Configure Linux as a proxy server

What is a proxy server

  Proxy Server is an intermediate server located in a computer network. It acts as an intermediary between the client and the target server, forwarding client requests and obtaining responses from the target server. The main functions of the proxy server include the following:

  1. Break through website access restrictions

  For individual users, accessing the Internet through a proxy allows us to access some websites that would be slower or restricted to access directly, such as accessing the website of the Education Network (China Education and Scientific Research Computer Network).

  2. Improve access speed

  When installed, the proxy server will set up a disk space on the local hard disk as a "cache area" to download and save a copy of the content received by the proxy user from the Internet (Internet) site, so that the next time a user accesses the same content At this time, the content will be directly retrieved from the cache area and delivered to the user, instead of searching and retrieving from the Web server. This "caching" function of the proxy server can greatly improve access speed and reduce communication costs. It is a very important function.

  3. Hide real IP and protect personal information

  Internet surfers can also hide their real IP through proxy servers to protect themselves from network attacks. Users who visit some unknown and unsafe websites, or do not want to leak personal information, can access the proxy server, and then the proxy server forwards and processes mutual information, so that the user's personal information will not be leaked.

  4. Manage permissions and information traffic billing for internal network users

  Through the proxy server, network administrators can easily manage "access rights" and "information traffic accounting" for internal network users when providing Internet services. Network administrators can not only allow only authorized LAN users to access the Internet (Internet), but can also control which types of Internet (Internet) services these users access at what time and on which computer.

  For users who have been allowed to access the Internet, network administrators can also perform billing management of information traffic in a variety of ways, such as billing based on individuals, billing based on computers belonging to departments, etc., which brings great benefits to network management. Great convenience.

  5. Monitor and filter Internet information entering the internal network

  In order to prevent information unrelated to business from entering the internal network and wasting communication fees, each organization often has some corresponding regulations on the content that is allowed to be accessed. Through the proxy server, network administrators can not only easily control the information content flowing from the Internet (Internet) into the internal network through filtering methods, but also conduct real-time monitoring of users' access to the Internet (Internet) and create audit log archives for future reference.

  6. Conduct hierarchical management of users and set access rights for different users.

  Because all intranet users access the outside world through the proxy server, they are only mapped to one IP address, so the outside world cannot directly access the intranet. At the same time, IP address filtering can be set up to limit the access rights of the intranet to the outside world. You can prohibit access by certain users and criminals by restricting and blocking IP addresses, or set access rights to certain web pages.

  7. Save IP expenses

  Proxy servers can allow the use of a large number of pseudo-IP addresses, saving online resources, that is, using proxy servers can reduce the need for IP addresses. For accessing the Internet using a LAN, if you apply for an IP address for each user in the LAN, the cost can be imagined. However, after using a proxy server, you only need to have a legal IP address on the proxy server. As for other users in the LAN, you can use private IP addresses such as "10...*" for access. This can save a lot of IP and reduce network maintenance costs.

Configure Linux as a proxy server

open proxy server

  1. Install Squid

  The installation command is as follows:

yum install squid -y

  2. Modify the configuration file

  Enter edit mode:

vim /etc/squid/squid.conf

  Then http_access deny allchange to http_access allow all. If the 3128 port below is already occupied, it needs to be changed.

[Pit] If you are using Alibaba Cloud server, remember to open port 3128 in the firewall at the same time, otherwise you will not be able to access it.

  3. Start the Squid service

  Start command:

systemctl start squid # 开启

  After starting, check whether the system is monitoring port 3128 and enter the command:

netstat -ntl

  Other related commands:

systemctl stop squid # 停止
service squid restart # 重启

  4. Turn off the firewall

  Turn off the firewall command:

systemctl stop firewalld

Upgrade the proxy server that requires an account and password

  1. Install httpd-tools

yum install httpd-tools -y

  2. Create user and password

htpasswd -c /etc/squid/passwd 你的代理用户名

  A prompt message will appear asking you to enter your password and confirm it.

  3. Modify the squid.conf file (/etc/squid/squid.conf)

在#INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS下加入以下代码：
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
acl auth_user proxy_auth REQUIRED
http_access allow auth_user

  4. Start or restart Squid

service squid restart

Linux system uses proxy server

Temporary access via proxy

  On another Linux machine, open the dialog box and enter:

export http_proxy=http://192.168.13.114:3128

# curl -x http://<代理服务器地址>:<代理服务器端口> -U <用户名>:<密码> <目标URL>

curl -x http://192.168.13.114:3128 -U root:root https://blog.csdn.net

[Note] 192.168.13.114This is the IP address of my proxy server.

  When the dialog box is closed, the proxy currently set is no longer valid.

Permanent access via proxy

  On another Linux machine:

  1. Edit the file /etc/profile and add the following two lines

export http_proxy=http://ip:port
export https_proxy=http://ip:port

  2. Execute source /etc/profile, then log out and then log in again to take effect.

  3. Check if there is a proxy: echo $http_proxy; echo $thhps_proxy

Windows system uses proxy server

  Open the Start menu and click the Settings icon.

  In the Settings window, select Network & Internet.

  In the left navigation bar, click "Agents."

  In the "Proxy server" section on the right, toggle the "Use a proxy server" switch to on.

  Enter the proxy server's IP address or host name in the Address field, and then enter the proxy server's port number in the Port field.

  If your proxy server requires authentication (username and password), a pop-up window will appear asking you to enter when using the browser: