• Squid正向代理(编译安装)


    tps://www.aliyun.com/product/cas?source=5176.11533457&userCode=kv73ipbs&type=copy

    https://www.aliyun.com/product/cas?source=5176.11533457&userCode=kv73ipbs&type=copy

    https://www.aliyun.com/product/cas?source=5176.11533457&userCode=kv73ipbs&type=copyhttps://www.aliyun.com/product/cas?source=5176.11533457&userCode=kv73ipbs&type=copy

    编译安装

    版本为squid-3.5.27

    系统为Centos6.5

    依赖环境

    yum install -y perl gcc*autoconf automake make sudo wget libxml2-devel libcap-devel libtool-ltdl-devel

    解压

    [root@uu ~]# mkdir /application
    
    [root@uu ~]# cd /application/
    
    [root@uu application]# rz
    
    [root@uu application]# tar zxvf squid-3.5.27.tar.gz
    View Code

    关于软连接

      编译软件时指定版本号(/appiication/app1.1.1),访问时希望去掉版本号(/application/app,),可以设置软链接到编译的路径。 所有程序都访问软链接文件(/application/app,),当软件升级高版本后,只需删除链接文件重建到高版本路径的软链接接口(/application/app,)。

    做软连接

    [root@uu application]# ln -s squid-3.5.27 squid

    编译

    ./configure --prefix=/application/squid --disable-loadable-modules --enable-gnuregex --enable-icmp --enable-linux-netfilter --enable-err-language="zh-cn" --enable-default-err-language="zh-cn" --enable-kill-parent-hack --enable-cache-digests --enable-dlmalloc--enable-poll --enable-async-io=240 --enable-arp-acl--mandir=/usr/share/man/ --with-large-files --with-fd=20480 --with-large-files --enable-arp-acl
    View Code

    注释

    --enable-arp-acl

    通过IP地址来识别用户很不可靠,比IP地址更好的是网卡的MAC物理地址。要在Squid中使用MAC地址识别,

    配置文件中加入:

    acl advance arp 00:01:02:1f:2c:3e 00:01:02:3c:1a:8b ...

    验证

    echo $?

    PS

    Squid本身会被安装到/application/sbin下
    Squid的cache目录默认为/application/squid/cache
    Squid的log目录默认为/application/squid/logs
    squid的配置文件目录默认为/application/etc/squid

    编译安装的注释

    l  --enable-async-io=80
    
    这个主要是设置async模式来运行squid,我的理解是设置用线程来运行squid,如果服务器配置很不错,有1G以上内存,cpu使用SMP的方式的话可以考虑设成160或者更高。如果服务器比较糟糕就根据实际情况设了。另外此项还另cache文件支持aufs。80这个值是根据160的配置情况自己确定的。
    
    l  --enable-epoll LINUX2.6
    
    内核中提高I/O性能的新方法。
    
    l  --enable-poll
    
    应启用Poll()函数而不是select()函数,通常而言poll(轮询)比 select要好,但configure(脚本程序)已知Poll在某些平台下失效, 若你认为你比configure编译配置脚本程序要聪明的话,可以用这个选项启用Poll。总之就是用这个可以提升性能就是啦。没有看得很明白,但是我自己感觉是不是epoll更先进一点。反正我用epoll取代了poll。
    
    epoll是Linux内核为处理大批量句柄而作了改进的poll,是Linux下多路复用IO接口select/poll的增强版本,它能显著减少程序在大量并发连接中只有少量活跃的情况下的系统CPU利用率。
    
    l  --disable-internal-dns
    
    Squid代理服务器在程序内部实现DNS解析,不会检查/etc/hosts文件,直接根据/etc/resolv.conf中的DNS服务器。我的实践:1、配置参数中dns_children 必须要依赖于disable-internal-dns。2、默认是检查/etc/hosts文件的。默认值是hosts_file /etc/hosts。如果要不检查,必须显示指定hosts_file none。
    
    l  --with_filedescriptors=20480
    
    增加并发是同时打开文件的文件描述符数量,默认是1024,一般不够。会在cache_log中形成WARNING: your cache is running out of the filedescriptors!的警告信息。另外我的实践:必须在配置文件中显示指定max_filedescriptors 20480,前后两个值并不一定要相等,前面是编译时设定的最大值,后面配置文件中的值不大于该值即可。
    
    l  --enable-kill-parent-hack
    
    关掉suqid的时候,要不要连同父进程一起关掉,这个当然要啦。当然要,就要吧。以前发生过关闭SQUID不正常,无法删除pid文件什么的,可能是和这个选项有关。(2.7也支持本选项)
    
    l  --enable-underscore
    
    在3.0里不再需要也不再支持这个安装选项(2.7也不支持了)。在配置文件中有allow_underscore
    
    这个选项。默认是允许域名中支持下划线了。
    
    l  --enable-err-language="zh-cn" --enable-default-err-language="zh-cn"
    
    原来是--enable-err-language="Simplify_Chinese" --enable-default-err-language="Simplify_Chinese"
    View Code

    安装

    注意

    squid 3.1.5以后版本,默认编译时,会出现如下错误,可以禁用eCAP(--disable-loadable-modules)

    >     ../libltdl/libltdl/lt_error.h:35:31: error: libltdl/lt_system.h: No such file or directory
    >     make[3]: *** [LoadableModule.o] Error 1
    >     make[3]: Leaving directory `/application/src/squid/squid-3.1.6/src’
    >     make[2]: *** [all-recursive] Error 1
    >     make[2]: Leaving directory `/application/src/squid/squid-3.1.6/src’
    >     make[1]: *** [all] Error 2
    >     make[1]: Leaving directory `/application/src/squid/squid-3.1.6/src’
    >     make: *** [all-recursive] Error 1
    View Code

    或者:

    In file included from LoadableModule.cc:18:
    
    ../libltdl/ltdl.h:106: 错误:‘LT_DLSYM_CONST’没有命名一个类型
    
    LoadableModule.cc: In constructor ‘LoadableModule::LoadableModule(const String&)’:
    
    LoadableModule.cc:33: 错误:‘lt__PROGRAM__LTX_preloaded_symbols’在此作用域中尚未声明
    
    make[3]: *** [LoadableModule.o] 错误 1
    
    make[3]: Leaving directory `/application/squid-3.5.27/src'
    
    make[2]: *** [all-recursive] 错误 1
    
    make[2]: Leaving directory `/application/squid-3.5.27/src'
    
    make[1]: *** [all] 错误 2
    
    make[1]: Leaving directory `/application/squid-3.5.27/src'
    
    make: *** [all-recursive] 错误 1
    
    如果你用的是centos系统的最小化安装,可能没有安装c语言编译器,需要手动安装,如安装过程中出现以下错误:
    
    -bash: make: command not found
    
    这是因为没有安装编译器,用以下命令安装:yum install gcc* gcc-*。安装后,再次make就可以了
    View Code

    make

    [root@uu squid-3.5.27]##make
    
    sed " s%@DEFAULT_ERROR_DIR@%%g; s%@DEFAULT_MIME_TABLE@%%g; s%@""PACKAGE_STRING""@%Squid Web Proxy 3.5.27%g; s%@SYSCONFDIR@%/application/squid/etc%g; " < ./cachemgr.cgi.8.in > cachemgr.cgi.8
    
    make[2]: Leaving directory `/application/squid-3.5.27/tools'
    
    make[1]: Leaving directory `/application/squid-3.5.27/tools'
    
    Making all in test-suite
    
    make[1]: Entering directory `/application/squid-3.5.27/test-suite'
    
    make[1]: Nothing to be done for `all'.
    
    make[1]: Leaving directory `/application/squid-3.5.27/test-suite'
    
    make[1]: Entering directory `/application/squid-3.5.27'
    
    make[1]: Nothing to be done for `all-am'.
    
    make[1]: Leaving directory `/application/squid-3.5.27'
    
    [root@uu squid-3.5.27]# echo $?
    
    0
    View Code

    make install

    [root@uu squid-3.5.27]# make install
    
    make[3]: Leaving directory `/application/squid-3.5.27/tools'
    
    make[2]: Leaving directory `/application/squid-3.5.27/tools'
    
    make[1]: Leaving directory `/application/squid-3.5.27/tools'
    
    Making install in test-suite
    
    make[1]: Entering directory `/application/squid-3.5.27/test-suite'
    
    make[2]: Entering directory `/application/squid-3.5.27/test-suite'
    
    make[2]: Nothing to be done for `install-exec-am'.
    
    make[2]: Nothing to be done for `install-data-am'.
    
    make[2]: Leaving directory `/application/squid-3.5.27/test-suite'
    
    make[1]: Leaving directory `/application/squid-3.5.27/test-suite'
    
    make[1]: Entering directory `/application/squid-3.5.27'
    
    make[2]: Entering directory `/application/squid-3.5.27'
    
    make[2]: Nothing to be done for `install-exec-am'.
    
    make[2]: Nothing to be done for `install-data-am'.
    
    make[2]: Leaving directory `/application/squid-3.5.27'
    
    make[1]: Leaving directory `/application/squid-3.5.27'
    
    [root@uu squid-3.5.27]# echo $?    
    
    0
    View Code

    到此为止,squid3.5.5已经安装到/application/squid目录下了,运行

    配置文件

    >/application/squid/etc/squid.conf

    vim /application/squid/etc/squid.conf
    
     
    
    [root@uu etc]# cat squid.conf
    
    http_port 3128
    
    cache_mem 64 MB 
    
    maximum_object_size 400 MB   
    
    minimum_object_size 0 KB   
    
    maximum_object_size_in_memory 4096 KB
    
     
    
    cache_dir aufs /application/squid/var/cache/squid 1024 16 256   
    
    cache_mem 128 MB  
    
    cache_log /application/squid/var/logs/cache.log   
    
    #logfile_rotate 60  
    
    #cache_swap_high 95  
    
    #cache_swap_low 90 
    
     
    
    request_entities off
    
    #ident_timeout 10 seconds #设置squid等待用户认证请求的时间。缺省值为10秒。[–enable-ident-lookups]
    
    cache_effective_user nobody
    
    cache_effective_group nobody
    
    httpd_suppress_version_string on
    
     
    
     
    
     
    
    #acl manager proto cache_object
    
    #acl localhost src 127.0.0.1/32 ::1
    
    #acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
    
    acl localnet src 10.0.0.0/8
    
    acl SSL_ports port 443
    
    acl Safe_ports port 80         
    
    acl Safe_ports port 443        
    
    acl CONNECT method CONNECT
    
    acl http proto HTTP
    
    acl good_domain dstdomain yyt.etcsd.com
    
    http_access allow manager localhost
    
    http_access allow http good_domain
    
    http_access deny http !good_domain
    
    http_access deny !Safe_ports
    
    http_access deny CONNECT !SSL_ports
    
    http_access allow all
    
     
    
    coredump_dir /application/squid/var/cache/squid
    
     
    
    refresh_pattern ^ftp:           1440    20%     10080
    
    refresh_pattern ^gopher:        1440    0%      1440
    
    refresh_pattern -i (/cgi-bin/|?) 0     0%      0
    
    refresh_pattern .               0       20%     4320
    
    visible_hostname pstation
    
    cache_mgr 15666661331@163.com
    View Code

    错误提示

    去掉manager和127.0.0.1的行
    
    UPGRADE: ACL 'manager' is now a built-in ACL. Remove it from your config file.
    
    2018/01/19 13:04:31| Processing: acl localhost src 127.0.0.1/32 ::1
    
    2018/01/19 13:04:31| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
    
    2018/01/19 13:04:31| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
    
    2018/01/19 13:04:31| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
    
    2018/01/19 13:04:31| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
    
    2018/01/19 13:04:31| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
    
    2018/01/19 13:04:31| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
    
    2018/01/19 13:04:31| WARNING: (B) '::1' is a subnetwork of (A) '::1'
    
    2018/01/19 13:04:31| WARNING: because of this '::1' is ignored to keep splay tree searching predictable
    
    2018/01/19 13:04:31| WARNING: You should probably remove '::1' from the ACL named 'localhost'
    
    2018/01/19 13:04:31| WARNING: (B) '::1' is a subnetwork of (A) '::1'
    
    2018/01/19 13:04:31| WARNING: because of this '::1' is ignored to keep splay tree searching predictable
    
    2018/01/19 13:04:31| WARNING: You should probably remove '::1' from the ACL named 'localhost'
    
    2018/01/19 13:04:31| Processing: acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
    
    2018/01/19 13:04:31| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) '127.0.0.0/8'
    
    2018/01/19 13:04:31| WARNING: because of this '127.0.0.0/8' is ignored to keep splay tree searching predictable
    
    2018/01/19 13:04:31| WARNING: You should probably remove '127.0.0.0/8' from the ACL named 'to_localhost'
    
    2018/01/19 13:04:31| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
    
    2018/01/19 13:04:31| WARNING: because of this '0.0.0.0' is ignored to keep splay tree searching predictable
    
    2018/01/19 13:04:31| WARNING: You should probably remove '0.0.0.0' from the ACL named 'to_localhost'
    
    2018/01/19 13:04:31| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
    
    2018/01/19 13:04:31| WARNING: because of this '0.0.0.0' is ignored to keep splay tree searching predictable
    
    2018/01/19 13:04:31| WARNING: You should probably remove '0.0.0.0' from the ACL named 'to_localhost'
    
    2018/01/19 13:04:31| WARNING: (B) '::1' is a subnetwork of (A) '::1'
    
    2018/01/19 13:04:31| WARNING: because of this '::1' is ignored to keep splay tree searching predictable
    
    2018/01/19 13:04:31| WARNING: You should probably remove '::1' from the ACL named 'to_localhost'
    
    2018/01/19 13:04:31| WARNING: (B) '::1' is a subnetwork of (A) '::1'
    
    2018/01/19 13:04:31| WARNING: because of this '::1' is ignored to keep splay tree searching predictable
    
    2018/01/19 13:04:31| WARNING: You should probably remove '::1' from the ACL named 'to_localhost'
    View Code

    启动

    /application/squid/sbin/squid -z
    
    /application/squid/sbin/squid -k parse  测试配置文件
    
    /application/squid/sbin/squid -k reconfigure  重新配置文件
    
    /application/squid/sbin/squid -k shutdown  关闭squid
    
    /application/squid/sbin/squid -s 开启squid 后台
    
    /application/squid/sbin/squid -N -d1 前台开启squid
    
    /application/squid/sbin/squid -k interrupt  关闭squid(更高crr优先级,直接关闭squid)
    
    /application/squid/sbin/squid -k kill  关闭squid(最高优先级,直接杀死squid进程)
    
    netstat -ntpl
    
    检测squid端口是否已经启动:
    [root@uu ~]# netstat -tunpl | grep :3128
    
    不重起,只装入新的配置文件:
    [root@rh73 ~]# /etc/rc.d/init.d/squid reload
    View Code

    问题处理

    安装好了以后,系统中新建了一个用户squid

    cat /etc/passwd|grep squid
    cat /etc/group|grep 65534

    如果没有的话,手动添加

    添加用户

    [root@uu application]# useradd squid -s /sbin/nologin -M

    问题处理

    1、root@uu etc]# /application/squid/sbin/squid -k parse
    
    报错的话:
    
    WARNING: Cannot write log file: /application/squid/var/logs/cache.log
    
    /application/squid/var/logs/cache.log: Permission denied
    
             messages will be sent to 'stderr'
    
     
    
    2、[root@uu etc]# /application/squid/sbin/squid -z 初始化配置
    
    2018/01/19 14:11:45 kid1| Current Directory is /application/squid/etc
    
    2018/01/19 14:11:45 kid1| Creating missing swap directories
    
    FATAL: Failed to make swap directory /var/spool/squid: (13) Permission denied
    
    解决:
    
    chown -R nobody /application/squid/var/cache/
    chown -R nobody /application/squid/var/logs/
    
    一般出现的问题是squid对安装缓存的目录权限不够则开启适当的权限即可,
    
    然后查看是否可以启动,最后停留在一行不动 则表示启动成功用Ctrl+c终止 如果显示正常启动的正确信息 则现在可以启动Squid了
    
    ###下面这条是目录搞错了,配置文件参数应当是:coredump_dir /application/squid/var/cache/squid
    
    2018/01/19 14:11:48 kid1| cannot change current directory to /var/spool/squid: (2) No such file or directory
    View Code

    优化-----标记符

    [root@uu etc]# pwd
    
    /application/squid/etc
    
    加入开机启动
    
    [root@uu etc]# echo "/application/squid/sbin/squid start " >>/etc/rc.local
    View Code

    定期清理swap.state内无效数据

    squid -k rotate -f /path/to/squid/conf_file
    
    vi /etc/crontab
    
    0  0   *  *   *       root    squid -k rotate -f /application/squid/etc/squid.conf
    
    当squid应用运行了一段时间之后,cache_dir对应的swap.state文件就会变得越来越大,里面的无效接口数据越来越多,这可能影响squid的响应时间,因此需要使用squid清理swap.state里面的无效数据,减少swap.state的大小。
    View Code

    环境变量

    添加PATH环境变量(临时),可用:

    [root@uu]#

    export PATH="/application/squid/sbin:$PATH"

    export PATH="/application/squid/bin:$PATH"

    永久添加环境变量(影响所有用户)

    在文档最后,添加(两种方法)

    1、# vim /etc/profile
    
    export PATH="/application/squid/sbin:$PATH"
    
    保存,退出,
    
    2、echo export PATH="/application/squid/sbin:$PATH" >> /etc/profile
    
    echo export PATH="/application/squid/bin:$PATH" >> /etc/profile
    
    然后运行:
    
    #source /etc/profile
    
    不报错则成功。                                                                                        
    
    [root@uu etc]# source /etc/profile
    
    [root@uu etc]# echo $PATH        
    
    /application/squid/sbin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
    View Code

    试试吧

    killall squid

    squid -k parse

    squid -z

    squid start

    netstat -tunpl | grep :3128

    配置认证

      默认时,Squid本身不带任何认证程序,但是可以通过外部认证程序来实现用户认证。一般有以下的认证程序:LDAP认证、SMB认证、基于mysql的认证、基于sock5的密码认证和基于Radius的认证。下面介绍常用的ncsa实现的认证,ncsa是Squid源代码包自带的认证程序,但是需要使用到apache的htpasswd来生成密码文件。或者使用 apt-get/yum install http-tools的方式安装此工具

    NCSA方式。

    加入认证配置

    auth_param basic program /application/squid/helpers/basic_auth/NCSA/basic_ncsa_auth /opt/squid/etc/passwd
    
    auth_param basic realm hello
    
    auth_param basic credentialsttl 2 hours
    
    auth_param basic casesensitive on
    
    auth_param basic children 5
    
    acl alloweduser proxy_auth REQUIRE
    
    http_access allow alloweduser              #一定要放在所有http_access前面,否则不生效
    View Code

    完整版配置(注意顺序)

    [root@uu etc]# cat squid.conf
    
    http_port 3128
    
    cache_mem 64 MB 
    
    maximum_object_size 400 MB   
    
    minimum_object_size 0 KB   
    
    maximum_object_size_in_memory 4096 KB
    
     
    
    cache_dir aufs /application/squid/var/cache/squid 1024 16 256   
    
    cache_mem 128 MB  
    
    cache_log /application/squid/var/logs/cache.log   
    
    #logfile_rotate 60  
    
    #cache_swap_high 95  
    
    #cache_swap_low 90 
    
    vary_ignore_expire on
    
    collapsed_forwarding on
    
     
    
    request_entities off
    
    ident_timeout 10 seconds #设置squid等待用户认证请求的时间。缺省值为10秒。[–enable-ident-lookups]
    
    cache_effective_user nobody
    
    cache_effective_group nobody
    
    httpd_suppress_version_string on
    
     
    
     
    
     
    
    #acl manager proto cache_object
    
    #acl localhost src 127.0.0.1/32 ::1
    
    #acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
    
    #acl localnet src 10.0.0.0/8
    
    acl SSL_ports port 443
    
    acl Safe_ports port 80         
    
    acl Safe_ports port 443        
    
    acl CONNECT method CONNECT
    
    acl http proto HTTP
    
    acl good_domain dstdomain yyt.etcsd.com
    
    auth_param basic program /application/squid/helpers/basic_auth/NCSA/basic_ncsa_auth /opt/squid/etc/passwd
    
    auth_param basic realm hello
    
    auth_param basic credentialsttl 2 hours
    
    auth_param basic casesensitive on
    
    auth_param basic children 5
    
    acl alloweduser proxy_auth REQUIRE
    
    acl authorizedip src "/application/squid/authorizedip.txt"
    
    #http_access allow manager localhost
    
    http_access allow http good_domain
    
    http_access deny http !good_domain
    
    http_access allow alloweduser
    
    http_access allow authorizedip
    
    http_access deny !Safe_ports
    
     
    
    http_access deny CONNECT !SSL_ports
    
    #http_access allow all
    
     
    
    http_access deny all
    
    coredump_dir /application/squid/var/cache/squid
    
     
    
    refresh_pattern ^ftp:           1440    20%     10080
    
    refresh_pattern ^gopher:        1440    0%      1440
    
    refresh_pattern -i (/cgi-bin/|?) 0     0%      0
    
    refresh_pattern .               0       20%     4320
    
    visible_hostname pstation
    
    cache_mgr 15666661331@163.com
    
     
    
    ########################################################
    View Code

    注释

    auth_param basic program /usr/lib/squid/ncsa_auth /opt/squid/etc/passwd
    
    #定义了认证方式为basic,认证程序的路径和认证程度需要读取的帐户文件
    
    auth_param basic children 5
    
    #此选项定义了认证程序的进程为5个
    
     
    
    auth_param basic credentialsttl 2 hours
    
    #定义了认证程序的时间为2小时,如果2小时过后用户还需要使用squid,则必须重新输入帐户和密码
    
    auth_param basic realm Please input account
    
    #定义了用户的登录时显示的领域内容,类似于Apache的用户认证
    
    auth_param basic casesensitive off
    
    #指定是否区分用户名大小写,on为区分,off为不区分。
    
    acl auth_user proxy_auth REQUIRED
    
    # 强制要求用户验证
    
    http_access allow auth_user
    
    #普通用户需要认证才能访问internet,允许经过认证的用户访问。
    
    #名称和相对位置不对会报错
    
    #2018/01/20 22:24:01| /application/squid/etc/squid.conf:34 unrecognized: 'authenticate_program'
    
    #2018/01/20 22:24:01| Processing: authenticate_program realm hello
    
    #2018/01/20 22:24:01| /application/squid/etc/squid.conf:35 unrecognized: 'authenticate_program'
    
    #2018/01/20 22:24:01| Processing: acl alloweduser proxy_auth REQUIRED
    
    #2018/01/20 22:24:01| Can't use proxy auth because no authentication schemes are fully configured.
    
    #FATAL: ERROR: Invalid ACL: acl alloweduser proxy_auth REQUIRED
    View Code

    创建密码文件

    htpasswd是Apache的密码生成器,没有 Apache的话需要先安装,yum install httpd -y即可。
    
    [root@uu opt]# mkdir /opt/squid/etc -p
    
    [root@uu opt]# cd /opt/squid/etc
    
    [root@uu etc]# touch passwd
    
    [root@uu etc]# htpasswd -bc /opt/squid/etc/passwd test test
    
    Adding password for user test
    View Code
    生活的一大乐趣就是 完成别人认为你不能做到的事情
  • 相关阅读:
    Web 安全 —— XSS攻击的原理
    HTTP缓存
    JavaScript 事件循环机制(Event Loop)
    搭建前端监控系统
    电脑 直接下载cyida deb
    基于样例的传统图像修补算法实现
    Android WorkManager 定时任务
    Android WorkManager工作约束,延迟与查询工作
    微信小程序地图如何显示附近厕所WC步行路线
    物流解决方案再添利器 腾讯位置服务推出货运“三件套”
  • 原文地址:https://www.cnblogs.com/daynote/p/8336220.html
Copyright © 2020-2023  润新知