第二章 squid服务器搭建
2.1 环境介绍
2.1.1 工作站硬件
CPU 海光Hygon Dhyana Eng Sample
硬盘 西部数据 4T
内存 金士顿 2133MT/s * 4
网卡 USB网卡(支持Centos8)
2.1.2 工作站系统
镜像 CentOS-8.5.2111-x86_64-dvd1-Hygon-v8(请不要升级任何模块,海光CPU要搭配海光镜像)
2.2 安装步骤
2.2.1 安装squid与密码工具
yum install squid -y
2.2.2 配置squid
vi /etc/squid/squid.conf
配置文件
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
#auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
#acl auth_user proxy_auth REQUIRED
#http_access allow auth_user
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access allow all
# Squid normally listens to port 3128
http_port 3008
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
修改内容:
我只改了这个呦
# 监听端口号
http_port 3008
# 这样写会同时监听ipv6和ipv4的端口
# http_port 0.0.0.0:3008
# 添加到末尾
# 内存中的缓存大小
cache_mem 128 MB
# 最大缓存文件大小
maximum_object_size 16 MB
# 限定下载文件大小
reply_body_max_size 1024000 allow all
# 缓存文件夹,默认在内存中,指定缓存大小为100M,第一层子目录为16个,第二层为256
cache_dir ufs /var/spool/squid 100 16 256
# 定义访问日志路径
access_log /var/log/squid/access.log
# 定义管理员邮箱
cache_mgr youremail@163.com
2.2.3 内网机器使用代理服务器
执行脚本如果不用source,source /etc/profile运行会失败哟
source shell.sh
shell脚本内容
#!/bin/bash
# 检查是否以 root 用户运行
if [[ $EUID -ne 0 ]]; then
echo "请以 root 用户身份运行此脚本。"
exit 1
fi
# 定义备份文件的扩展名
BACKUP_EXT=".backup"
# 创建备份文件
BACKUP_FILE="/etc/profile$BACKUP_EXT"
cp /etc/profile /tmp/profile$BACKUP_EXT
# 创建临时文件,并在其中添加 http_proxy 和 https_proxy 设置
echo "export http_proxy=http://10.2.80.53:3008" >> /tmp/proxy_settings.txt
echo "export https_proxy=http://10.2.80.53:3008" >> /tmp/proxy_settings.txt
# 检查是否覆盖现有的环境变量
OVERWRITE="yes"
while true; do
read -p "是否覆盖现有的 http_proxy 和 https_proxy 设置? (yes/no)" yn
case $yn in
[Yy]*) OVERWRITE="yes"; break;;
[Nn]*) OVERWRITE="no"; break;;
*) echo "请输入 yes 或 no";;
esac
done
# 根据 OVERWRITE 变量的值,选择性地追加到 /etc/profile 或替换它
if [[ $OVERWRITE == "yes" ]]; then
cat /tmp/proxy_settings.txt >> /etc/profile
else
cat /tmp/proxy_settings.txt > /etc/profile
fi
# 清理临时文件和备份文件
rm /tmp/proxy_settings.txt
rm /tmp/profile$BACKUP_EXT
source /etc/profile
2.2.4 验证
指令
wget baidu.com
结果
Connecting to 10.2.80.53:3008... connected.
Proxy request sent, awaiting response... 200 OK
Length: 81 [text/html]
Saving to: ‘index.html’
100%[========================================================================================================================================================================================================>] 81 --.-K/s in 0s
2024-01-18 11:13:02 (8.31 MB/s) - ‘index.html’ saved [81/81]