squid-阿里云开发者社区

1安装

 http://www.squid-cache.org/Versions/v3/3.0/

 yum  -y install  openssl-devel  openssl

 tar  squid-3.0.STABLE20.tar.gz

 cd  squid-3.0.STABLE20

./configure --prefix=/application/squid3.0 \

--enable-dlmalloc  \

--enable-debug-cbdata  \

--enable-async-io=100  \
--with-pthreads \

--enable-storeio="aufs,diskd,ufs" \

--enable-removal-policies="heap,lru" \

--enable-icmp \

--enable-delay-pools \

--enable-useragent-log \

--enable-referer-log \
--disable-wccp \
--disable-wccpv2 \

--enable-kill-parent-hack \

--enable-arp-acl \

--enable-snmp \

--enable-default-err-language=Simplify_Chinese \

--enable-err-languages="Simplify_Chinese English" \
--disable-poll \

--enable-epoll \
--disable-ident-lookups \
--disable-internal-dns \

--enable-truncate \

--enable-underscores \

--enable-basic-auth-helpers="NCSA" \

--enable-stacktrace \
--with-winbind-auth-challenge \

--enable-large-cache-files \
--with-large-files \
--with-maxfd=65535 \

--enable-ssl \

--enable-x-accelerator-vary \

--enable-linux-netfilter \

--enable-linux-tproxy \
--with-aio \

--enable-storeio \
--with-fileddescriptors=64000
make

make install

ln  -s  /application/squid3.0  /application/squid

egrep  -v "^#|^$"  squid.conf

useradd  squid  -s /sbin/nologin   -M

3vi /application/squid3.0/etc/squid.conf

cache_effective_user nobody改为 cache_effective_user squid

 cache_effective_group squid  添加上

 打开日志的功能

 access_log /application/squid3.0/var/logs/access.log squid

 cache_store_log /application/squid3.0/var/logs/store.log

 cache_log /application/squid3.0/var/logs/cache.log

 cache_dir ufs /application/squid3.0/var/cache 100 16 256

 http_port 默认3128

 visible_hostname img01.etiantian.org #新加  不配起不来

 cache_mgr w673004708@163.com  #修改 管理员邮箱

 [root@cache01 etc]# /application/squid/sbin/squid  -k parse

2017/08/05 21:35:20| Processing Configuration File: /application/squid3.0/etc/squid.conf (depth 0)

2017/08/05 21:35:20| Initializing https proxy context

WARNING: Cannot write log file: /application/squid3.0/var/logs/cache.log

/application/squid3.0/var/logs/cache.log: Permission denied

         messages will be sent to 'stderr'.

[root@cache01 etc]# 
 
[root@cache01 squid3.0]# chown  -R  squid.squid  /application/squid3.0/var/

[root@cache01 squid3.0]# /application/squid/sbin/squid  -k parse

2017/08/05 21:36:51| Processing Configuration File: /application/squid3.0/etc/squid.conf (depth 0)

2017/08/05 21:36:51| Initializing https proxy context

[root@cache01 squid3.0]# 
 
vim /etc/profile

export PATH=$PATH:/application/squid/sbin:/application/squid/bin/

source /etc/profile

[root@cache01 squid]# squid  -z   ##初始化磁盘目录

2017/08/05 21:41:58| Creating Swap Directories

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/00

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/01

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/02

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/03

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/04

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/05

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/06

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/07

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/08

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/09

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0A

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0B

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0C

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0D

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0E

2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0F

[root@cache01 squid]# squid  -N -d1  #测试 不要终止

[root@cache01 ~]# tail -f   /application/squid/var/logs/access.log 

1501944635.557   3472 192.168.56.1 TCP_MISS/200 365 POST http://client.show.qq.com/cgi-bin/qqshow_user_props_info - DIRECT/163.177.73.109 text/xml

1501944652.606  21121 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.100 -

1501944653.105  21072 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.102 -

1501944653.405  21070 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.101 -

1501944684.853      7 192.168.56.1 TCP_MISS/404 0 CONNECT api.growingio.com:443 - DIRECT/- -

1501944684.853      7 192.168.56.1 TCP_MISS/503 314 HEAD http://tsfrepl/ - DIRECT/tsfrepl text/html

1501944684.853      6 192.168.56.1 TCP_MISS/503 314 HEAD http://tyzkduwwgqgd/ - DIRECT/tyzkduwwgqgd text/html

1501944684.853      6 192.168.56.1 TCP_MISS/404 0 CONNECT z13.cnzz.com:443 - DIRECT/- -

1501944684.853      6 192.168.56.1 TCP_MISS/404 0 CONNECT www.senseyun.com:443 - DIRECT/- -

1501944684.872     25 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.138 -

1501944684.872     25 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.139 -

1501944684.873     26 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.113 -

1501944685.009      0 192.168.56.1 TCP_MISS/404 0 CONNECT www.senseyun.com:443 - DIRECT/- -

1501944688.045      0 192.168.56.1 TCP_MISS/503 2671 POST http://client.show.qq.com/cgi-bin/qqshow_user_props_info - D

7.squid后台启动和日志轮询

[root@cache01 squid]# squid -D #放在后台启动

squid  -k rotate  日志轮询

[root@localhost logs]# squid  -k  rotate

[root@localhost logs]# ll
总用量 60

-rw-r----- 1 squid squid     0 8月   6 09:36 access.log
-rw-r----- 1 squid squid 18890 8月   5 23:02 access.log.0
-rw-r----- 1 squid squid   456 8月   6 09:36 cache.log
-rw-r----- 1 squid squid 17277 8月   6 09:36 cache.log.0
-rw-r--r-- 1 root squid     5 8月   6 09:35 squid.pid
-rw-r----- 1 squid squid     0 8月   6 09:36 store.log
-rw-r----- 1 squid squid 6829 8月   5 23:02 store.log.0

[root@localhost logs]# 

cp squid.conf  squid.conf.putong.01

 egrep  -v "^#|^$"   squid.conf.putong.01 >squid.conf

[root@localhost etc]# squid  -k parse

[root@localhost etc]# squid  -k reconfigure

8 squid设置acl屏蔽

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

acl localnet src 10.0.0.0/8    # RFC1918 possible internal network

acl localnet src 172.16.0.0/12    # RFC1918 possible internal network

acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
acl SSL_ports port 443

acl Safe_ports port 80        # http

acl Safe_ports port 21        # ftp

acl Safe_ports port 443        # https

acl Safe_ports port 70        # gopher

acl Safe_ports port 210        # wais

acl Safe_ports port 1025-65535    # unregistered ports

acl Safe_ports port 280        # http-mgmt

acl Safe_ports port 488        # gss-http

acl Safe_ports port 591        # filemaker

acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

acl sex url_regex -i  ^     #写在此处

http_access deny sex                          #两行
 
 
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?

cache_dir ufs /application/squid3.0/var/cache 100 16 256

access_log /application/squid3.0/var/logs/access.log squid

cache_log /application/squid3.0/var/logs/cache.log

cache_store_log /application/squid3.0/var/logs/store.log

refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern (cgi-bin|\?)    0    0%    0
refresh_pattern .        0    20%    4320
cache_mgr w673004708@163.com
cache_effective_user squid
cache_effective_group squid
visible_hostname img01.etiantian.org
icp_port 3130

coredump_dir /application/squid3.0/var/cache
 
 

[root@localhost etc]# squid  -k parse

[root@localhost etc]# squid  -k reconfigure

9浏览器查看squid信息

yum -y install httpd

vim /etc/httpd/conf/httpd.conf 添加如下端口我修改了8080

ScriptAlias "/squid" "/application/squid3.0/libexec/cachemgr.cgi"
<Location "/squid">
   Order deny,allow
        Deny from all
   Allow from all
</location>
/etc/init.d/httpd restart
浏览器：http://192.168.56.7:8080/squid 默认没有密码

10squid透明代理

eth0 外网
eth1 内网
 
 

[root@localhost etc]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:26:0d:19 brd ff:ff:ff:ff:ff:ff

    inet 192.168.56.7/24 brd 192.168.56.255 scope global eth0

    inet6 fe80::20c:29ff:fe26:d19/64 scope link 

       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:26:0d:23 brd ff:ff:ff:ff:ff:ff

    inet 10.10.10.7/8 brd 10.255.255.255 scope global eth1

    inet6 fe80::20c:29ff:fe26:d23/64 scope link 

       valid_lft forever preferred_lft forever

[root@localhost etc]# 
 
 
squid.conf  

http_port 3128  transparent  #端口号后边加上就行
 
在squid.conf后边加几个参数
cache_mem  90 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 8192 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 4096 KB
memory_replacement_policy lru
emulate_httpd_log on
启动squid
 

/etc/init.d/iptables stop 
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3128

iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE
 
net.ipv4.ip_forward = 1
sysctl  -p

配置另外一台服务器(10.10.10.8)

route add default gw 10.10.10.7

curl g.cn

在10.10.10.7查看日志

[root@localhost logs]# tail -f access.log
1501990490.416 21071 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.102 -
1501990495.298 21124 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.113 -
1501990504.690 21069 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.101 -
1501990514.471 21070 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.138 -
1501990525.242 21067 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.139 -
1501990530.513 600100 192.168.56.1 TCP_CLIENT_REFRESH_MISS/204 143 GET http://notify3.note.youdao.com/pushserver3/client? - DIRECT/123.58.182.253 -
1501990543.929 526389 192.168.56.1 TCP_MISS/200 432 CONNECT mtalk.google.com:443 - DIRECT/64.233.188.188 -
1501991898.960    430 10.10.10.8 TCP_MISS/301 573 GET http://www.baidd.com/ - DIRECT/47.88.136.144 text/html
1501991902.684    148 10.10.10.8 TCP_MISS/302 282 GET http://www.baidu.com/ - DIRECT/61.135.169.121 -
1501991909.475    238 10.10.10.8 TCP_MISS/301 655 GET http://g.cn/ - DIRECT/203.208.43.87 text/html

本文转自小小三郎1 51CTO博客，原文链接：http://blog.51cto.com/wsxxsl/1953943，如需转载请自行联系原作者