Squid proxy server basics

Squid proxy server

Overview of Caching Proxy

The working mechanism of web proxy

Cache web page objects to reduce repeated requests

Basic types of agents

Traditional proxy: suitable for the Internet, the server needs to be clearly specified
Transparent proxy: the client does not need to specify the address and port of the proxy server, but redirects Web access to the proxy server through the default route and firewall policy

Benefits of using a proxy

Improve the speed of Web access,
hide the real IP address of the client

experiment

Proxy server

192.168.20.20
[root@localhost ~]# hostnamectl set-hostname squid
[root@localhost ~]# su
[root@squid ~]# cd /opt
[root@squid opt]# rz -E
rz waiting to receive.
[root@squid opt]# 
[root@squid opt]# cd /opt
[root@squid opt]# tar zxvf squid-3.4.6.tar.gz 解压
[root@squid opt]# cd squid-3.4.6/ 进入解压目录
[root@squid squid-3.4.6]# yum -y install gcc gcc-c++ 安装环境（手工编译安装）
[root@squid squid-3.4.6]# ./configure \
> --prefix=/usr/local/squid \ 指安装路径
> --sysconfdir=/etc \ 配置文件
> --enable-arp-acl \ 配置ACL访问控制列表
> --enable-linux-netfilter \ 过滤表
> --enable-linux-tproxy \ 透明代理功能模块
> --enable-async-io=100 \ 吞吐量（IO输入输出）
> --enable-err-language="Simplify_Chinese" \ 字符集
> --enable-underscore \ 支持UIL中带有下划线
> --enable-poll \ 开启poll模块
> --enable-gnuregex 支持正则表达式
[root@squid squid-3.4.6]# make &&make install  
[root@squid squid-3.4.6]# ln -s /usr/local/squid/sbin/* /usr/local/sbin 便于系统识别
[root@squid squid-3.4.6]# useradd -M -s /sbin/nologin squid 建立程序型用户
[root@squid squid-3.4.6]# chown -R squid.squid /usr/local/squid/var/  递归给权限
[root@squid squid-3.4.6]# vim /etc/squid.conf
 56 http_access allow all
 57 #http_access deny all
 61 cache_effective_user squid 代理服务器程序型用户
 62 cache_effective_group squid 代理服务器组
[root@squid squid-3.4.6]# squid -k parse 检查配置文件语法
[root@squid squid-3.4.6]# squid -z 初始化缓存目录
[root@squid squid-3.4.6]# 2020/09/06 11:04:29 kid1| Set Current Directory to /usr/local/squid/var/cache/squid 
2020/09/06 11:04:29 kid1| Creating missing swap directories
2020/09/06 11:04:29 kid1| No cache_dir stores are configured.
[root@squid squid-3.4.6]# squid 启动
[root@squid squid-3.4.6]# netstat -ntap | grep 3128
tcp6       0      0 :::3128                 :::*                    LISTEN  

Configure startup script

[root@squid squid-3.4.6]# cd /etc/init.d/
[root@squid init.d]# vim squid
#!/bin/bash
#chkconfig: 35 90 25
#config: /etc/squid.conf
#pidfile: /usr/local/squid/var/run/squid.pid
#Description: Squid - Internet Object Cache

PID="/usr/local/squid/var/run/squid.pid"
CONF="/etc/squid.conf"
CMD="/usr/local/squid/sbin/squid"

case "$1" in
        start)
                netstat -utpln | grep squid &>/dev/null
                if [ $? -eq 0 ]
                        then
                                echo "Squid is running"
                else
                        $CMD
                fi
        ;;
        stop)
                $CMD -k kill &>/dev/null
                rm -rf $PID &>/dev/null
        ;;
        status)
                [ -f $PID ] &>/dev/null
                        if [ $? -eq 0 ]
                          then
                                netstat -utpln | grep squid
                        else
                                echo "Squid is not running"
                        fi
;;
        restart)
                $0 stop &>/dev/null
                echo "正在关闭Squid..."
                $0 start &>/dev/null
                echo "正在启动Squid..."
        ;;
        reload)
                $CMD -k reconfigure
        ;;
        check)
                $CMD -k parse
        ;;
        *)
                echo "用法：{start | stop | restart | reload | check | status}"
esac

[root@squid init.d]# chmod +x squid 给执行权限
[root@squid init.d]# chkconfig --add squid 
[root@squid init.d]# chkconfig --level 35 squid on   //35级别开机自启动

Traditional proxy server

[root@squid init.d]# vim /etc/squid.conf //逐条访问
 56 http_access allow all //允许所有
 57 http_access deny all
 63 cache_mem 64 MB //缓存空间
 64 reply_body_max_size 10 MB //下载单个文件最大大小
 65 maximum_object_size 4096 KB //文件超过4M直接转发给用户，不进行缓存
[root@squid init.d]# iptables -F
[root@squid init.d]# setenforce 0
[root@squid init.d]# iptables -t nat -F 
[root@squid init.d]# iptables -I INPUT -p tcp --dport 3128 -j ACCEPT //INPTU链TCP协议端口3128允许所有
[root@squid init.d]# service squid reload //重载

web node
192.168.20.10

[root@web ~]# systemctl stop firewalld.service 
[root@web ~]# iptables -F
[root@web ~]# setenforce 0
[root@web ~]# yum -y install httpd
[root@web ~]# systemctl start httpd

Client

[root@web /]# cd /var/log/httpd/
[root@web httpd]# ll
总用量 12
-rw-r--r--. 1 root root 5065 9月   6 11:40 access_log
-rw-r--r--. 1 root root 1329 9月   6 11:40 error_log
[root@web httpd]# cat access_log 

[root@web httpd]# cat access_log 

Transparent proxy
All hosts Only the host is connected to the proxy server Set up dual network cards

[root@squid ~]# cd /etc/sysconfig/network-scripts/
[root@squid network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36
[root@squid network-scripts]# vim ifcfg-ens36

[root@squid network-scripts]# service network restart 
Restarting network (via systemctl):                        [  确定  ]

[root@squid network-scripts]# vim /etc/sysctl.conf 
net.ipv4.ip_forward = 1 //开启路由功能

[root@squid network-scripts]# sysctl -p
net.ipv4.ip_forward = 1
[root@squid network-scripts]# vim /etc/squid.conf
 60 http_port 192.168.10.1:3128 transparent
[root@squid network-scripts]# service squid reload
[root@squid network-scripts]# netstat -ntap |grep squid
tcp        0      0 192.168.10.1:3128       0.0.0.0:*               LISTEN      109205/(squid-1) 
[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
iptables -I INPUT -p tcp --dport 3128 -j ACCEPT //还原虚拟机后需要重新加入这条规则

[root@web ~]# cd /var/log/httpd/
[root@web httpd]# cat access_log