在甲方服務器部署項目時,通常遇到需要開通外網權限的問題,有的是直接給開通服務器的白名單,就可以直接訪問白名單外網地址了。也有的是通過網絡轉發,將url前面的部分替換,可以進行網絡請求。有一次遇到一個罕見的,對方應是使用squid進行代理的。直接curl外網地址是不通的,使用curl -x 代理服務器ip:端口 目標地址可以訪問通。針對此種場景,測試了以下配置代方法
1. 全局環境變量配置
在centos中配置當前用戶或者全局環境變量,是可行的,配置完成后,curl命令后不用-x就可以直接訪問了。但是這種方法,本服務器上部署的java和nginx確是無效的。
# 編輯配置文件vim ~/.bashrc # 或 ~/.bash_profile
# 添加以下內容(替換為您的代理服務器信息)
export http_proxy=http://10.10.10.61:8080
export https_proxy=http://10.10.10.61:8080
# 設置 NO_PROXY 變量,指定哪些域名不需要通過代理(逗號分隔,支持通配符)
export no_proxy="localhost,127.0.0.1,192.168.1.0/24,.example.com"
# 使配置生效
source ~/.bashrc
2. springboot web服務內,httpClient配置
在使用1中的方法,配置環境變量后,發現使用Springboot服務請求時,還是不通。提示域名無法解析。
使用了網上的方法,在啟動jar包時,配置如下的啟動參數或者環境變量依然無效。
java -Dhttp.proxyHost=10.20.102.61 -Dhttp.proxyPort=8080 -Dhttps.proxyHost=10.20.102.61 -Dhttps.proxyPort=8080 -Dsun.net.spi.nameservice.provider.1=dns,sun -Djava.net.preferIPv4Stack=true -jar
最后使用了在代碼里統一配置httpClient的方式實現
依賴
<dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpclient</artifactId><version>4.5.13</version></dependency>
- HttpProxyClientUtil.java
import org.apache.http.HttpEntity;
import org.apache.http.NameValuePair;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.util.EntityUtils;import javax.net.ssl.SSLContext;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;/*** Apache HttpClient 4.x 實現的 HTTP 請求工具類(支持代理、SSL 繞過、多種請求體)*/
public class HttpProxyClientUtil {// -------------------- 基礎配置 --------------------// 連接超時(毫秒)private static final int CONNECT_TIMEOUT = 5000;// 讀取超時(毫秒)private static final int READ_TIMEOUT = 5000;// -------------------- 代理配置 --------------------// 代理主機(需替換為實際代理 IP/域名)private static final String PROXY_HOST = "10.10.10.61";// 代理端口(需替換為實際代理端口)private static final int PROXY_PORT = 8080;// -------------------- 構建 HttpClient(支持代理、SSL 繞過) --------------------public static CloseableHttpClient createHttpClient(boolean ignoreSsl) {try {// 1. 構建 SSL 上下文(可選:繞過證書校驗)SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, (chain, authType) -> true) // 信任所有證書.build();SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext,NoopHostnameVerifier.INSTANCE // 跳過主機名校驗);// 2. 構建請求配置(含代理)RequestConfig.Builder requestConfigBuilder = RequestConfig.custom().setConnectTimeout(CONNECT_TIMEOUT).setSocketTimeout(READ_TIMEOUT).setProxy(new org.apache.http.HttpHost(PROXY_HOST, PROXY_PORT)); // 設置代理// 3. 構建 HttpClientCloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(ignoreSsl? sslSocketFactory : SSLConnectionSocketFactory.getSystemSocketFactory()).setDefaultRequestConfig(requestConfigBuilder.build()).build();return httpClient;} catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {throw new RuntimeException("構建 HttpClient 失敗", e);}}// -------------------- GET 請求 --------------------/*** 發送 GET 請求(支持代理、SSL 繞過)* @param url 請求地址* @param ignoreSsl 是否忽略 SSL 證書校驗(生產環境慎用)* @return 響應內容(字符串)*/public static String doGet(String url, boolean ignoreSsl) {CloseableHttpClient httpClient = createHttpClient(ignoreSsl);HttpGet httpGet = new HttpGet(url);// 可在此處添加請求頭(示例)httpGet.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64)");try (CloseableHttpResponse response = httpClient.execute(httpGet)) {HttpEntity entity = response.getEntity();if (entity != null) {return EntityUtils.toString(entity, StandardCharsets.UTF_8);}return "";} catch (IOException e) {throw new RuntimeException("GET 請求失敗: " + url, e);} finally {try {httpClient.close();} catch (IOException e) {e.printStackTrace();}}}// -------------------- POST 表單請求 --------------------/*** 發送 POST 表單請求(application/x-www-form-urlencoded)* @param url 請求地址* @param params 表單參數(key-value)* @param ignoreSsl 是否忽略 SSL 證書校驗(生產環境慎用)* @return 響應內容(字符串)*/public static String doPostForm(String url, Map<String, String> params, boolean ignoreSsl) {CloseableHttpClient httpClient = createHttpClient(ignoreSsl);HttpPost httpPost = new HttpPost(url);// 構建表單參數List<NameValuePair> formParams = new ArrayList<>();params.forEach((k, v) -> formParams.add(new BasicNameValuePair(k, v)));httpPost.setEntity(new UrlEncodedFormEntity(formParams, StandardCharsets.UTF_8));// 設置請求頭(表單默認 Content-Type)httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");try (CloseableHttpResponse response = httpClient.execute(httpPost)) {HttpEntity entity = response.getEntity();if (entity != null) {return EntityUtils.toString(entity, StandardCharsets.UTF_8);}return "";} catch (IOException e) {throw new RuntimeException("POST 表單請求失敗: " + url, e);} finally {try {httpClient.close();} catch (IOException e) {e.printStackTrace();}}}// -------------------- POST JSON 請求 --------------------/*** 發送 POST JSON 請求(application/json)* @param url 請求地址* @param jsonBody JSON 字符串* @param ignoreSsl 是否忽略 SSL 證書校驗(生產環境慎用)* @return 響應內容(字符串)*/public static String doPostJson(String url, String jsonBody, boolean ignoreSsl) {CloseableHttpClient httpClient = createHttpClient(ignoreSsl);HttpPost httpPost = new HttpPost(url);// 設置請求頭(JSON 場景)httpPost.setHeader("Content-Type", "application/json");httpPost.setEntity(new org.apache.http.entity.StringEntity(jsonBody, StandardCharsets.UTF_8));try (CloseableHttpResponse response = httpClient.execute(httpPost)) {HttpEntity entity = response.getEntity();if (entity != null) {return EntityUtils.toString(entity, StandardCharsets.UTF_8);}return "";} catch (IOException e) {throw new RuntimeException("POST JSON 請求失敗: " + url, e);} finally {try {httpClient.close();} catch (IOException e) {e.printStackTrace();}}}// -------------------- 測試示例(main 方法) --------------------public static void main(String[] args) {// 1. GET 請求示例(帶代理、忽略 SSL 校驗)String getUrl = "https://www.example.com/api/get";String getResponse = doGet(getUrl, true);System.out.println("GET 響應: " + getResponse);}
}- HttpClientConfig.java
package com.test.demo.config;import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;@Configuration
public class HttpClientConfig {@Beanpublic CloseableHttpClient httpClient() {// 這里可復用上面的 createHttpClient 邏輯,或直接構建帶代理的 HttpClientreturn HttpProxyClientUtil.createHttpClient(true);}
}
- ProxyHttpService.java
package com.test.demo.demos.web;import org.apache.http.HttpEntity;
import org.apache.http.NameValuePair;
import org.apache.http.ParseException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.springframework.stereotype.Service;import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;@Service
public class ProxyHttpService {private final HttpClient httpClient;public ProxyHttpService(HttpClient httpClient) {this.httpClient = httpClient;}/*** 發送GET請求*/public String sendGetRequest(String url) throws IOException, ParseException {HttpGet httpGet = new HttpGet(url);try (CloseableHttpResponse response = (CloseableHttpResponse)httpClient.execute(httpGet)) {return EntityUtils.toString(response.getEntity(), StandardCharsets.UTF_8);} catch (IOException e) {e.printStackTrace();throw new RuntimeException("請求失敗", e);}}/*** 發送POST請求*/public String sendPostRequest(String url, Map<String, String> params) throws IOException, ParseException {HttpPost httpPost = new HttpPost(url);// 設置POST參數if (params != null && !params.isEmpty()) {List<NameValuePair> formParams = new ArrayList<>();for (Map.Entry<String, String> entry : params.entrySet()) {formParams.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));}httpPost.setEntity(new UrlEncodedFormEntity(formParams));}try (CloseableHttpResponse response = (CloseableHttpResponse) httpClient.execute(httpPost)) {HttpEntity entity = response.getEntity();return EntityUtils.toString(entity);}}
}
- ProxyHttpController.java
package com.test.demo.demos.web;import org.springframework.web.bind.annotation.*;import java.io.IOException;
import java.util.HashMap;
import java.util.Map;@RestController
@RequestMapping("/proxy/api/http")
public class ProxyHttpController {private final ProxyHttpService proxyHttpService;public ProxyHttpController(ProxyHttpService proxyHttpService) {this.proxyHttpService = proxyHttpService;}/*** 通過代理發送GET請求*/@GetMapping("/get")public String sendGet() {try {return proxyHttpService.sendGetRequest("https://api.test.com.cn/sys/getCaptchaBase64");} catch (Exception e) {e.printStackTrace();return "Error: " + e.getMessage();}}/*** 通過代理發送POST請求*/@PostMapping("/post")public String sendPost(@RequestParam("url") String url,@RequestBody(required = false) Map<String, String> params) {try {return proxyHttpService.sendPostRequest(url, params);} catch (Exception e) {return "Error: " + e.getMessage();}}
}
3. SpringGateWay配置轉發
方法2,對原項目代理改動還是比較大的,如果你使用的不是httpclient的請求方式,基于gateway批量轉發,也是一個不錯的選擇。
- 依賴
<dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-gateway</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-webflux</artifactId></dependency><dependency><groupId>io.projectreactor.netty</groupId><artifactId>reactor-netty-http</artifactId></dependency>
- GatewayProxyConfig.java
package com.example.gateway.demos.web;import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.cloud.gateway.config.HttpClientCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import reactor.netty.http.client.HttpClient;
import reactor.netty.transport.ProxyProvider;import javax.net.ssl.SSLException;
import java.util.Arrays;@Configuration
public class GatewayProxyConfig {@Beanpublic HttpClientCustomizer proxyCustomizer(ProxyProperties proxyProperties) {return httpClient -> {// 使用最新的 ProxyProvider APIreturn httpClient.proxy(proxy -> {ProxyProvider.Builder builder = proxy.type(ProxyProvider.Proxy.HTTP).host(proxyProperties.getHost()).port(proxyProperties.getPort());// 如果需要代理認證if (proxyProperties.getUsername() != null) {builder.username(proxyProperties.getUsername()).password(s -> proxyProperties.getPassword());}// // 設置無需代理的主機列表
// if (proxyProperties.getNonProxyHosts() != null) {
// String[] nonProxyHosts = proxyProperties.getNonProxyHosts()
// .split(",");
// builder.nonProxyHosts(Arrays.toString(nonProxyHosts));
// }});};}@Beanpublic HttpClientCustomizer sslCustomizer() {return httpClient -> {// 創建信任所有證書的 SSLContext(測試環境)// 生產環境建議使用合法證書或自定義 TrustManagerreturn httpClient.secure(spec -> {try {spec.sslContext(buildInsecureSslContext());} catch (SSLException e) {e.printStackTrace();throw new RuntimeException(e);}});};}private io.netty.handler.ssl.SslContext buildInsecureSslContext() throws SSLException {return io.netty.handler.ssl.SslContextBuilder.forClient().trustManager(io.netty.handler.ssl.util.InsecureTrustManagerFactory.INSTANCE).build();}@Bean@ConfigurationProperties(prefix = "spring.cloud.gateway.httpclient.proxy")public ProxyProperties proxyProperties() {return new ProxyProperties();}// 代理配置屬性類public static class ProxyProperties {private String host;private int port;private String username;private String password;private String nonProxyHosts;public String getHost() { return host; }public void setHost(String host) { this.host = host; }public int getPort() { return port; }public void setPort(int port) { this.port = port; }public String getUsername() { return username; }public void setUsername(String username) { this.username = username; }public String getPassword() { return password; }public void setPassword(String password) { this.password = password; }public String getNonProxyHosts() { return nonProxyHosts; }public void setNonProxyHosts(String nonProxyHosts) { this.nonProxyHosts = nonProxyHosts; }}
}
- yml配置
# 應用服務 WEB 訪問端口
server:port: 7777# application.yml
spring:cloud:gateway:httpclient:pool:max-connections: 500 # 最大連接數acquire-timeout: 45000 # 獲取連接超時時間(毫秒)proxy:host: 10.10.10.61port: 8080# 如果需要認證# username: username# password: password# 非代理主機列表non-proxy-hosts: "localhost,127.0.0.1,*.local"routes:# 路由 ID,唯一標識- id: api2# 匹配的路徑,所有以 /api/ 開頭的請求都會被路由uri: https://api.api2.compredicates:- Path=/api2/**# 重寫路徑,去除 /api 前綴filters:- RewritePath=/api2/(?<segment>.*), /$\{segment}# 路由 ID,唯一標識- id: api1# 匹配的路徑,所有以 /api/ 開頭的請求都會被路由uri: https://api1.com.cnpredicates:- Path=/api1/**# 重寫路徑,去除 /api 前綴filters:- RewritePath=/api1/(?<segment>.*), /$\{segment}
4. Nginx配置轉發
nginx配置這塊,測試了很多方法,也沒有非常有效的,最后放棄了
![最近小峰一直在忙國際化項目,確實有點分身乏術... [特殊字符] 不過! 我正緊鑼密鼓準備一系列干貨文章/深度解析](http://pic.xiahunao.cn/最近小峰一直在忙國際化項目,確實有點分身乏術... [特殊字符] 不過! 我正緊鑼密鼓準備一系列干貨文章/深度解析)
線程塊級別的一個內存拷貝工具函數blockCopy())
