第二章 squid服务器搭建

最新推荐文章于 2024-04-16 19:11:44 发布

爱吃晶酱肉丝

最新推荐文章于 2024-04-16 19:11:44 发布

阅读量364

点赞数 8

分类专栏：工作站文章标签：服务器

本文链接：https://blog.csdn.net/weixin_42235842/article/details/135694570

版权

工作站专栏收录该内容

3 篇文章 0 订阅

订阅专栏

第二章 squid服务器搭建

2.1 环境介绍

2.1.1 工作站硬件

CPU 海光Hygon Dhyana Eng Sample
硬盘西部数据 4T
内存金士顿 2133MT/s * 4
网卡 USB网卡（支持Centos8）

2.1.2 工作站系统

镜像 CentOS-8.5.2111-x86_64-dvd1-Hygon-v8（请不要升级任何模块，海光CPU要搭配海光镜像）

2.2 安装步骤

2.2.1 安装squid与密码工具

yum install squid -y

2.2.2 配置squid

vi /etc/squid/squid.conf

配置文件

#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16         # RFC 1918 local private network (LAN)
acl localnet src fc00::/7               # RFC 4193 local private network range
acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

#auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
#acl auth_user proxy_auth REQUIRED
#http_access allow auth_user

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access allow all

# Squid normally listens to port 3128
http_port 3008

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

修改内容：

我只改了这个呦
# 监听端口号
http_port 3008

# 这样写会同时监听ipv6和ipv4的端口
#  http_port 0.0.0.0:3008

# 添加到末尾
# 内存中的缓存大小
cache_mem 128 MB

# 最大缓存文件大小
maximum_object_size 16 MB

# 限定下载文件大小
reply_body_max_size  1024000 allow all

# 缓存文件夹，默认在内存中，指定缓存大小为100M，第一层子目录为16个，第二层为256
cache_dir ufs /var/spool/squid 100 16 256

# 定义访问日志路径
access_log /var/log/squid/access.log

# 定义管理员邮箱
cache_mgr youremail@163.com

2.2.3 内网机器使用代理服务器

执行脚本如果不用source，source /etc/profile运行会失败哟

source shell.sh

shell脚本内容

#!/bin/bash  
  
# 检查是否以 root 用户运行  
if [[ $EUID -ne 0 ]]; then  
   echo "请以 root 用户身份运行此脚本。"  
   exit 1  
fi  
  
# 定义备份文件的扩展名  
BACKUP_EXT=".backup"  
  
# 创建备份文件  
BACKUP_FILE="/etc/profile$BACKUP_EXT"  
cp /etc/profile /tmp/profile$BACKUP_EXT  
  
# 创建临时文件，并在其中添加 http_proxy 和 https_proxy 设置  
echo "export http_proxy=http://10.2.80.53:3008" >> /tmp/proxy_settings.txt  
echo "export https_proxy=http://10.2.80.53:3008" >> /tmp/proxy_settings.txt  
  
# 检查是否覆盖现有的环境变量  
OVERWRITE="yes"  
while true; do  
    read -p "是否覆盖现有的 http_proxy 和 https_proxy 设置? (yes/no)" yn  
    case $yn in  
        [Yy]*) OVERWRITE="yes"; break;;  
        [Nn]*) OVERWRITE="no"; break;;  
        *) echo "请输入 yes 或 no";;  
    esac  
done  
  
# 根据 OVERWRITE 变量的值，选择性地追加到 /etc/profile 或替换它  
if [[ $OVERWRITE == "yes" ]]; then  
    cat /tmp/proxy_settings.txt >> /etc/profile  
else  
    cat /tmp/proxy_settings.txt > /etc/profile  
fi  
  
# 清理临时文件和备份文件  
rm /tmp/proxy_settings.txt  
rm /tmp/profile$BACKUP_EXT
source /etc/profile

2.2.4 验证

指令

wget baidu.com

结果

Connecting to 10.2.80.53:3008... connected.
Proxy request sent, awaiting response... 200 OK
Length: 81 [text/html]
Saving to: ‘index.html’

100%[========================================================================================================================================================================================================>] 81          --.-K/s   in 0s

2024-01-18 11:13:02 (8.31 MB/s) - ‘index.html’ saved [81/81]