Java学习者论坛

 找回密码
 立即注册

QQ登录

只需一步,快速开始

手机号码,快捷登录

恭喜Java学习者论坛(https://www.javaxxz.com)已经为数万Java学习者服务超过8年了!积累会员资料超过10000G+
成为本站VIP会员,下载本站10000G+会员资源,购买链接:点击进入购买VIP会员
JAVA高级面试进阶视频教程Java架构师系统进阶VIP课程

分布式高可用全栈开发微服务教程

Go语言视频零基础入门到精通

Java架构师3期(课件+源码)

Java开发全终端实战租房项目视频教程

SpringBoot2.X入门到高级使用教程

大数据培训第六期全套视频教程

深度学习(CNN RNN GAN)算法原理

Java亿级流量电商系统视频教程

互联网架构师视频教程

年薪50万Spark2.0从入门到精通

年薪50万!人工智能学习路线教程

年薪50万!大数据从入门到精通学习路线年薪50万!机器学习入门到精通视频教程
仿小米商城类app和小程序视频教程深度学习数据分析基础到实战最新黑马javaEE2.1就业课程从 0到JVM实战高手教程 MySQL入门到精通教程
查看: 398|回复: 0

[默认分类] centos安装squid简单步骤搭建代理服务器

[复制链接]
  • TA的每日心情
    开心
    2021-12-13 21:45
  • 签到天数: 15 天

    [LV.4]偶尔看看III

    发表于 2018-4-19 10:44:48 | 显示全部楼层 |阅读模式
    一、系统环境
    操作系统:CentOS release 6.7 (Final)
    SELINUX=disabled
    HTTP Service: stoped
    二、安装Squid服务
    2.1 检查squid软件是否安装
    ```shell
    rpm -qa|grep squid
    ```
    2.2 如果未安装,则使用yum 方式安装
    ```shell
    yum -y install squid
    ```
    2.3 设置开机自启动
    ```shell
    # chkconfig squid on  //自动运行squid服务
    # squid -z //建立缓存目录
    ```
    2.4 配置squid,修改或增加红色部分
    vi /etc/squid/squid.conf

    ```shell
    #
    # Recommended minimum configuration:
    #
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32 ::1
    acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

    # 使用帐号密码认证方式使用代理  如果是64位操作系统,则需要修改为lib64
    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_user.txt  
    auth_param basic children 5  
    auth_param basic realm Welcome to pycredit"s proxy-only web server

    # 定义授权组
    acl squid_user proxy_auth REQUIRED

    # Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    acl localnet src 10.0.0.0/8        # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12        # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
    acl localnet src fc00::/7       # RFC 4193 local private network range
    acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

    acl SSL_ports port 443
    acl Safe_ports port 80                # http
    acl Safe_ports port 21                # ftp
    acl Safe_ports port 443                # https
    acl Safe_ports port 70                # gopher
    acl Safe_ports port 210                # wais
    acl Safe_ports port 1025-65535        # unregistered ports
    acl Safe_ports port 280                # http-mgmt
    acl Safe_ports port 488                # gss-http
    acl Safe_ports port 591                # filemaker
    acl Safe_ports port 777                # multiling http
    acl CONNECT method CONNECT

    #
    # Recommended minimum Access Permission configuration:
    #
    # Only allow cachemgr access from localhost
    http_access allow manager localhost
    http_access deny manager

    # Deny requests to certain unsafe ports
    http_access deny !Safe_ports

    # Deny CONNECT to other than secure SSL ports
    http_access deny CONNECT !SSL_ports

    # We strongly recommend the following be uncommented to protect innocent
    # web applications running on the proxy server who think the only
    # one who can access services on "localhost" is a local user
    #http_access deny to_localhost

    #
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    #

    # Example rule allowing access from your local networks.
    # Adapt localnet in the ACL section to list your (internal) IP networks
    # from where browsing should be allowed
    http_access allow localnet
    http_access allow localhost

    # 允许授权组
    http_access allow squid_user

    # Squid normally listens to port 3128 发布端口
    http_port 8088

    # Uncomment and adjust the following to add a disk cache directory.
    #cache_dir ufs /var/spool/squid 100 16 256

    # Leave coredumps in the first cache dir
    coredump_dir /var/spool/squid

    # Add any of your own refresh_pattern entries above these.
    refresh_pattern ^ftp:                1440        20%        10080
    refresh_pattern ^gopher:        1440        0%        1440
    refresh_pattern -i (/cgi-bin/|\?) 0        0%        0
    refresh_pattern .                0        20%        4320

    visible_hostname xx.xx.xx.xx
    ```
    设置授权用户:
    做好配置后,我们需要设置授权用户(即上面设置的密码文件):
    htpasswd -c /etc/squid/squid_user.txt username
    此命令使用htpasswd进行密码设置生成用户username,首次生成文件需要使用-c参数,如果无此命令则需使用指令>> yum install httpd,安装httpd。
    重启squid: service squid restart

    三、配置防火墙
    开放8088端口
    ```shell
    # iptables -I INPUT -p tcp --dport 8088 -j ACCEPT

    # service iptables save
    ```
    或编辑 vi /etc/sysconfig/iptables
    ```shell
    # Completed on Thu May 12 13:14:52 2016
    # Generated by iptables-save v1.4.7 on Thu May 12 13:14:52 2016
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [74:9756]
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 8088 -j ACCEPT
    COMMIT
    # Completed on Thu May 12 13:14:52 2016
    ```
    重启 service iptables restart
    回复

    使用道具 举报

    您需要登录后才可以回帖 登录 | 立即注册

    本版积分规则

    QQ|手机版|Java学习者论坛 ( 声明:本站资料整理自互联网,用于Java学习者交流学习使用,对资料版权不负任何法律责任,若有侵权请及时联系客服屏蔽删除 )

    GMT+8, 2024-3-29 20:57 , Processed in 0.366770 second(s), 46 queries .

    Powered by Discuz! X3.4

    © 2001-2017 Comsenz Inc.

    快速回复 返回顶部 返回列表