centOS搭建Squid代理服务器

发表于

Squid

  1. 查看是否已安装Squid服务
    rpm -qa|grep squid

  2. 如果未安装,则使用yum 方式安装
    yum -y install squid

  3. 安装vim:

    yum install vim

  4. 设置开机自启动

    1
    2
    3
    chkconfig --level 35 squid on             //在3、5级别上自动运行squid服务
    systemctl enable squid.service  # 设置开机自启动squid

  1. 安装httpd

    1
    2
    3
    [root@localhost bin]#yum install httpd
    [root@localhost bin]# chkconfig --level 2345 httpd on

  1. 查找“basic_ncsa_auth”的路径,一会儿配置到squid.conf文件中。

    1
    2
    3
    [root@localhost bin]# rpm -ql squid | grep ncsa_auth
    /usr/lib64/squid/basic_ncsa_auth
    /usr/share/man/man8/basic_ncsa_auth.8.gz

  1. 生成用户名和密码

    1
    2
    3
    4
    5
    [root@localhost bin]# ./htpasswd -c /etc/squid/password chengsu
    New password:
    Re-type new password:
    Adding password for user chengsu
    [root@localhost bin]#

  2. 下面是/etc/squid/squid.config:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
     1	#
     2	# Recommended minimum configuration:
     3	#
     4
     5	# Example rule allowing access from your local networks.
     6	# Adapt to list your (internal) IP networks from where browsing
     7	# should be allowed
     8	# acl localnet src 10.0.0.0/8	# RFC1918 possible internal network delete by zlb
     9	# acl localnet src 172.16.0.0/12	# RFC1918 possible internal network delete by zlb
    10	# acl localnet src 192.168.0.0/16	# RFC1918 possible internal network delete by zlb
    11	# acl localnet src fc00::/7       # RFC 4193 local private network range delete by zlb
    12	# acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines delete by zlb
    13
    14	acl SSL_ports port 443
    15	acl Safe_ports port 80		# http
    16	acl Safe_ports port 21		# ftp
    17	acl Safe_ports port 443		# https
    18	acl Safe_ports port 70		# gopher
    19	acl Safe_ports port 210		# wais
    20	acl Safe_ports port 1025-65535	# unregistered ports
    21	acl Safe_ports port 280		# http-mgmt
    22	acl Safe_ports port 488		# gss-http
    23	acl Safe_ports port 591		# filemaker
    24	acl Safe_ports port 777		# multiling http
    25	acl CONNECT method CONNECT
    26
    27	# add by zlb
    28	auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/password
    29	auth_param basic children 3
    30	auth_param basic credentialsttl 2 hours
    31	auth_param basic casesensitive off
    32	acl ncsa_users proxy_auth REQUIRED
    33	http_access allow ncsa_users
    34	acl auth_user proxy_auth REQUIRED
    35	# end add by zlb
    36
    37	#
    38	# Recommended minimum Access Permission configuration:
    39	#
    40	# Deny requests to certain unsafe ports
    41	http_access deny !Safe_ports
    42
    43	# Deny CONNECT to other than secure SSL ports
    44	http_access deny CONNECT !SSL_ports
    45
    46	# Only allow cachemgr access from localhost
    47	http_access allow localhost manager
    48	http_access deny manager
    49
    50	# We strongly recommend the following be uncommented to protect innocent
    51	# web applications running on the proxy server who think the only
    52	# one who can access services on "localhost" is a local user
    53	#http_access deny to_localhost
    54
    55	#
    56	# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    57	#
    58
    59	# Example rule allowing access from your local networks.
    60	# Adapt localnet in the ACL section to list your (internal) IP networks
    61	# from where browsing should be allowed
    62	# http_access allow localnet # delete by zlb
    63	# http_access allow localhost # delete by zlb
    64
    65	# And finally deny all other access to this proxy
    66	# http_access deny alla # delete by zlb
    67	http_access allow all # add by zlb
    68
    69	# Squid normally listens to port 3128
    70	# http_port 3128 # delete by zlb
    71	http_port 8889 # add by zlb
    72
    73	# Uncomment and adjust the following to add a disk cache directory.
    74	#cache_dir ufs /var/spool/squid 100 16 256
    75
    76	# Leave coredumps in the first cache dir
    77	coredump_dir /var/spool/squid
    78
    79	#
    80	# Add any of your own refresh_pattern entries above these.
    81	#
    82	refresh_pattern ^ftp:		1440	20%	10080
    83	refresh_pattern ^gopher:	1440	0%	1440
    84	refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
    85	refresh_pattern .		0	20%	4320

  3. squid服务器的配置文件说明
    squid 的主配置文件是 /etc/squid/squid.conf,所有squid的设定都是在这个文件里配置

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    http_port 3128      //设置监听的IP与端口号
    cache_mem 64 MB      //额外提供给squid使用的内存,squid的内存总占用为 X * 10+15+“cache_mem”,其中X为squid的cache占用的容量(以GB为单位),
                   //比如下面的cache大小是100M,即0.1GB,则内存总占用为0.1*10+15+64=80M,推荐大小为物理内存的1/3-1/2或更多。
    maximum_object_size 4 MB   //设置squid磁盘缓存最大文件,超过4M的文件不保存到硬盘
    minimum_object_size 0 KB   //设置squid磁盘缓存最小文件
    maximum_object_size_in_memory 4096 KB   //设置squid内存缓存最大文件,超过4M的文件不保存到内存
    cache_dir ufs /var/spool/squid 100 16 256   //定义squid的cache存放路径 、cache目录容量(单位M)、一级缓存目录数量、二级缓存目录数量
    logformat combined %&gt;a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}&gt;h" %Ss:%Sh        //log文件日志格式
    access_log /var/log/squid/access.log combined  //log文件存放路径和日志格式
    cache_log /var/log/squid/cache.log   //设置缓存日志
    logfile_rotate 60   //log轮循 60天
    cache_swap_high 95  //cache目录使用量大于95%时,开始清理旧的cache
    cache_swap_low 90   //cache目录清理到90%时停止。
    acl localnet src 192.168.1.0/24  //定义本地网段
    http_access allow localnet  //允许本地网段使用
    http_access deny all  //拒绝所有
    visible_hostname squid.david.dev  //主机名
    cache_mgr mchina_tang@qq.com  //管理员邮箱

参考:https://maoxian.de/2016/06/1415.html
https://blog.csdn.net/cysdxy/article/details/53031810

htpasswd

搭建笔记

  • adsl-start时
    [root@196 bin]# ifconfig ppp0
    ppp0: flags=4305 mtu 1492

    inet 117.63.116.40  netmask 255.255.255.255  destination 117.63.116.1
ppp  txqueuelen 3  (Point-to-Point Protocol)
RX packets 112  bytes 10985 (10.7 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 97  bytes 5238 (5.1 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

  • adsl-stop后:
    [root@196 bin]# ifconfig ppp0
    ppp0: error fetching interface information: Device not found

  • [root@196 bin]# ifconfig ppp0 | grep ‘inet ‘
    inet 117.63.127.90 netmask 255.255.255.255 destination 117.63.127.1
    [root@196 bin]# ifconfig ppp0|grep ‘inet ‘ | cut -d: -f2 | awk ‘{print $2}’
    117.63.127.90

  • [root@196 bin]# a=$(ifconfig ppp0|grep ‘inet ‘ | cut -d: -f2 | awk ‘{print $2}’)
    将输出赋给变量a
    [root@196 bin]# echo $a
    117.63.127.90

  • 脚本:
    #!/bin/bash
    adsl-stop
    adsl-start
    a=$(ifconfig ppp0|grep ‘inet ‘ | cut -d: -f2 | awk ‘{print $2}’)
    echo $a

    curl -X POST -d {“proxy_number”:”1”,”ip”:”$a:8889”}’ https://host.city-home.cn/api/common/sync_proxy_server_ip/

    curl -X “POST” “https://host.city-home.cn/api/common/sync_proxy_server_ip/“ -F “proxy_number=1” -F “ip=$a:8889”