【原创】 shell一键配置squid高匿代理服务器 high-Anonymity

部署了大量机器，需要做squid代理用

直接上码

# 一、######### Local shell #########

# sshpass 免于ssh首次登录远程机器需要交互输入密码的繁琐。 

# sshpass -p SERVER_PASSWD ssh/scp params command

# sshpass ：-p 远程服务器密码

# ssh： -o  "StrictHostKeyChecking no"   默认准许登录密钥认证

sshpass -p "SERVER_PASSWD" ssh -o "StrictHostKeyChecking no" -p SERVER_SSH_PORT SERVER_USER@SERVER_IP 'curl "http://zhangzhipeng2023.cn/squid/install-squid.sh" | bash'

# 二、####### install-squid.sh (remote)##########

# 存放于： http://zhangzhipeng2023.cn/squid/install-squid.sh

# 1.  静默安装squid， -y：默认yes

yum install -y squid

# 2.  下载并替换本地squid配置文件， -O：文件保存路径

wget -O "/etc/squid/squid.conf" "http://zhangzhipeng2023.cn/squid/squid.conf"

# 3.  检查参数

squid -k parse

# 4.  初始化缓存

squid -z

# 5.   htpasswd 生成squid 代理 用户名、密码， -c：创建密码文件，-b 使用参数传递设置密码

htpasswd -c -b /usr/lib/squid/passwd PROXY_USER PROXY_PASSWD

# 6.  启动squid服务

service squid restart

# 7.  开机启动

####---

# 三、####### squid.conf(remote) ##########

#### 存放于： http://zhangzhipeng2023.cn/squid/squid.conf

# 

# Recommended minimum configuration:

#

acl manager proto cache_object

acl localhost src 127.0.0.1/32 ::1

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network

acl localnet src 172.16.0.0/12  # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80          # http

acl Safe_ports port 21          # ftp

acl Safe_ports port 443         # https

acl Safe_ports port 70          # gopher

acl Safe_ports port 210         # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

#

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

# http_access allow all

#  配置：代理账号 密码，授权用户

auth_param basic program /usr/lib/squid/ncsa_auth /usr/lib/squid/passwd

acl auth_user proxy_auth REQUIRED

http_access allow auth_user

# Squid normally listens to port 3128

http_port 3128

# Uncomment and adjust the following to add a disk cache directory.

cache_mem 96 MB

cache_swap_low 90

cache_swap_high 95

cache_dir ufs / tmp/squid 100 16 256

# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

# 配置高匿，不允许设置任何多余头信息，保持原请求header。

request_header_access Via deny all

request_header_access X-Forwarded-For deny all

关键词：ssh shell无密码登录 忽略登录提示 yum静默安装 yum默认允许 yum默认yes