openwrt 文件存储服务器,如果在 openwrt 上架设一个缓存服务器

#设置路由 ip 及端口和自签证书位置

http_port 192.168.1.233:3131 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/etc/squid/z.pem capath=/etc/ssl/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/squid/z.dh options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE

http_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/etc/squid/z.pem capath=/etc/ssl/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/squid/z.dh options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE

https_port 127.0.0.1:3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/etc/squid/z.pem capath=/etc/ssl/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/squid/z.dh options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE

icp_port 0

digest_generation off

dns_v4_first on

pid_filename /var/run/squid.pid

#cache_effective_user squid

#cache_effective_group proxy

#error_default_language zh-cn

icon_directory /usr/share/squid/icons

#visible_hostname z_Squid

cache_mgr z@qq.com

logfile_daemon /dev/null

access_log /var/squid/access.log

cache_log /var/squid/cache.log

cache_store_log none

netdb_filename /var/squid/netdb.state

#sslcrtd_program /usr/lib/squid/ssl_crtd -s /mnt/squid/squid_ssldb -M 10MB -b 2048

sslcrtd_children 5

sslproxy_capath /etc/ssl/certs/

sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE

sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

sslproxy_cert_error allow all

sslproxy_flags DONT_VERIFY_PEER

sslproxy_cert_adapt setValidAfter all

sslproxy_cert_adapt setValidBefore all

logfile_rotate 2

debug_options rotate=2

shutdown_lifetime 3 seconds

# Allow local network(s) on interface(s)

#设置连接网段

acl localnet src  192.168.0.0/16

forwarded_for delete

#via off

uri_whitespace strip

#设置 dns 服务器

dns_nameservers 192.168.1.233

#设置内存缓存大小 1G

cache_mem 1024 MB

maximum_object_size_in_memory 4096 KB

#memory_replacement_policy heap GDSF

#cache_replacement_policy heap LFUDA

minimum_object_size 0 KB

maximum_object_size 16 MB

#设置磁盘缓存大小 10G

cache_dir aufs /mnt/squid/cache 10240 16 256

offline_mode off

cache_swap_low 90

cache_swap_high 95

cache allow all

refresh_pattern -i (\.|-)(ico(.*)?|pn[pg]|(g|t)iff?|jpe?g(2|3|4)?|psd|c(d|b)r|cad|bmp|img)(\?.*)?$ 21600 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth

refresh_pattern -i (\.|-)(webm|(x-)?swf|mp(eg)?(3|4)|mpe?g(av)?|(x-)?f(l|4)v|divx?|rmvb?|mov|trp|ts|avi|m38u|wmv|wmp|m4v|mkv|asf|dv|vob|3gp?2?)(\?.*)?$ 21600 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth

refresh_pattern -i (\.|-)(xml|js|jsp|txt|css)(\?.*)?$ 360 40% 1440 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth

refresh_pattern -i .index.(html|htm)$ 0 40% 1440

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp:    1440  20%  10080

refresh_pattern ^gopher:  1440  0%  1440

refresh_pattern -i (/cgi-bin/|\?) 0  0%  0

refresh_pattern .    0  20%  4320

#Remote proxies

# Setup some default acls

# ACLs all, manager, localhost, and to_localhost are predefined.

acl allsrc src all

acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3129 1025-65535

acl sslports port 443 563

acl purge method PURGE

acl connect method CONNECT

# Define protocols used for redirects

acl HTTP proto HTTP

acl HTTPS proto HTTPS

# SslBump Peek and Splice

# http://wiki.squid-cache.org/Features/SslPeekAndSplice

# http://wiki.squid-cache.org/Conf ... ept/SslBumpExplicit

# Match against the current step during ssl_bump evaluation [fast]

# Never matches and should not be used outside the ssl_bump context.

#

# At each SslBump step, Squid evaluates ssl_bump directives to find

# the next bumping action (e.g., peek or splice). Valid SslBump step

# values and the corresponding ssl_bump evaluation moments are:

#   SslBump1: After getting TCP-level and HTTP CONNECT info.

#   SslBump2: After getting TLS Client Hello info.

#   SslBump3: After getting TLS Server Hello info.

# These ACLs exist even when 'SSL/MITM Mode' is set to 'Custom' so that

# they can be used there for custom configuration.

acl step1 at_step SslBump1

acl step2 at_step SslBump2

acl step3 at_step SslBump3

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

http_access deny purge

http_access deny !safeports

http_access deny CONNECT !sslports

# Always allow localhost connections

http_access allow localhost

quick_abort_min -1 KB

quick_abort_max 0 KB

request_body_max_size 0 KB

delay_pools 1

delay_class 1 2

delay_parameters 1 -1/-1 -1/-1

delay_initial_bucket_level 100

delay_access 1 allow allsrc

# Reverse Proxy settings

# Custom options before auth

ssl_bump peek step1

ssl_bump bump all

# Setup allowed ACLs

# Allow local network(s) on interface(s)

http_access allow localnet

# Default block all to be sure

http_access deny allsrc

#上面有中文注释的都要改一下。