基于Nginx的HTTPS正向代理系统设计与实现  被引量:1

Design and implementation of an HTTPS forward proxy system based on Nginx

在线阅读下载全文

作  者:刘旻昊 程鹏 魏海涛 王猛[1] 李骞 LIU Minhao;CHENG Peng;WEI Haitao;WANG Meng;LI Qian(Xinhua News Agency,Beijing 100803,China)

机构地区:[1]新华通讯社,北京西城100803

出  处:《无线互联科技》2024年第15期97-100,108,共5页Wireless Internet Science and Technology

摘  要:随着企业数字化和互联网发展,企业内部系统访问互联网服务的需求日益增长,相较于直接开放互联网访问权限,正向代理系统具有更好的安全性和管控能力。然而,随着在线服务逐渐HTTPS化,代理系统又缺少服务器证书,设计正向代理系统面临着更大的困难。为应对这一挑战,文章设计并实现了一种基于开源软件Nginx的HTTPS正向代理系统,在无需服务器证书的情况下实现了高效转发,并具备HTTPS域名端口复用、域名白名单、源IP地址访问控制等多种功能,为企业内部系统访问互联网HTTPS服务提供了安全、全面的解决方案。As the digitalization of enterprises and the expansion of Internet services continue,the demand for secure and efficient access to Internet services by internal systems has grown significantly.In contrast to directly granting Internet access permissions to internal servers,forward proxy systems offer enhanced security and management capabilities.Nevertheless,the widespread adoption of HTTPS in online services,coupled with the lack of server certificates,poses substantial challenges in designing forward proxy systems.In response to these challenges,this study presents the design and implementation of an HTTPS forward proxy system based on the open-source software Nginx.The proposed system enables efficient traffic forwarding without necessitating server certificates,while incorporating features such as HTTPS domain port reuse,domain-level whitelisting,and source IP address access control.Consequently,this solution provides a secure and comprehensive approach for enterprise internal systems to access Internet-based HTTPS services.

关 键 词:NGINX 正向代理 HTTPS SNI SSL Preread 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象