摘要
随着企业数字化和互联网发展,企业内部系统访问互联网服务的需求日益增长,相较于直接开放互联网访问权限,正向代理系统具有更好的安全性和管控能力。然而,随着在线服务逐渐HTTPS化,代理系统又缺少服务器证书,设计正向代理系统面临着更大的困难。为应对这一挑战,文章设计并实现了一种基于开源软件Nginx的HTTPS正向代理系统,在无需服务器证书的情况下实现了高效转发,并具备HTTPS域名端口复用、域名白名单、源IP地址访问控制等多种功能,为企业内部系统访问互联网HTTPS服务提供了安全、全面的解决方案。
As the digitalization of enterprises and the expansion of Internet services continue,the demand for secure and efficient access to Internet services by internal systems has grown significantly.In contrast to directly granting Internet access permissions to internal servers,forward proxy systems offer enhanced security and management capabilities.Nevertheless,the widespread adoption of HTTPS in online services,coupled with the lack of server certificates,poses substantial challenges in designing forward proxy systems.In response to these challenges,this study presents the design and implementation of an HTTPS forward proxy system based on the open-source software Nginx.The proposed system enables efficient traffic forwarding without necessitating server certificates,while incorporating features such as HTTPS domain port reuse,domain-level whitelisting,and source IP address access control.Consequently,this solution provides a secure and comprehensive approach for enterprise internal systems to access Internet-based HTTPS services.
作者
刘旻昊
程鹏
魏海涛
王猛
李骞
LIU Minhao;CHENG Peng;WEI Haitao;WANG Meng;LI Qian(Xinhua News Agency,Beijing 100803,China)
出处
《无线互联科技》
2024年第15期97-100,108,共5页
Wireless Internet Science and Technology
