Table of contents
Configure the service on the web server
Introduction to Squid
Meaning: Squid cache is a popular free software (GNU General Public License) proxy server and web cache server.
Principle: The user's quick access function can be realized through squid. When the user wants to download a homepage, he can initiate an application to squid and ask squid to download instead of it. Then squid connects to the applied website and requests the homepage, and then sends the The home page is passed to the user and a backup is kept at the same time. When other users apply for the same page, Squid immediately transfers the reserved backup to the user, making the user feel that the speed is quite fast
Official website: squid : Optimizing Web Delivery
Note: The default port of squid service is 3128
Squid proxy classification
- forward proxy
- reverse proxy
- transparent proxy
install squid proxy
Check if the software is installed: rpm -qa | grep squid
Note: No response means it is not installed.
Install: yum -y install squid
Common commands
Set boot self-start: systemctl enable squid.service
Disable autostart at boot: systemctl disable squid.service
Start squid manually: systemctl start squid.service
Shut down squid manually: systemctl stop squid.service
View squid service status: systemctl status squid
Note: Squid configuration file location - /etc/squid/squid.conf
main configuration file
http_port 192.168.233.128:3128 //设置监听的ip和端口
cache_mem 64 MB //额外提供给squid使用的内存
maximum_object_size 4 MB //设置squid磁盘缓存最大文件,超过4MB的文件不保存到硬盘
minimum_object_size 0 KB //设置squid磁盘缓存最小文件
maximum_object_size_in_memory 4096 KB //设置squid内存缓存最大文件
cache_dir ufs /var/spool/squid 100 16 256 //定义squid的catch存放路径、catch目录容量(单位M)、一级缓存目录数量、二级缓存目录数量
//定义log文件日志格式
logformat combined %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt.
//log文件存放路径和日志格式
access_log /var/log/squid/access.log combined
cache_log /var/log/squid/cache.log //设置缓存日志
logfile_rotate 60 //log轮询60天
cache_swap_high 95 //cache目录使用量大于95%时,开始清理旧的cache
cache_swap_low 90 //cache目录清理到90%时停止
acl localnet src 192.168.1.0/24 //定义外网网段
acl lan src 192.168.233.0/24 //定义内网网段
acl SSL_ports port 443
acl Safe_ports port 53
http_access allow localnet //允许外网网段使用
http_access allow lan //允许内网网段使用
http_access deny all //拒绝所有
visible_hostname linuxserver //主机名(随便起)
cache_mgr [email protected] //管理员邮箱
forward proxy
Environment configuration
- Windows virtual machine: a network card adopts host-only mode, (ip: 192.168.233.188)
- Linux virtual machine: two network cards, one network card adopts host-only mode (ip: 192.168.233.128) and one network card adopts bridge mode (ip: 192.168.1.35)
- Peripheral physical machine: windows system, ip address is 192.168.1.14
Explanation: Only the host mode is closed and cannot access the external network, and the peripheral physical machine can access the external network. I want the linux network card 1 to be bridged to the peripheral physical machine to be able to access the Internet, and the network card 2 can communicate with the windows virtual machine only in the host mode, so that the linux virtual machine becomes The proxy server of the windows virtual machine realizes the Internet access of the windows virtual machine.
linux server setup
Edit configuration file: vi /etc/squid/squid.conf
configuration file
http_port 192.168.233.128:3128
cache_dir ufs /var/spool/squid 100 16 256
logformat combined %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt.
access_log /var/log/squid/access.log combined
cache_log /var/log/squid/cache.log
acl localnet src 192.168.1.0/24
acl lan src 192.168.233.0/24
http_access allow localnet
http_access allow lan
http_access deny all
visible_hostname linuxserverInitialize the squid cache directory: squid -z
View the files generated by initialization: ls /var/spool/squid/
Start the squid service: systemctl start squid.service
Note: Only port 3128 can be opened
windows client settings
Install proxy plugin - SwitchyOmega
Configure the proxy and use
Result: The windows client can access the Internet (upload the request of this machine to port 3128 of 192.168.233.128, and the proxy server will request the corresponding server and respond to the windows client after receiving it)
Note: Your proxy server must be accessible by your client
reverse proxy
Environment configuration
- Windows server virtual machine: a network card adopts host-only mode, (ip: 192.168.233.132)
- Linux virtual machine: two network cards, one network card adopts host-only mode (ip: 192.168.233.129) and one network card adopts bridge mode (ip: 192.168.1.35)
- A mobile phone: the corresponding IP address is 192.168.1.12, which is only used for external access
Explanation: The windows server acts as a web server and simulates the internal network in the host-only mode; while the network card 1 of linux communicates with the windows server only in the host mode, and the network card 2 simulates the communication between the external network and the mobile phone in the bridge mode, so that linux acts as a reverse proxy The server receives the mobile phone request and forwards it to the windows server on the intranet.
Configure the service on the web server
Do the following in the root directory of disk d
Publish the web page file to the web server IIS
Open iis, click the server icon, select the website, right-click to add the website
Local and host-only access to http://192.168.233.132:8080 The request was successful
linux server configuration
Edit configuration file: vi /etc/squid/squid.conf
configuration file
//linux主机监听192.168.1.35的3129端口
http_port 192.168.1.35:3129 accel vhost vport
//将端口的请求转发到192.168.233.132的8080端口上
cache_peer 192.168.233.132 parent 8080 0 no-query no-digest originserver
cache_dir ufs /var/spool/squid 100 16 256
logformat combined %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt.
access_log /var/log/squid/access.log combined
cache_log /var/log/squid/cache.log
http_access allow all
Notice:
- To which host to direct the request for the listening port, use cache_peer to manage
- catch_peer can write multiple, used to configure load balancing
Start the squid service: systemctl start squid.service
Result: The mobile phone accesses the 192.168.1.35:3129 address successfully.
Understanding: The linux proxy server listens to port 3129. When someone requests port 3129, the request will be forwarded to port 8080 of 192.168.233.123, thereby realizing the function of the reverse proxy server.