1安装
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
http:
//www
.squid-cache.org
/Versions/v3/3
.0/
yum -y
install
openssl-devel openssl
tar
squid-3.0.STABLE20.
tar
.gz
cd
squid-3.0.STABLE20
.
/configure
--prefix=
/application/squid3
.0 \
--
enable
-dlmalloc \
--
enable
-debug-cbdata \
--
enable
-async-io=100 \
--with-pthreads \
--
enable
-storeio=
"aufs,diskd,ufs"
\
--
enable
-removal-policies=
"heap,lru"
\
--
enable
-icmp \
--
enable
-delay-pools \
--
enable
-useragent-log \
--
enable
-referer-log \
--disable-wccp \
--disable-wccpv2 \
--
enable
-
kill
-parent-hack \
--
enable
-arp-acl \
--
enable
-snmp \
--
enable
-default-err-language=Simplify_Chinese \
--
enable
-err-languages=
"Simplify_Chinese English"
\
--disable-poll \
--
enable
-epoll \
--disable-ident-lookups \
--disable-internal-dns \
--
enable
-truncate \
--
enable
-underscores \
--
enable
-basic-auth-helpers=
"NCSA"
\
--
enable
-stacktrace \
--with-winbind-auth-challenge \
--
enable
-large-cache-files \
--with-large-files \
--with-maxfd=65535 \
--
enable
-ssl \
--
enable
-x-accelerator-vary \
--
enable
-linux-netfilter \
--
enable
-linux-tproxy \
--with-aio \
--
enable
-storeio \
--with-fileddescriptors=64000
make
make
install
|
2.
|
1
2
3
|
ln
-s
/application/squid3
.0
/application/squid
egrep
-
v
"^#|^$"
squid.conf
useradd
squid -s
/sbin/nologin
-M
|
3vi /application/squid3.0/etc/squid.conf
|
1
2
3
4
5
6
7
8
9
10
|
cache_effective_user nobody改为 cache_effective_user squid
cache_effective_group squid 添加上
打开日志的功能
access_log
/application/squid3
.0
/var/logs/access
.log squid
cache_store_log
/application/squid3
.0
/var/logs/store
.log
cache_log
/application/squid3
.0
/var/logs/cache
.log
cache_dir ufs
/application/squid3
.0
/var/cache
100 16 256
http_port 默认3128
visible_hostname img01.etiantian.org
#新加 不配起不来
cache_mgr w673004708@163.com
#修改 管理员邮箱
|
4.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@cache01 etc]
# /application/squid/sbin/squid -k parse
2017
/08/05
21:35:20| Processing Configuration File:
/application/squid3
.0
/etc/squid
.conf (depth 0)
2017
/08/05
21:35:20| Initializing https proxy context
WARNING: Cannot write log
file
:
/application/squid3
.0
/var/logs/cache
.log
/application/squid3
.0
/var/logs/cache
.log: Permission denied
messages will be sent to
'stderr'
.
[root@cache01 etc]
#
[root@cache01 squid3.0]
# chown -R squid.squid /application/squid3.0/var/
[root@cache01 squid3.0]
# /application/squid/sbin/squid -k parse
2017
/08/05
21:36:51| Processing Configuration File:
/application/squid3
.0
/etc/squid
.conf (depth 0)
2017
/08/05
21:36:51| Initializing https proxy context
[root@cache01 squid3.0]
#
vim
/etc/profile
export
PATH=$PATH:
/application/squid/sbin
:
/application/squid/bin/
source
/etc/profile
|
5.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@cache01 squid]
# squid -z ##初始化磁盘目录
2017
/08/05
21:41:58| Creating Swap Directories
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/00
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/01
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/02
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/03
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/04
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/05
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/06
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/07
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/08
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/09
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/0A
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/0B
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/0C
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/0D
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/0E
2017
/08/05
21:41:58| Making directories
in
/application/squid3
.0
/var/cache/0F
|
6.
|
1
|
[root@cache01 squid]
# squid -N -d1 #测试 不要终止
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@cache01 ~]
# tail -f /application/squid/var/logs/access.log
1501944635.557 3472 192.168.56.1 TCP_MISS
/200
365 POST http:
//client
.show.qq.com
/cgi-bin/qqshow_user_props_info
- DIRECT
/163
.177.73.109 text
/xml
1501944652.606 21121 192.168.56.1 TCP_MISS
/503
0 CONNECT clients1.google.com:443 - DIRECT
/64
.233.189.100 -
1501944653.105 21072 192.168.56.1 TCP_MISS
/503
0 CONNECT clients1.google.com:443 - DIRECT
/64
.233.189.102 -
1501944653.405 21070 192.168.56.1 TCP_MISS
/503
0 CONNECT clients1.google.com:443 - DIRECT
/64
.233.189.101 -
1501944684.853 7 192.168.56.1 TCP_MISS
/404
0 CONNECT api.growingio.com:443 - DIRECT
/-
-
1501944684.853 7 192.168.56.1 TCP_MISS
/503
314 HEAD http:
//tsfrepl/
- DIRECT
/tsfrepl
text
/html
1501944684.853 6 192.168.56.1 TCP_MISS
/503
314 HEAD http:
//tyzkduwwgqgd/
- DIRECT
/tyzkduwwgqgd
text
/html
1501944684.853 6 192.168.56.1 TCP_MISS
/404
0 CONNECT z13.cnzz.com:443 - DIRECT
/-
-
1501944684.853 6 192.168.56.1 TCP_MISS
/404
0 CONNECT www.senseyun.com:443 - DIRECT
/-
-
1501944684.872 25 192.168.56.1 TCP_MISS
/503
0 CONNECT clients1.google.com:443 - DIRECT
/64
.233.189.138 -
1501944684.872 25 192.168.56.1 TCP_MISS
/503
0 CONNECT clients1.google.com:443 - DIRECT
/64
.233.189.139 -
1501944684.873 26 192.168.56.1 TCP_MISS
/503
0 CONNECT clients1.google.com:443 - DIRECT
/64
.233.189.113 -
1501944685.009 0 192.168.56.1 TCP_MISS
/404
0 CONNECT www.senseyun.com:443 - DIRECT
/-
-
1501944688.045 0 192.168.56.1 TCP_MISS
/503
2671 POST http:
//client
.show.qq.com
/cgi-bin/qqshow_user_props_info
- D
|
7.squid后台启动和日志轮询
[root@cache01 squid]# squid -D #放在后台启动
|
1
2
3
4
|
squid -k rotate 日志轮询
[root@localhost logs]
# squid -k rotate
[root@localhost logs]
# ll
总用量 60
|
-rw-r----- 1 squid squid 0 8月 6 09:36 access.log
-rw-r----- 1 squid squid 18890 8月 5 23:02 access.log.0
-rw-r----- 1 squid squid 456 8月 6 09:36 cache.log
-rw-r----- 1 squid squid 17277 8月 6 09:36 cache.log.0
-rw-r--r-- 1 root squid 5 8月 6 09:35 squid.pid
-rw-r----- 1 squid squid 0 8月 6 09:36 store.log
-rw-r----- 1 squid squid 6829 8月 5 23:02 store.log.0
|
1
2
3
4
5
|
[root@localhost logs]
#
cp
squid.conf squid.conf.putong.01
egrep
-
v
"^#|^$"
squid.conf.putong.01 >squid.conf
[root@localhost etc]
# squid -k parse
[root@localhost etc]
# squid -k reconfigure
|
8 squid设置acl屏蔽
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
acl manager proto cache_object
acl localhost src 127.0.0.1
/32
acl to_localhost dst 127.0.0.0
/8
0.0.0.0
/32
acl localnet src 10.0.0.0
/8
# RFC1918 possible internal network
acl localnet src 172.16.0.0
/12
# RFC1918 possible internal network
acl localnet src 192.168.0.0
/16
# RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80
# http
acl Safe_ports port 21
# ftp
acl Safe_ports port 443
# https
acl Safe_ports port 70
# gopher
acl Safe_ports port 210
# wais
acl Safe_ports port 1025-65535
# unregistered ports
acl Safe_ports port 280
# http-mgmt
acl Safe_ports port 488
# gss-http
acl Safe_ports port 591
# filemaker
acl Safe_ports port 777
# multiling http
acl CONNECT method CONNECT
acl sex url_regex -i ^
#写在此处
http_access deny sex
#两行
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs
/application/squid3
.0
/var/cache
100 16 256
access_log
/application/squid3
.0
/var/logs/access
.log squid
cache_log
/application/squid3
.0
/var/logs/cache
.log
cache_store_log
/application/squid3
.0
/var/logs/store
.log
refresh_pattern ^
ftp
: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_mgr w673004708@163.com
cache_effective_user squid
cache_effective_group squid
visible_hostname img01.etiantian.org
icp_port 3130
coredump_dir
/application/squid3
.0
/var/cache
[root@localhost etc]
# squid -k parse
[root@localhost etc]
# squid -k reconfigure
|
9浏览器查看squid信息
yum -y install httpd
vim /etc/httpd/conf/httpd.conf 添加如下端口我修改了8080
ScriptAlias "/squid" "/application/squid3.0/libexec/cachemgr.cgi"
<Location "/squid">
Order deny,allow
Deny from all
Allow from all
</location>
/etc/init.d/httpd restart
浏览器:http://192.168.56.7:8080/squid 默认没有密码
10squid透明代理
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
eth0 外网
eth1 内网
[root@localhost etc]
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link
/loopback
00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1
/8
scope host lo
inet6 ::1
/128
scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link
/ether
00:0c:29:26:0d:19 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.7
/24
brd 192.168.56.255 scope global eth0
inet6 fe80::20c:29ff:fe26:d19
/64
scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link
/ether
00:0c:29:26:0d:23 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.7
/8
brd 10.255.255.255 scope global eth1
inet6 fe80::20c:29ff:fe26:d23
/64
scope link
valid_lft forever preferred_lft forever
[root@localhost etc]
#
squid.conf
http_port 3128 transparent
#端口号后边加上就行
在squid.conf后边加几个参数
cache_mem 90 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 8192 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 4096 KB
memory_replacement_policy lru
emulate_httpd_log on
启动squid
/etc/init
.d
/iptables
stop
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0
/24
-j MASQUERADE
net.ipv4.ip_forward = 1
sysctl -p
|
配置另外一台服务器(10.10.10.8)
route add default gw 10.10.10.7
curl g.cn
在10.10.10.7查看日志
[root@localhost logs]# tail -f access.log
1501990490.416 21071 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.102 -
1501990495.298 21124 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.113 -
1501990504.690 21069 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.101 -
1501990514.471 21070 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.138 -
1501990525.242 21067 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.139 -
1501990530.513 600100 192.168.56.1 TCP_CLIENT_REFRESH_MISS/204 143 GET http://notify3.note.youdao.com/pushserver3/client? - DIRECT/123.58.182.253 -
1501990543.929 526389 192.168.56.1 TCP_MISS/200 432 CONNECT mtalk.google.com:443 - DIRECT/64.233.188.188 -
1501991898.960 430 10.10.10.8 TCP_MISS/301 573 GET http://www.baidd.com/ - DIRECT/47.88.136.144 text/html
1501991902.684 148 10.10.10.8 TCP_MISS/302 282 GET http://www.baidu.com/ - DIRECT/61.135.169.121 -
1501991909.475 238 10.10.10.8 TCP_MISS/301 655 GET http://g.cn/ - DIRECT/203.208.43.87 text/html
本文转自 小小三郎1 51CTO博客,原文链接:http://blog.51cto.com/wsxxsl/1953943,如需转载请自行联系原作者
