编译后默认安装目录为/usr/local/nginx后续配置新模块ngx_http_proxy_connect_module还需要重新install编译一次 将新模块ngx_http_proxy_connect_module源码压缩包上传到服务器上并解压并重命名
[rootvm10-1-248-197 ~]# unzip ngx_http_proxy_connect_module-master.zip
[rootvm10-1-248-197 ~]# mv ngx_http_proxy_connect_module-master ngx_http_proxy_connect_module[rootvm10-1-248-197 ~]# cd nginx-1.22.0
[rootvm10-1-248-197 nginx-1.22.0]# pwd
/root/nginx-1.22.0
[rootvm10-1-248-197 nginx-1.22.0]# patch -p1 /root/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_102101.patch
patching file src/http/ngx_http_core_module.c
patching file src/http/ngx_http_parse.c
patching file src/http/ngx_http_request.c
patching file src/http/ngx_http_request.h
patching file src/http/ngx_http_variables.c[rootvm10-1-248-197 nginx-1.22.0]# ./configure --add-module/root/ngx_http_proxy_connect_module
[rootvm10-1-248-197 nginx-1.22.0]# make make install [rootvm10-1-248-197 ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.22.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
configure arguments: --add-module/root/ngx_http_proxy_connect_module修改nginx的配置 修改nginx的配置分别添加http和https的server其他配置保持不变。 server {listen 80;resolver 114.114.114.114;location / {proxy_pass http://$host$request_uri;proxy_set_header HOST $host;proxy_buffers 256 4k;proxy_max_temp_file_size 0k;proxy_connect_timeout 30;proxy_send_timeout 60;proxy_read_timeout 60;proxy_next_upstream error timeout invalid_header http_502;}}server {resolver 114.114.114.114;listen 443;proxy_connect;proxy_connect_allow 443 563;proxy_connect_connect_timeout 10s;proxy_connect_read_timeout 10s;proxy_connect_send_timeout 10s;location / {proxy_pass https://$host$request_uri;proxy_set_header Host $host;}}[rootvm10-1-248-197 conf]# /usr/local/nginx/sbin/nginx -s reload目前比较主流的DNS ● 国外谷歌8.8.8.8 developers.google.com ● 国外OpenDNS208.67.222.222 signup.opendns.com ● 国内114114.114.114.114 www.114dns.com ● 国内腾讯119.29.29.29 www.dnspod.cn ● 国内阿里223.5.5.5 alidns.com ● 国内百度180.76.76.76 dudns.baidu.com Linux客户端代理访问
[rootvm10-1-248-48 ~]# curl http://www.baidu.com/ -v -x 10.1.248.197:80
* About to connect() to proxy 10.1.248.197 port 80 (#0)
* Trying 10.1.248.197...
* Connected to 10.1.248.197 (10.1.248.197) port 80 (#0)GET http://www.baidu.com/ HTTP/1.1User-Agent: curl/7.29.0Host: www.baidu.comAccept: */*Proxy-Connection: Keep-AliveHTTP/1.1 200 OKServer: nginx/1.22.0Date: Mon, 08 Jan 2024 05:44:21 GMTContent-Type: text/htmlContent-Length: 2381Connection: keep-aliveAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformEtag: 588604c8-94dLast-Modified: Mon, 23 Jan 2017 13:27:36 GMTPragma: no-cacheSet-Cookie: BDORZ27315; max-age86400; domain.baidu.com; path/[rootvm10-1-248-48 ~]# curl https://www.baidu.com/ -v -x 10.1.248.197:443
* About to connect() to proxy 10.1.248.197 port 443 (#0)
* Trying 10.1.248.197...
* Connected to 10.1.248.197 (10.1.248.197) port 443 (#0)
* Establish HTTP proxy tunnel to www.baidu.com:443CONNECT www.baidu.com:443 HTTP/1.1Host: www.baidu.com:443User-Agent: curl/7.29.0Proxy-Connection: Keep-AliveHTTP/1.1 200 Connection EstablishedProxy-agent: nginx* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crtCApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CNbaidu.com,OBeijing Baidu Netcom Science Technology Co., Ltd,Lbeijing,STbeijing,CCN
* start date: Jul 06 01:51:06 2023 GMT
* expire date: Aug 06 01:51:05 2024 GMT
* common name: baidu.com
* issuer: CNGlobalSign RSA OV SSL CA 2018,OGlobalSign nv-sa,CBEGET / HTTP/1.1User-Agent: curl/7.29.0Host: www.baidu.comAccept: */*HTTP/1.1 200 OKAccept-Ranges: bytesCache-Control: private, no-cache, no-store, proxy-revalidate, no-transformConnection: keep-aliveContent-Length: 2443Content-Type: text/htmlDate: Mon, 08 Jan 2024 06:38:08 GMTEtag: 588603eb-98bLast-Modified: Mon, 23 Jan 2017 13:23:55 GMTPragma: no-cacheServer: bfe/1.0.8.18Set-Cookie: BDORZ27315; max-age86400; domain.baidu.com; path/ 在nginx正向代理服务器中查看日志
[rootvm10-1-248-197 ~]# tail -f /usr/local/nginx/logs/access.log
// http代理日志
10.1.248.48 - - [08/Jan/2024:14:52:54 0800] GET http://www.baidu.com/ HTTP/1.1 200 2381 - curl/7.29.0// https代理日志
10.1.248.48 - - [08/Jan/2024:14:53:49 0800] CONNECT www.baidu.com:443 HTTP/1.1 200 8223 - curl/7.29.0设置Linux客户端全局代理
[rootvm10-1-248-48 ~]# export https_proxy10.1.248.197:443
[rootvm10-1-248-48 ~]# export http_proxy10.1.248.197:80
[rootvm10-1-248-48 ~]# echo $http_proxy
10.1.248.197:80
[rootvm10-1-248-48 ~]# echo $https_proxy
10.1.248.197:443[rootvm10-1-248-48 ~]# vim /etc/profile
export http_proxy10.1.248.197:80
export https_proxy10.1.248.197:443
[rootvm10-1-248-48 ~]# source /etc/profile[rootvm10-1-248-48 ~]# curl http://www.baidu.com -v
[rootvm10-1-248-48 ~]# curl https://www.baidu.com -v4. 性能对比 安装webbench
[rootvm10-1-248-48 ~]# yum install ctags wget make apr* autoconf automake gcc gcc-c
[rootvm10-1-248-48 ~]# tar xvf webbench-1.5.tar.gz
[rootvm10-1-248-48 ~]# mkdir -p /usr/local/man
[rootvm10-1-248-48 ~]# chmod 644 /usr/local/man/
[rootvm10-1-248-48 ~]# cd webbench-1.5
[rootvm10-1-248-48 ~]# make make install webbench -c 并发数 -t 运行测试时间 URL// -c 500表示同时产生500个并发连接
// -t 600表示持续600秒使用webbench工具对使用traffic server正向代理时进行压测
[rootvm10-1-248-48 ~]# webbench --proxy 10.1.248.42:8088 -c 2000 -t 600 http://www.baidu.com/
Webbench - Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET http://www.baidu.com/
2000 clients, running 600 sec, via proxy server 10.1.248.42:8088.Speed14697 pages/min, -1485793 bytes/sec.
Requests: 146974 susceed, 0 failed.[rootvm10-1-248-48 ~]# webbench --proxy 10.1.248.42:8088 -c 2000 -t 600 https://www.baidu.com/
Webbench - Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET https://www.baidu.com/
2000 clients, running 600 sec, via proxy server 10.1.248.42:8088.Speed1112225 pages/min, 349243 bytes/sec.
Requests: 11122256 susceed, 0 failed.使用webbench工具对使用nginx正向代理时进行压测
[rootvm10-1-248-48 ~]# webbench --proxy 10.1.248.197:80 -c 2000 -t 600 http://www.baidu.com/
Webbench - Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET http://www.baidu.com/
2000 clients, running 600 sec, via proxy server 10.1.248.197:80.Speed51170 pages/min, 571571 bytes/sec.
Requests: 206650 susceed, 305050 failed.[rootvm10-1-248-48 ~]# webbench --proxy 10.1.248.197:443 -c 2000 -t 600 https://www.baidu.com/
Webbench - Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET https://www.baidu.com/
2000 clients, running 600 sec, via proxy server 10.1.248.197:443.Speed1004612 pages/min, -1482305 bytes/sec.
Requests: 10045971 susceed, 151 failed.[rootvm10-1-248-48 ~]# webbench --proxy 10.1.248.197:443 -c 2000 -t 600 https://cn.bing.com/
Webbench - Simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source Software.Benchmarking: GET https://cn.bing.com/
2000 clients, running 600 sec, via proxy server 10.1.248.197:443.Speed1011487 pages/min, -1443486 bytes/sec.
Requests: 10114676 susceed, 195 failed.
