快捷搜索:

Linux基础知识之Squid代理服务器配置,windows环境下

作者: w88官方网站手机版  发布:2019-07-28

以此实际跟配置http代理也相当多,作者前边是因为尚未采用支持ssl的squid版本,所现在往折腾都不见效!

本节司令员简要的牵线下代理服务器squid的布署,从前有记录过反向代理的配置,但在生育条件中正向代理和正向透东汉理的使用更加宽泛些,同时那也是Linux基础知识的显要

安装squid

yum -y install squid

率先得检查你正在利用的squid版本是或不是是援救ssl的,主要看squidsbinssleay32.dll文件是还是不是留存,若无此文件这就得去换个援助ssl的squid版本了。

[root@localhost ~]# yum -y install squid

配置

squid 配置文件地点 /etc/squid/squid.conf, 若无找到,就和好创建二个。


Recommended minimum configuration:

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# auth
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm gao's squid server
auth_param basic credentialsttl 2 hours
acl myacl proxy_auth REQUIRED
http_access allow myacl

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3280

# reverse https
# https_port 443 cert=/etc/squid/server.pem key=/etc/squid/server.key accel defaultsite=ec2-18-220-26-73.us-east-2.compute.amazonaws.com vhost

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 100 16 256
cache_mem 64 MB

access_log /var/log/squid/access.log

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320


本身那边就只提供个最简便易行的例子:

[root@localhost ~]# grep -v '^#' /etc/squid/squid.conf |uniq //查看去掉注释行后的squid配置文件

启动/停止squid

systemctl start squid
systemctl stop squid

复制代码 代码如下:

acl all src 0.0.0.0/0.0.0.0      //定义acl的范围

修改配置文件后的重启

1,伊始化你在 squid.conf 里配置的 cache 目录
/usr/local/squid/sbin/squid -z //初阶化缓存空间
只要有荒唐提示,请检查你的 cache目录的权力。
2,对你的squid.conf 排错,即验证 squid.conf 的 语法和配置。
/usr/local/squid/sbin/squid -k parse
若是squid.conf 有语法或铺排错误,这里会回到提醒您,如果未有回到,恭喜,能够品尝运转squid。

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443  # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210  # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280  # http-mgmt
acl Safe_ports port 488  # gss-http
acl Safe_ports port 591  # filemaker
acl Safe_ports port 777  # multiling http
acl CONNECT method CONNECT

acl manager proto cache_object

Debug

在前台运维squid,并出口运行进度。
/usr/local/squid/sbin/squid -N -d1

查看log
tail -f /var/log/squid/access.log

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl localhost src 127.0.0.1/255.255.255.255

测试

wget -e "http_proxy=" http://www.qq.com #尚未设置密码
wget -e "http_proxy=" http://www.qq.com --proxy-user=no1 --proxy-passwd=no1 # 设置了密码

http_access allow all

acl to_localhost dst 127.0.0.0/8

仿效资料

http://www.cnblogs.com/mchina/p/3812190.html

icp_access allow all

acl SSL_ports port 443

https_port 443 accel cert=c:/certs/server.pem key=c:/certs/server.pem vhost

acl Safe_ports port 80          # http

cache_peer 192.168.1.13 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER name=kensite

acl Safe_ports port 21          # ftp

cache_peer_domain kensite ken.01h.net

acl Safe_ports port 443        # https

hierarchy_stoplist cgi-bin ?

acl Safe_ports port 70          # gopher

access_log c:/squid/var/logs/access.log squid

acl Safe_ports port 210        # wais

acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY

acl Safe_ports port 1025-65535  # unregistered ports

refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern .  0 20% 4320

acl Safe_ports port 280        # http-mgmt

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

acl Safe_ports port 488        # gss-http

visible_hostname 01H.NET

acl Safe_ports port 591        # filemaker

coredump_dir c:/squid/var/cache

acl Safe_ports port 777        # multiling http

备注:“c:/certs/server.pem”那一个文件是可以去提供ssl服务的软件相关目录下找到的,扩张名也可能有异常的大可能率是.crt、.key等,笔者这里的.pem是以VisualSVN为例的。

acl CONNECT method CONNECT

您大概感兴趣的篇章:

  • 选拔Docker搭建本地https情状的完整步骤
  • 有了SSL证书,怎么着在IIS蒙受下计划https
  • nginx情况下安插ssl加密(单双向认证、部分https)
  • 本地HTTPS境况搭建的完好步骤记录

http_access allow manager localhost //定义允许或拒绝访谈的acl,注意政策顺序,先相称则先允许

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost

http_access deny all      //在政策末尾拒绝全部

icp_access allow all

http_port 3128    //定义开启的端口

hierarchy_stoplist cgi-bin ?

access_log /var/log/squid/access.log squid  //访谈日志保存地点

acl QUERY urlpath_regex cgi-bin ?

cache deny QUERY

refresh_pattern ^ftp:          1440    20%    10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern .              0      20%    4320

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

coredump_dir /var/spool/squid

图片 1

本文由www.w88985.com发布于w88官方网站手机版,转载请注明出处:Linux基础知识之Squid代理服务器配置,windows环境下

关键词: www.w88985.c