
Nginx
1 前言
一个问题,一篇文章,一出故事。
笔者最近收到请求需要代理Outlook 365,于是一番折腾,总算完成任务。
由于过程艰辛,想到有人需要,于是无求分享。O(∩_∩)O哈哈~
2 最佳实践
2.1 创建配置
2.1.1 创建登录代理配置
cat > /etc/nginx/conf.d/outlook.cmdschool.org_8091_login.conf << EOF upstream login.microsoftonline.com { zone login.microsoftonline.com-general 64k; server login.microsoftonline.com:443; } server { listen 8091 ssl; server_name outlook.cmdschool.org; ssl_certificate wildcard.cmdschool.org.pem; ssl_certificate_key wildcard.cmdschool.org.key; ssl_session_timeout 5m; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_prefer_server_ciphers on; location / { rewrite ^/common/oauth2/logout$ https://outlook.cmdschool.org/ break; proxy_pass https://login.microsoftonline.com; proxy_ignore_client_abort on; proxy_read_timeout 60s; proxy_connect_timeout 60s; proxy_http_version 1.1; proxy_cache outlook.cmdschool.org_443; proxy_cache_valid 200 1d; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; proxy_set_header Connection ""; proxy_set_header Accept-Encoding ""; proxy_set_header Host login.microsoftonline.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect https://login.microsoftonline.com/ /; proxy_redirect https://outlook.office.com/ https://outlook.cmdschool.org/; proxy_redirect https://outlook.office365.com/ https://outlook.cmdschool.org/; sub_filter 'https://login.microsoftonline.com/' '/'; sub_filter '//outlook.office.com/' '//outlook.cmdschool.org/'; sub_filter '//outlook.office365.com/' '//outlook.cmdschool.org/'; sub_filter_types *; sub_filter_once off; proxy_buffer_size 16k; proxy_buffers 8 16k; } } EOF
2.1.2 创建邮箱代理配置
cat > /etc/nginx/conf.d/outlook.cmdschool.org_443_webmail.conf << EOF upstream outlook { zone outlook-general 64k; ip_hash; server 40.99.33.146:443; server 52.98.33.226:443; server 40.99.10.98:443; server 40.99.9.98:443; server 40.99.10.82:443; server 52.98.84.82:443; server 52.98.40.34:443; server 52.98.65.2:443; server 52.98.65.18:443; server 52.98.71.50:443; server 52.98.71.210:443; server 52.98.90.178:443; server outlook.office.com:443 down; } map $http_x_owa_sessionid $x_outlook_host { '' outlook.office.com; default $host; } server { listen 443 ssl; server_name outlook.cmdschool.org; ssl_certificate wildcard.cmdschool.org.pem; ssl_certificate_key wildcard.cmdschool.org.key; ssl_session_timeout 5m; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_prefer_server_ciphers on; large_client_header_buffers 8 64k; location / { proxy_pass https://outlook; proxy_read_timeout 60s; proxy_http_version 1.1; proxy_cache outlook.cmdschool.org_443; proxy_cache_valid 200 1d; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; proxy_set_header Connection ""; proxy_set_header Accept-Encoding ""; proxy_set_header Host $x_outlook_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_redirect https://outlook.office.com/ /; proxy_redirect https://login.microsoftonline.com/ https://outlook.cmdschool.org:8091/; sub_filter 'https://outlook.office.com/' '/'; sub_filter '//login.microsoftonline.com/' '//outlook.cmdschool.org:8091/'; sub_filter '//to-do.office.com/' '#'; sub_filter_types *; sub_filter_once off; proxy_buffer_size 32k; proxy_buffers 16 32k; } } server { listen 80; server_name outlook.cmdschool.org; return 301 https://outlook.cmdschool.org/$request_uri; } EOF
另外,需要注意的是,“server”的IP地址请使用如下命令取得,
nslookup outlook.office.com
2.2 重载使服务生效
nginx -t systemctl reload nginx
2.3 测试登录
https://outlook.cmdschool.org
没有评论