Cache Overview
Web proxy mechanism
-
Cached objects, reducing repeat request
Acting basic types
- Traditional proxy: for Internet, need to explicitly specify the server
- Transparent Proxy: clients do not need to specify the proxy server address and port, but by default routing, firewall policy will be redirected to the proxy server to access Web processing
The benefits of using proxy
- Improve Web access speed
- Hide the real IP address of the client
Traditional agency set up experiments
lab environment
squid服务器IP地址:192.168.80.179
web服务器IP地址:192.168.80.151
client测试机IP地址:192.168.80.135Install squid on squid server service
[root@squid ~]# mkdir /abc
[root@squid ~]# mount.cifs //192.168.80.2/LNMP-C7 /abc/ //挂载
[root@squid ~]# cd /abc/
[root@squid abc]# tar zxvf squid-3.4.6.tar.gz -C /opt //解压
[root@squid abc]# yum install gcc gcc-c++ make -y //安装环境组件
[root@squid abc]# cd /opt/squid-3.4.6
[root@squid squid-3.4.6]# ./configure \
--prefix=/usr/local/squid \ //指定安装路径
--sysconfdir=/etc \ //配置文件目录
--enable-arp-acl \ //支持acl访问控制列表
--enable-linux-netfilter \ //支持网络筛选
--enable-linux-tproxy \ //支持透明
--enable-async-io=100 \ //IO优化
--enable-err-language="Simplify_Chinese" \ //报错显示简体中文
--enable-underscore \
--enable-poll \
--enable-gnuregex //支持正则表达
[root@squid squid-3.4.6]# make && make install //编译安装
[root@squid squid-3.4.6]# ln -s /usr/local/squid/sbin/* /usr/local/sbin/ //复制命令便于系统识别
[root@squid squid-3.4.6]# useradd -M -s /sbin/nologin squid //创建系统用户
[root@squid squid-3.4.6]# chown -R squid.squid /usr/local/squid/var/ //给目录所有文件属主属组权限Modify squid service configuration file, configuration optimization start-up mode
[root@squid squid-3.4.6]# vim /etc/squid.conf //进入修改squid配置文件
# And finally deny all other access to this proxy
http_access allow all //添加此项
#http_access deny all //注释,允许终端访问
# Squid normally listens to port 3128
http_port 3128
cache_effective_user squid //指定用户squid
cache_effective_group squid //指定组
[root@squid squid-3.4.6]# squid -k parse //检查配置文件语法
[root@squid squid-3.4.6]# squid -z //初始化缓存目录
[root@squid squid-3.4.6]# squid //开启服务
[root@squid squid-3.4.6]# netstat -ntap | grep 3128 //查看squid端口
[root@squid squid-3.4.6]# cd /etc/init.d/
[root@squid init.d]# vim squid //编辑service启动squid服务的脚本文件
#!/bin/bash
#chkconfig: 2345 90 25
PID="/usr/local/squid/var/run/squid.pid" //PID文件进程号文件路径
CONF="/etc/squid.conf" //主配置文件路径
CMD="/usr/local/squid/sbin/squid" //服务启动命令路径
case "$1" in
start)
netstat -ntap | grep squid &> /dev/null
if [ $? -eq 0 ]
then
echo "squid is running"
else
echo "正在启动 squid...."
$CMD
fi
;;
stop)
$CMD -k kill &> /dev/null //关闭squid服务
rm -rf $PID &> /dev/null //删除PID文件
;;
status)
[ -f $PID ] &> /dev/null
if [ $? -eq 0 ]
then
netstat -ntap | grep squid
else
echo "squid is not running"
fi
;;
restart)
$0 stop &> /dev/null
echo "正在关闭 squid..."
$0 start &> /dev/null
echo "正在启动 squid..."
;;
reload)
$CMD -k reconfigure //重载配置文件
;;
check)
$CMD -k parse //检查语法
;;
*)
echo "用法:$0{start|stop|reload|status|check|restart}"
;;
esac
[root@squid init.d]# chmod +x squid //给执行权限
[root@squid init.d]# chkconfig --add squid //添加到service管理中
[root@squid init.d]# chkconfig --level 35 squid on //设置开机自启Traditional proxy configuration settings
[root@squid init.d]# vim /etc/squid.conf //修改主配置文件
# Squid normally listens to port 3128
http_port 3128
cache_mem 64 MB //内存空间大小
reply_body_max_size 10 MB //允许下载最大文件大小
maximum_object_size 4096 KB //允许保存缓存空间最大对象大小
[root@squid init.d]# service squid restart
[root@squid init.d]# iptables -L //查看表内容
[root@squid init.d]# iptables -F //清空表缓存
[root@squid init.d]# setenforce 0
[root@squid init.d]# iptables -I INPUT -p tcp --dport 3128 -j ACCEPT //允许3128端口
[root@squid init.d]# service squid reload //重载配置文件Install apache service on the web server
[root@web ~]# systemctl stop firewalld.service //关闭防火墙
[root@web ~]# setenforce 0
[root@web ~]# yum install httpd -y //安装apache服务
[root@web ~]# systemctl start httpd.service //启动服务Use client access web pages
View access log file in a web server log file
[root@web ~]# cd /etc/httpd/logs/ //查看日志文件
[root@web logs]# vim access_log //此时是135地址访问的Modify the client browser proxy settings
Back to the web server log file to view the access log file again
[root@web ~]# cd /etc/httpd/logs/ //查看日志文件
[root@web logs]# vim access_log //此时是179代理服务器访问的Experimental set up transparent proxy
lab environment
quid服务器IP地址:ens33:192.168.80.184
ens36:192.168.10.1 (仅主机模式)
web服务器IP地址: 192.168.80.151
clientIP地址:192.168.10.10 (仅主机模式)Add a card on the squid server, and configure the IP address
[root@squid ~]# cd /etc/sysconfig/network-scripts/
[root@squid network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36
[root@squid network-scripts]# vim ifcfg-ens36 //修改ens36IP信息
删除uuid修改33为36
BOOTPROTO=static //设置静态
IPADDR=192.168.10.1
NETMASK=255.255.255.0
[root@squid network-scripts]# service network restart //重启网络服务
[root@squid network-scripts]# vim /etc/sysctl.conf //开启路由转发
net.ipv4.ip_forward=1
[root@squid network-scripts]# sysctl -p //加载Specify static routing on the web server
[root@web ~]# route add -net 192.168.10.0/24 gw 192.168.80.184 ##添加静态路由Set on the squid transparent proxy server
root@squid network-scripts]# vim /etc/squid.conf //设置配置文件
http_port 192.168.10.1:3128 transparent //设置透明代理
cache_effective_user squid
cache_effective_group squid
[root@squid network-scripts]# service squid stop //关闭开启squid服务
[root@squid network-scripts]# service squid start
[root@squid network-scripts]# iptables -F //清空表缓存
[root@squid network-scripts]# iptables -t nat -F
[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 80 -j REDIRECT --to 3128 //定义规则入口ens36,80端口重定向到3128
[root@squid network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 443 -j REDIRECT --to 3128 //https443端口
[root@squid network-scripts]# iptables -I INPUT -p tcp --dport 3128 -j ACCEPT //允许3128端口访问Client client testing
[root@web ~]# cd /var/log/httpd/
[root@web httpd]# vim access_log ##查看访问日志信息,此时访问地址变为184访问web服务