Squid传统代理服务器一键部署脚本

一.Squid传统代理概述

对于Web用户来说，Squid是一个高性能的代理缓存服务器，可以加快内部网浏览Internet的速度，提高客户机的访问命中率。 Squid不仅支持HTTP协议，还支持FTP、gopher、SSL和WAIS等协议。 和一般的代理缓存软件不同，Squid用一个单独的、非模块化的、I/O驱动的进程来处理所有的客户端请求

• 代替客户机向网站请求数据，从而可以隐藏用户的真实IP地址

• 将获得的网页数据（静态 web元素）保存到缓存中并发给客户机，以便下次请求相同的数据时快速响应

当我们客户机通过squid代理去访问web页面时，指定的代理服务器会先检查自己的缓存，若是缓存中有我们客户机需要的页面，那么squid服务器将直接把缓存中的页面内容返回给客户机

如果缓存中没有客户端请求的页面，那么squid代理服务器就会向internet发送访问请求，获得返回的web页面后，将网页的数据保存到缓存中并发送给客户机。

由于客户机的web访问请求实际上是squid代理服务器来代替完成的，所以隐藏了用户的真实IP地址

传统代理：适用于internet，需在客户机指定代理服务器的地址和端口

传统代理：也就是普通的代理服务，需要我们客户端在浏览器、聊天工具等一些程序中设置代理服务器的地址和端口，然后才能使用代理来访问网络，这种方式相比较而言比较麻烦，因为客户机还需手动指定代理服务器，所以一般用于Internet环境

二，Squid脚本部署如下

部署Squid和Apache服务

Apache安装包如下：

链接：https://pan.baidu.com/s/1UdR78cyYCtp0vp5Ogv-eig 
提取码：xksl

温馨提醒：

部署squid编译安装的时间比较久噢(●'◡'●)，差不多十几分钟吧，不要退出噢！！！

可以提前将Apache的软件包httpd-2.4.54.tar.gz上传到/root/下

Squid脚本部署如下：

#!/bin/bash
#function: Squid代理服务器部署
#author: aliang  20230822
#####root判断#####
if
  [  "$USER"  != "root"   ]
then
   echo "错误：非root用户，权限不足！"
  exit  0
fi
############防火墙与高级权限##########
systemctl stop firewalld && systemctl disable firewalld  && echo "防火墙已经关闭"
sed -i 's/SELINUX=.*/SELINUX=disabled/g'  /etc/selinux/config  && echo "关闭selinux"
############上传安装包########
wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.28.tar.gz
squid_path="squid-3.5.28.tar.gz"

if [ -e "$squid_path" ]; then
    echo "软件包已存在，继续执行"
else
    echo "软件包不存在，开始下载....."
  if [ $? -ne 0 ]; then

     echo "下载失败请手动上传至/root/下"
exit 1

fi

fi

###########安装依赖包#####
yum -y install gcc gcc-c++ make

#############解包squid-3.5.28.tar.gz#########
tar zxvf squid-3.5.28.tar.gz -C /opt/
cd /opt/squid-3.5.28/

###########开始编译安装##########3
./configure --prefix=/usr/local/squid \
--sysconfdir=/etc \
--enable-arp-acl \
--enable-linux-netfilter \
--enable-linux-tproxy \
--enable-async-io=100 \
--enable-err-language="Simplify_Chinese" \
--enable-underscore \
--enable-poll \
--enable-gnuregex
   if [ $? -eq 0 ]; then
     make && make install
        if [ $? -eq 0 ]; then
    echo "编译安装完成"
fi
else
    echo "编译安装失败"
exit 1
fi

####创建软链接至路径环境变量###########
ln -s /usr/local/squid/sbin/* /usr/local/sbin/


####创建用户##########
useradd -M -s /sbin/nologin squid

#######添加属组############
chown -R squid:squid /usr/local/squid/var


###备份配置文件
cp /etc/squid.conf /etc/squid.conf.bak
############修改配置文件#############
cat > /etc/squid.conf << EOF
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access allow all
http_access deny all

# Squid normally listens to port 3128
http_port 3128
cache_effective_user squid
cache_effective_group squid
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

EOF
########检查配置语法是否正确##
squid -k parse

##########启动Squid####
squid -z 					#-z 选项用来初始化缓存目录
squid						#启动 squid 服务

##########index_httpd#######
#####################进行一个上传包http.2.4.54##################
rz
cd /root/
httpd_path="httpd-2.4.54.tar.gz"

if [ -e "$httpd_path" ]; then
    echo "软件包已存在，继续执行"
else
    echo "软件包不存在，开始下载....."
  if [ $? -ne 0 ]; then

     echo "下载失败请手动上传至/root/下"
exit 1

fi

fi

##进行一个依赖包安装##
yum -y install apr* pcre* openssl*
##########解压包#############
tar zxf httpd-2.4.54.tar.gz
############切换到http.2.4.54，运行如下#######################
cd httpd-2.4.54
./configure --prefix=/usr/local/httpd
make && make install
################定义变量#################
read -p "请输入想显示的网页内容：" neirong
####################将修改的变量加进去###########
cd /usr/local/httpd/htdocs
cat > index.html << EOF
<html><body><h1>$neirong</h1></body></html>
<meta charset="UTF-8">
EOF
########启动apchaectl服务#########
echo  "ServerName localhost:80" >> /usr/local/httpd/conf/httpd.conf
cd /usr/local/httpd/bin
./apachectl start
echo "服务已开启"

脚本运行完之后，实验结果如下：

以上修改完之后，在浏览器使用本机IP查询

实验也就完成了，喜欢的点赞加关注(●'◡'●)！！！