Introduction

What is intranet server?

An intranet server is a server that hosts resources and services within a private network known as an intranet. Unlike the internet, which is publicly accessible, an intranet is a restricted network accessible only to authorized users within an organization.

What is nginx?

Nginx is a high-performance, open-source web server, reverse proxy server, load balancer, and HTTP cache. Originally developed by Igor Sysoev, it is known for its speed, efficiency, and scalability, making it one of the most popular choices for serving web content and managing internet traffic.

How an intranet server connects to extranet (such as internet)?

1. Direct Connection:

   • The intranet server connects directly to the local area network (LAN) via a router or switch. The LAN is then connected to the external network, such as the internet, through a router.

   • This method requires proper configuration of the router or switch to allow communication between the intranet server and the external network.

   • This is what you did when you connected to the campus network using p.nju.edu.cn.

2. Using a Proxy Server:

   • An intranet server can access the internet through a proxy server. A proxy server acts as an intermediary between the intranet server and the internet, forwarding requests and responses between the two networks.

   • This allows the intranet server to access external resources and services while maintaining security and control over the network traffic.

   • This is what I want to introduce in this article.

I highly recommend the following method. nginx is extremely powerful, not difficult to configure, highly customizable, pure command line, and everything is in your own hands.

If you are using Windows, then CCproxy is also an extremely simple method. This is a Chinese application with a graphical interface, but it is not so elegant, has a single function and poor performance. I will mention it in the section 3.

Setting up a proxy server with nginx

Note: This document is using the OS X system, so Windows’s commands and path may differ.

Notation: Suppose A is the intranet server which needs to access the internet, and B is the proxy server that connects to the internet and can communicate with A.

To set up a proxy server with nginx, follow these steps:

⚠️Confuse about running too many commands? Try to visit this page for script.

Operation on B

Install nginx

1. Install nginx on B.

   There is no specific version requirement. I downloaded 1.19.9. The following text uses 1.19.9 as an example.

   wget http://nginx.org/download/nginx-1.19.9.tar.gz
   tar -xzf nginx-1.19.9.tar.gz

2. Install patch for nginx.

   Based on the nginx version you selected, find the corresponding version patch.

   git clone https://github.com/chobits/ngx_http_proxy_connect_module.git
   cd nginx-1.19.9
   patch -p1 < ../ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch

3. Install dependencies.

   cd ..
   wget https://www.openssl.org/source/openssl-3.0.13.tar.gz
   tar -xzf openssl-3.0.13.tar.gz
   
   wget https://sourceforge.net/projects/pcre/files/pcre/8.35/pcre-8.35.tar.gz
   tar -xzf pcre-8.35.tar.gz
   
   wget https://zlib.net/zlib-1.3.1.tar.gz
   tar -xzf zlib-1.3.1.tar.gz

4. Configure and install nginx.

   cd nginx-1.19.9
   sudo ./configure --with-openssl=../openssl-3.0.13 --with-pcre=../pcre-8.35 --with-zlib=../zlib-1.3.1 --add-module=../ngx_http_proxy_connect_module --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads
   sudo make
   sudo make install

Configure nginx

1. Check if nginx is installed successfully.

   /usr/local/nginx/sbin/nginx -V

   The following information should be displayed:

   nginx version: nginx/1.19.9
   built by clang 15.0.0 (clang-1500.1.0.2.5)
   built with OpenSSL 3.0.13 30 Jan 2024
   TLS SNI support enabled
   configure arguments: --with-openssl=../openssl-3.0.13 --with-pcre=../pcre-8.35 --with-zlib=../zlib-1.3.1 --add-module=../ngx_http_proxy_connect_module --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads

2. Keep in mind the two important paths:

   /usr/local/nginx/sbin/nginx # nginx executable file
   /usr/local/nginx/conf/nginx.conf # nginx configuration file

3. Edit the configuration file.

   cd /usr/local/nginx/conf/
   sudo vim nginx.conf

   Change the configuration file content to the following:

   worker_processes  1;
   events {
       worker_connections  1024;
   }
   http {
       include       mime.types;
       default_type  application/octet-stream;
       sendfile        on;
       keepalive_timeout  65;
       server{
         listen 8000;
         resolver 114.114.114.114;
         proxy_connect;
         proxy_connect_allow 443 563;
         proxy_connect_connect_timeout 10s;
         proxy_connect_read_timeout 10s;
         proxy_connect_send_timeout 10s;
         location / {
             proxy_pass http://$host;
             proxy_set_header Host $host;
         }
       }
   }

4. Test the configuration file:

   sudo /usr/local/nginx/sbin/nginx -t

   If an error is returned, check your configuration file, especially if the brackets match!

5. If the test is successful, reload nginx:

   sudo /usr/local/nginx/sbin/nginx -s reload

6. If the reload command fails:

   nginx: [error] open() "/usr/local/nginx/logs/nginx.pid" failed (2: No such file or directory)
   nginx: [error] invalid PID number "" in "/usr/local/nginx/logs/nginx.pid"

   You can use the following command first:

   sudo /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

   Then use the reload command again.

Operation on A

Configure the intranet server to use the proxy server in your bash profile.

1. Edit the .bash_profile or .profile:

   vim ~/.bash_profile

2. Add the following content to the file:

   export http_proxy=http://ip:8000
   export https_proxy=http://ip:8000

   !!!Replace ip with the IP address of the proxy server – B!!!

   • macOS: Open System Settings → Wi-Fi → Details → TCP/IP to find IP address

   • Linux:

     • Wireless connection:

       ipconfig getipaddr en0

     • Wired connection:

       ipconfig getipaddr en1

   • Windows: Open WiFi settings → Click connected network → Find IPv4 address

3. Make it take effect immediately:

   source ~/.bash_profile

Simple explanation of CCproxy

1. Download and install CCproxy:

   • Download link

2. Open CCproxy and configure:

   • Set up account

   • Set allowed range to allowed part

   • Click New and enter proxy server IP

3. Restart and click Start

4. Operation on A is identical to Section 2.2

Tips you should know about

1. Restart proxy server after each computer reboot

2. For NJU-WLAN:

   • IP changes after reconnection

   • Update IP in .bash_profile or .profile

3. Alternative proxy methods (no file editing needed):

   • Python packages:

     pip install --proxy=http://ip:8000 package_name

   • APT packages:

     sudo apt install -o Acquire::http::Proxy="http://ip:8000" package_name

   • File downloads:

     wget --proxy=on --proxy=http://ip:8000 download_link

     curl -x http://ip:8000 download_link

   • Git operations:

     git config --global http.proxy http://ip:8000