nl5887 · July 4, 2017 13:51
diff --git a/nginx.conf b/nginx.conf
 user  nobody;
 worker_processes  1;

 error_log  logs/error.log;

 #pid        logs/nginx.pid;

 events {
    worker_connections  1024;
 }

 http {
    include       mime.types;
    default_type  text/html;

    resolver 8.8.8.8;

    sendfile        on;
    keepalive_timeout  65;

    server {
        listen       0.0.0.0:3128;

        server_name  _;

        location / {
            proxy_set_header Host $host;
            proxy_pass_header Server;
            proxy_pass http://$host:80;
        }
    }

    server {
        listen 0.0.0.0:3129 ssl;

        server_name _;

      	ssl on;
      	ssl_session_cache  builtin:1000  shared:SSL:10m;
      	ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
      	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
      	ssl_prefer_server_ciphers on;
        ssl_certificate ./ssl/test.crt;
        ssl_certificate_key ./ssl/test.key;

        client_max_body_size 100k;
        client_body_buffer_size 100k;

        location / {
            proxy_ssl_verify off;
            proxy_set_header Host $host;
            proxy_pass_header Server;
            proxy_pass https://$host:443;
        }
    }
 }
diff --git a/tproxy.patch b/tproxy.patch
 --- a/bundle/nginx-1.7.10/src/event/ngx_event_connect.c	2015-02-10 14:33:34.000000000 +0000
 +++ b/bundle/nginx-1.7.10/src/event/ngx_event_connect.c	2015-04-16 22:20:54.000000000 +0000
 @@ -29,6 +29,9 @@

     s = ngx_socket(pc->sockaddr->sa_family, SOCK_STREAM, 0);

 +    int value = 1;
 +    setsockopt(s, SOL_IP, IP_TRANSPARENT, &value, sizeof(value));
 +
     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pc->log, 0, "socket %d", s);

     if (s == (ngx_socket_t) -1) {
	user nobody;
	worker_processes 1;

	error_log logs/error.log;

	#pid logs/nginx.pid;

	events {
	worker_connections 1024;
	}

	http {
	include mime.types;
	default_type text/html;

	resolver 8.8.8.8;

	sendfile on;
	keepalive_timeout 65;

	server {
	listen 0.0.0.0:3128;

	server_name _;

	location / {
	proxy_set_header Host $host;
	proxy_pass_header Server;
	proxy_pass http://$host:80;
	}
	}

	server {
	listen 0.0.0.0:3129 ssl;

	server_name _;

	ssl on;
	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
	ssl_prefer_server_ciphers on;
	ssl_certificate ./ssl/test.crt;
	ssl_certificate_key ./ssl/test.key;

	client_max_body_size 100k;
	client_body_buffer_size 100k;

	location / {
	proxy_ssl_verify off;
	proxy_set_header Host $host;
	proxy_pass_header Server;
	proxy_pass https://$host:443;
	}
	}
	}
	--- a/bundle/nginx-1.7.10/src/event/ngx_event_connect.c 2015-02-10 14:33:34.000000000 +0000
	+++ b/bundle/nginx-1.7.10/src/event/ngx_event_connect.c 2015-04-16 22:20:54.000000000 +0000
	@@ -29,6 +29,9 @@

	s = ngx_socket(pc->sockaddr->sa_family, SOCK_STREAM, 0);

	+ int value = 1;
	+ setsockopt(s, SOL_IP, IP_TRANSPARENT, &value, sizeof(value));
	+
	ngx_log_debug1(NGX_LOG_DEBUG_EVENT, pc->log, 0, "socket %d", s);

	if (s == (ngx_socket_t) -1) {