• squid 实现 代理

    准备需要两块网卡 两个ip

    192.168.1.142和192.168.142.1

    yum install squid

    *************************************************************************************************

    正向代理实现

    vi /etc/squid/squid.conf

    acl SSL_ports port 443         #acl规则
    acl CONNECT method CONNECT
    acl mynet src 192.168.142.2/32    #acl 测试屏蔽192.168.142.2   名称为mynet  标记
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access deny mynet      #设置屏蔽mynet
    http_access allow localhost manager
    http_access deny manager
    http_access allow localnet
    http_access allow localhost
    http_access allow all     #允许代理
    http_port 3128      #端口
    cache_dir ufs /var/spool/squid 100 16 256      #缓存目录 大小,一级目录100个二级目录16个  
    coredump_dir /var/spool/squid
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|?) 0 0% 0
    refresh_pattern . 0 20% 4320
    cache_mem 99 MB   
    maximum_object_size 20 MB
    maximum_object_size_in_memory 20 MB
    cache_swap_low 90
    cache_swap_high 95

    设置客户端的squid

    **************************************************************************************************************************

    基于用户密码

    vi /etc/squid/squid.conf

    acl SSL_ports port 443
    acl CONNECT method CONNECT
    auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
    auth_param basic children 5
    auth_param basic mima
    auth_param basic credentialsttl 2 hours
    acl lookwest proxy_auth REQUIRED
    http_access allow lookwest
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost manager
    http_access deny manager
    http_access allow localnet
    http_access allow localhost


    http_access deny all
    http_port 3128
    cache_dir ufs /var/spool/squid 100 16 256
    coredump_dir /var/spool/squid


    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|?) 0 0% 0
    refresh_pattern . 0 20% 4320
    cache_mem 99 MB
    maximum_object_size 20 MB
    maximum_object_size_in_memory 20 MB
    cache_swap_low 90
    cache_swap_high 95

    3.  配置用户名 密码

    在装了httpd的bin 目录下面  输入

    ./htpasswd  -c /etc/squid/passwd YOUR_NAME

    会提示你输入密码 ,输入即可
    意思就是在  /etc/squid/passwd中生成登录用户名和密码

    4.  service  squid restart  重启squid

    如果发现问题,到 /var/log/squid 目录下面看日志

    *********************************************************************************************************************************

    透明代理  squid+iptables

    vi /etc/squid/squid.conf

    acl SSL_ports port 443
    acl CONNECT method CONNECT
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost manager
    http_access allow manager
    http_access allow localnet
    http_access allow localhost
    http_access allow all
    http_port 3128 transparent
    dns_nameservers 222.222.202.202
    dns_nameservers 222.222.222.222
    cache_dir ufs /var/spool/squid 100 16 256
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|?) 0 0% 0
    refresh_pattern . 0 20% 4320

     iptables -t nat -I POSTROUTING -s 192.168.142.0/24 -j SNAT --to 192.168.1.142
     iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3128

    vi /etc/sysctl

    net.ipv4.ip_forward=1

    systemctl restart squid

    客户端不用改成局域网lan的代理,加网关

     ***********************************************************************************************************************

    反向代理

    vi /etc/squid/squid.conf

    acl SSL_ports port 443
    acl CONNECT method CONNECT
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost manager
    http_access deny manager
    http_access allow localnet
    http_access allow localhost
    http_access deny all


    http_port 80 vhost vport
    cache_peer 192.168.1.148 parent 80 0 no-query originserver name=aaa
    cache_peer_domain aaa www.aaa.com

    coredump_dir /var/spool/squid
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|?) 0 0% 0
    refresh_pattern . 0 20% 4320

    注意dns解析等问题

    *************************************************************************************************************************

    squid实现加密

    配置文件为

    acl SSL_ports port 443
    acl CONNECT method CONNECT
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost manager
    http_access deny manager
    http_access allow localnet
    http_access allow localhost
    http_access deny all


    http_port 80 vhost vport
    cache_peer 192.168.1.148 parent 80 0 no-query originserver name=aaa
    cache_peer_domain aaa www.aaa.com
    https_port 443 accel cert=/etc/pki/tls/certs/han.pem key=/etc/pki/tls/certs/han.pem vhost
    acl SITE_AAA_SSL myport 443
    cache_peer 192.168.1.148 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER name=ACCEL_AAA_SSL
    cache_peer_access ACCEL_AAA_SSL allow SITE_AAA_SSL
    http_access allow SITE_AAA_SSL


    coredump_dir /var/spool/squid
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|?) 0 0% 0
    refresh_pattern . 0 20% 4320

    注意在web端和squid使用同一密钥。。。开443端口

     
  • 相关阅读:
    找出2n+1个数中不成对的那个(升级版)
    找出2n+1个数中不成对的那个
    随手记,完美的记账软件
    NOD32强制卸载工具使用方法【转】
    中医养生重在养“气”【灵枢针灸-袁医生】
    美国大学对本科生培养的12条标准【转】
    Windows软件使用Q&A集锦【持续更新】
    VLSI和ASIC的区别(转)
    Verilog 模块参数重定义(转)
    FPGA技术的一些基本概念(综合、BlackBox)(转)
  • 原文地址:https://www.cnblogs.com/han1094/p/6478017.html
Copyright © 2020-2023  润新知