前言
本人小白,学校的校园网访问不了github等网站,所以打算用云服务器作为代理服务器去访问这些网站。
服务器环境:Ubuntu 22.04.4 LTS
使用Squid搭建代理
安装squid:
sudo apt install squid
修改squid的配置文件:
squid的配置文件路径 /etc/squid/squid.conf,文件很长很长
建议先备份一下:
cd /etc/squid/
cp squid.conf squid.conf.bak
这里直接给出我网上找到的配置文件:参考
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# 配置localnet的局域网段下面是localnet 能映射的网段
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
# 本人本机是192.168.50.24,然后代理访问时想不被局域网拦截,从而需要用户密码认证,所以我注释了这里
# acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
# allow是允许局域网代理访问(localnet映射的网址在上面 acl localnet那一堆默认的)
http_access allow localnet
http_access allow localhost
# 这三行是个人配置的代理访问用户和密码
# 这里有可能是/usr/lib64/squid/basic_ncsa_auth
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
acl auth_user proxy_auth REQUIRED
http_access allow auth_user
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 3128
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
/etc/squid/passwd 是用户密码存储文件,密码是经过加密的
可使用如下命令来生成用户密码
htpasswd -c /etc/squid/passwd 用户名
设置或者关闭防火墙,我直接给关闭了
sudo ufw disable
记得配置服务器的安全组,把要使用的端口打开
启动squid
service squid start
#重新加载配置文件
service squid reload
#查看启动状态
service squid status
#重启---时间小长
service squid restart
本地windows使用代理
打开控制面板,找到网络和internet,点击并找到internet选项
点击连接,局域网设置
填写对应的ip和端口
这样所有的访问都会通过代理服务器进行转发了
但是配置完之后打开github很慢而且图片和JS,CSS等都加载不出来。我也不清楚什么原因所以我放弃了这个想法。
参考文章:
squid代理服务配置用户和密码(解决配置失效问题)
Ubuntu 18.04 配置Squid网络代理