Nginx
1 前言
一个问题,一篇文章,一出故事。
笔者最近收到请求需要代理Outlook 365,于是一番折腾,总算完成任务。
由于过程艰辛,想到有人需要,于是无求分享。O(∩_∩)O哈哈~
2 最佳实践
2.1 创建配置
2.1.1 创建登录代理配置
cat > /etc/nginx/conf.d/outlook.cmdschool.org_8091_login.conf << EOF
upstream login.microsoftonline.com {
zone login.microsoftonline.com-general 64k;
server login.microsoftonline.com:443;
}
server {
listen 8091 ssl;
server_name outlook.cmdschool.org;
ssl_certificate wildcard.cmdschool.org.pem;
ssl_certificate_key wildcard.cmdschool.org.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
location / {
rewrite ^/common/oauth2/logout$ https://outlook.cmdschool.org/ break;
proxy_pass https://login.microsoftonline.com;
proxy_ignore_client_abort on;
proxy_read_timeout 60s;
proxy_connect_timeout 60s;
proxy_http_version 1.1;
proxy_cache outlook.cmdschool.org_443;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
proxy_set_header Connection "";
proxy_set_header Accept-Encoding "";
proxy_set_header Host login.microsoftonline.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect https://login.microsoftonline.com/ /;
proxy_redirect https://outlook.office.com/ https://outlook.cmdschool.org/;
proxy_redirect https://outlook.office365.com/ https://outlook.cmdschool.org/;
sub_filter 'https://login.microsoftonline.com/' '/';
sub_filter '//outlook.office.com/' '//outlook.cmdschool.org/';
sub_filter '//outlook.office365.com/' '//outlook.cmdschool.org/';
sub_filter_types *;
sub_filter_once off;
proxy_buffer_size 16k;
proxy_buffers 8 16k;
}
}
EOF
2.1.2 创建邮箱代理配置
cat > /etc/nginx/conf.d/outlook.cmdschool.org_443_webmail.conf << EOF
upstream outlook {
zone outlook-general 64k;
ip_hash;
server 40.99.33.146:443;
server 52.98.33.226:443;
server 40.99.10.98:443;
server 40.99.9.98:443;
server 40.99.10.82:443;
server 52.98.84.82:443;
server 52.98.40.34:443;
server 52.98.65.2:443;
server 52.98.65.18:443;
server 52.98.71.50:443;
server 52.98.71.210:443;
server 52.98.90.178:443;
server outlook.office.com:443 down;
}
map $http_x_owa_sessionid $x_outlook_host {
'' outlook.office.com;
default $host;
}
server {
listen 443 ssl;
server_name outlook.cmdschool.org;
ssl_certificate wildcard.cmdschool.org.pem;
ssl_certificate_key wildcard.cmdschool.org.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
large_client_header_buffers 8 64k;
location / {
proxy_pass https://outlook;
proxy_read_timeout 60s;
proxy_http_version 1.1;
proxy_cache outlook.cmdschool.org_443;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
proxy_set_header Connection "";
proxy_set_header Accept-Encoding "";
proxy_set_header Host $x_outlook_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_redirect https://outlook.office.com/ /;
proxy_redirect https://login.microsoftonline.com/ https://outlook.cmdschool.org:8091/;
sub_filter 'https://outlook.office.com/' '/';
sub_filter '//login.microsoftonline.com/' '//outlook.cmdschool.org:8091/';
sub_filter '//to-do.office.com/' '#';
sub_filter_types *;
sub_filter_once off;
proxy_buffer_size 32k;
proxy_buffers 16 32k;
}
}
server {
listen 80;
server_name outlook.cmdschool.org;
return 301 https://outlook.cmdschool.org/$request_uri;
}
EOF
另外,需要注意的是,“server”的IP地址请使用如下命令取得,
nslookup outlook.office.com
2.2 重载使服务生效
nginx -t systemctl reload nginx
2.3 测试登录
https://outlook.cmdschool.org
没有评论