Article Directory
1. Squid proxy server
Squid mainly provides the functions of cache acceleration and application layer filtering control
1. The working mechanism of Web proxy
- Instead of the client requesting data from the website, the real IP address of the user can be hidden.
- Save the obtained web page data (static web elements) to the cache and send it to the client for quick response the next time the same data is requested (cache web page objects to reduce repeated requests)
2. The basic types of agents
2.1 Traditional agency
- Suitable for Internet
- The address and port of the proxy server must be clearly specified on the client
2.2 Transparent proxy
- The client does not need to specify the address and port of the proxy server
- Instead, web access is redirected to the proxy server for processing through default routes and firewall policies
2.3 Reverse proxy
- If the requested resource is cached in the Squid reverse proxy server, the requested resource is directly returned to the client
- Otherwise, the reverse proxy server will request resources from the web server in the background, and then return the response to the request to the client
- At the same time, the response will be cached locally for the next requester to use
3. The benefits of using a proxy
- Improve web access speed
- Hide the real IP address of the client
Two, install the Squid service
- Transfer relevant software packages to the /opt/ directory
- Download portal : squid-3.5.28.tar.gz (extract code: qwer)
1. Compile and install Squid
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
#关闭防火墙(关闭开启自启)及安装访问控制机制
yum -y install gcc gcc-c++ make
#安装 gcc gcc-c++ 及编译器以编译环境
#CentOS 7 系统时默认已安装的
tar zxvf squid-3.5.28.tar.gz -C /opt/
#gz 格式使用 zxvf 进行解压缩
cd /opt/squid-3.5.28
#进入解压完后的目录
./configure --prefix=/usr/local/squid \
--sysconfdir=/etc \
--enable-arp-acl \
--enable-linux-netfilter \
--enable-linux-tproxy \
--enable-async-io=100 \
--enable-err-language="Simplify_Chinese" \
--enable-underscore \
--enable-poll \
--enable-gnuregex
The details are as follows:
./configure --prefix=/usr/local/squid \ #指定安装目录为 /usr/local/squid
--sysconfdir=/etc \ #指定配置文件路径为 /etc
--enable-arp-acl \ #MAC 地址管控,防止客户端使用 ip 进行欺骗
--enable-linux-netfilter \ #使用内核过滤(netfilter:内核态)
--enable-linux-tproxy \ #支持透明模式
--enable-async-io=100 \ #异步 io,提升存储性能
--enable-err-language="Simplify_Chinese" \ #错误信息的显示语言
--enable-underscore \ #允许 URL 中有下划线
--enable-poll \ #使用 poll()模式,提升性能
--enable-gnuregex #使用 GUN 正则表达式
make -j 4 && make install
#编译过程时间较长
ln -s /usr/local/squid/sbin/* /usr/local/sbin/
useradd -M -s /sbin/nologin squid
chown -R squid:squid /usr/local/squid/var/
#创建软链接至路径环境变量,方便系统识别 squid 的系统命令
#创建程序用户 squid,保证系统安全性
#为 /usr/local/squid/var 目录递归指定属主属组
2. Modify Squid's configuration file
vim /etc/squid.conf
...
...
#56行,插入
http_access allow all
#放在 http_access deny all 之前,允许任意客户机使用代理服务
http_access deny all
...
http_port 3128
#用来指定代理服务监听的地址和端口(默认的端口号为 3128)
#61行,插入
cache_effective_user squid
#添加指定程序用户,用来设置初始化、运行时缓存的账号,否则启动不成功
cache_effective_group squid
#添加指定账号基本组
...
coredump_dir /usr/local/squid/var/cache/squid
#指定缓存文件目录,这里是我们刚递归更改属主属组的路径地址
3. Squid operation control
squid -k parse
#检查配置文件语法是否正确
squid –z
#-z 选项用来初始化缓存目录
squid
#启动 squid 服务
netstat -anpt | grep "squid"
#squdi 端口号为 tcp 3128
4. Create Squid service script
vim /etc/init.d/squid
#!/bin/bash
#chkconfig: 2345 90 25
PID="/usr/local/squid/var/run/squid.pid"
CONF="/etc/squid.conf"
CMD="/usr/local/squid/sbin/squid"
case "$1" in
start)
netstat -natp | grep squid &> /dev/null
if [ $? -eq 0 ]
then
echo "squid is running"
else
echo "正在启动 squid..."
$CMD
fi
;;
stop)
$CMD -k kill &> /dev/null
rm -rf $PID &> /dev/null
;;
status)
[ -f $PID ] &> /dev/null
if [ $? -eq 0 ]
then
netstat -natp | grep squid
else
echo "squid is not running"
fi
;;
restart)
$0 stop &> /dev/null
echo "正在关闭 squid..."
$0 start &> /dev/null
echo "正在启动 squid..."
;;
reload)
$CMD -k reconfigure
;;
check)
$CMD -k parse
;;
*)
echo "用法:$0{start|stop|status|reload|check|restart}"
;;
esac
Tips:
2345 is the default self-start level, 90 is the start priority, 25 is the stop priority, the priority range is 0~100, the higher the number, the lower the priority
chmod +x /etc/init.d/squid
#给该服务启动脚本可执行权限
chkconfig --add squid
#将该服务加入 chkconfig 管理
chkconfig --level 35 squid on
#能够在级别3(字符界面),级别5(视图界面)中自启动
chkconfig --list squid
#查看运行级别
