Squid proxy server
Article Directory
Overview of Caching Proxy
The working mechanism of web proxy
Cache web page objects to reduce repeated requests
Basic types of agents
Traditional proxy: suitable for the Internet, the server needs to be clearly specified
Transparent proxy: the client does not need to specify the address and port of the proxy server, but redirects Web access to the proxy server through the default route and firewall policy
Benefits of using a proxy
Improve the speed of Web access,
hide the real IP address of the client
experiment
Proxy server
192.168.20.20
[root@localhost ~]# hostnamectl set-hostname squid
[root@localhost ~]# su
[root@squid ~]# cd /opt
[root@squid opt]# rz -E
rz waiting to receive.
[root@squid opt]#
[root@squid opt]# cd /opt
[root@squid opt]# tar zxvf squid-3.4.6.tar.gz 解压
[root@squid opt]# cd squid-3.4.6/ 进入解压目录
[root@squid squid-3.4.6]# yum -y install gcc gcc-c++ 安装环境(手工编译安装)
[root@squid squid-3.4.6]# ./configure \
> --prefix=/usr/local/squid \ 指安装路径
> --sysconfdir=/etc \ 配置文件
> --enable-arp-acl \ 配置ACL访问控制列表
> --enable-linux-netfilter \ 过滤表
> --enable-linux-tproxy \ 透明代理功能模块
> --enable-async-io=100 \ 吞吐量(IO输入输出)
> --enable-err-language="Simplify_Chinese" \ 字符集
> --enable-underscore \ 支持UIL中带有下划线
> --enable-poll \ 开启poll模块
> --enable-gnuregex 支持正则表达式
[root@squid squid-3.4.6]# make &&make install
[root@squid squid-3.4.6]# ln -s /usr/local/squid/sbin/* /usr/local/sbin 便于系统识别
[root@squid squid-3.4.6]# useradd -M -s /sbin/nologin squid 建立程序型用户
[root@squid squid-3.4.6]# chown -R squid.squid /usr/local/squid/var/ 递归给权限
[root@squid squid-3.4.6]# vim /etc/squid.conf
56 http_access allow all
57 #http_access deny all
61 cache_effective_user squid 代理服务器程序型用户
62 cache_effective_group squid 代理服务器组
[root@squid squid-3.4.6]# squid -k parse 检查配置文件语法
[root@squid squid-3.4.6]# squid -z 初始化缓存目录
[root@squid squid-3.4.6]# 2020/09/06 11:04:29 kid1| Set Current Directory to /usr/local/squid/var/cache/squid
2020/09/06 11:04:29 kid1| Creating missing swap directories
2020/09/06 11:04:29 kid1| No cache_dir stores are configured.
[root@squid squid-3.4.6]# squid 启动
[root@squid squid-3.4.6]# netstat -ntap | grep 3128
tcp6 0 0 :::3128 :::* LISTEN
Configure startup script
[root@squid squid-3.4.6]# cd /etc/init.d/
[root@squid init.d]# vim squid
#!/bin/bash
#chkconfig: 35 90 25
#config: /etc/squid.conf
#pidfile: /usr/local/squid/var/run/squid.pid
#Description: Squid - Internet Object Cache
PID="/usr/local/squid/var/run/squid.pid"
CONF="/etc/squid.conf"
CMD="/usr/local/squid/sbin/squid"
case "$1" in
start)
netstat -utpln | grep squid &>/dev/null
if [ $? -eq 0 ]
then
echo "Squid is running"
else
$CMD
fi
;;
stop)
$CMD -k kill &>/dev/null
rm -rf $PID &>/dev/null
;;
status)
[ -f $PID ] &>/dev/null
if [ $? -eq 0 ]
then
netstat -utpln | grep squid
else
echo "Squid is not running"
fi
;;
restart)
$0 stop &>/dev/null
echo "正在关闭Squid..."
$0 start &>/dev/null
echo "正在启动Squid..."
;;
reload)
$CMD -k reconfigure
;;
check)
$CMD -k parse
;;
*)
echo "用法:{start | stop | restart | reload | check | status}"
esac
[root@squid init.d]# chmod +x squid 给执行权限
[root@squid init.d]# chkconfig --add squid
[root@squid init.d]# chkconfig --level 35 squid on //35级别开机自启动
Traditional proxy server
[root@squid init.d]# vim /etc/squid.conf //逐条访问
56 http_access allow all //允许所有
57 http_access deny all
63 cache_mem 64 MB //缓存空间
64 reply_body_max_size 10 MB //下载单个文件最大大小
65 maximum_object_size 4096 KB //文件超过4M直接转发给用户,不进行缓存
[root@squid init.d]# iptables -F
[root@squid init.d]# setenforce 0
[root@squid init.d]# iptables -t nat -F
[root@squid init.d]# iptables -I INPUT -p tcp --dport 3128 -j ACCEPT //INPTU链TCP协议端口3128允许所有
[root@squid init.d]# service squid reload //重载
web node
192.168.20.10
[root@web ~]# systemctl stop firewalld.service
[root@web ~]# iptables -F
[root@web ~]# setenforce 0
[root@web ~]# yum -y install httpd
[root@web ~]# systemctl start httpd
Client
[root@web /]# cd /var/log/httpd/
[root@web httpd]# ll
总用量 12
-rw-r--r--. 1 root root 5065 9月 6 11:40 access_log
-rw-r--r--. 1 root root 1329 9月 6 11:40 error_log
[root@web httpd]# cat access_log
[root@web httpd]# cat access_log
Transparent proxy
All hosts Only the host is connected to the proxy server Set up dual network cards
[root@squid ~]# cd /etc/sysconfig/network-scripts/
[root@squid network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36
[root@squid network-scripts]# vim ifcfg-ens36
[root@squid network-scripts]# service network restart
Restarting network (via systemctl): [ 确定 ]
[root@squid network-scripts]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1 //开启路由功能
[root@squid network-scripts]# sysctl -p
net.ipv4.ip_forward = 1
[root@squid network-scripts]# vim /etc/squid.conf
60 http_port 192.168.10.1:3128 transparent
[root@squid network-scripts]# service squid reload
[root@squid network-scripts]# netstat -ntap |grep squid
tcp 0 0 192.168.10.1:3128 0.0.0.0:* LISTEN 109205/(squid-1)
[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
iptables -I INPUT -p tcp --dport 3128 -j ACCEPT //还原虚拟机后需要重新加入这条规则
[root@web ~]# cd /var/log/httpd/
[root@web httpd]# cat access_log