• Squid Proxy


    前言

    关于squid的这种应用详细原理这里不做赘述,推荐大家看了一下马哥教育对squid服务的详解,我们这里更多的关注的squid的使用

    我们公司内部使用squid做代理服务,在某天突然坏了,我搞了五天,还没有修复,终于在第五天的凌晨才修复,通过这次故障处理,我也成长了很多;从头到尾把这次过程梳理一下。其实这个问题可以更快的解决,我虽然大概知道了问题所在,但是却犹犹豫豫,没有真正仔细的面对自己的判断,没有仔细看日志,白白浪费了好多天的时间。

    拓扑描述:

    服务端两个网卡,可以上网的网卡IP为192.168.0.100,连接内网的网卡的IP是192.168.10.10

    客户端的IP都位于192.168.10.x网段,上网需要通过设置代理的服务端的IP即:192.168.10.10

    服务端

    服务的搭建相当简单,就简单的几条命令就搞定了。

    ## Centos7
    # 创建一个不能登录的用户erbu,密码设置为123456,让客户端使用
    # 有的的时候客户端在使用代理的时候必须指定代理的用户名和密码,但我们又不能给客户端root密码,让用一个普通用户即可。
    
    useradd -s /sbin/nologin erbu && echo 123456 | passwd --stdin erbu
    
    yum -y install squid
    vim /etc/squid/squid.conf
    	acl lanhome1 src 192.168.0.2/32
    	http_access allow lanhmoe1
    systemctl restart squid && ss -tnlp | grep 3128 && systemctl enable squid
    systemctl stop firewalld && systemctl disable firewalld
    

    建议我们在搭建客户端的时候最好使用自己擅长的操作系统,我比较擅长centos,所以就假设我们的服务端是centos,因为ubuntu不太方便,比如ubuntu默认不允许root直接登录,普通用户默认拥有sudo到root的权限,squid默认的配置文件 废话太多,尽管上述几个缺点可以通过修改配置文件改变,但我就是不愿意费这个事,就直接使用centos做为服务端。

    客户端

    服务端的搭建比较简单,因为方法比较固定,但是客户端使用方法有很多。

    windows

    widows只要在设置当中开启代理 ,指定服务端的IP+端口即可,早年间我在某个单位出差的时候发现,他们的很多电脑没有设置网关,却能正常的打开百度搜索,我非常惊讶,后来发现原是设置了代理 。

    centos7

    在centos7当中,我们用代理往往是为了安装软件,比如yum、pip

    -------------------------------------------------------------------------------------
    # wget
    ## 第一种方法,在命令行当中直接指代理的IP和端口,如下所示,经测试成功,值得一提的是我的代理服务端应用是squid,套接字是10.100.0.9+3128,客户端直接指定IP+端口就能使用wget,根本不需要指定用户名和密码,但这种方法只能下载http协议的东西,对https的东西是无法下载的;
    wget http://www.baidu.com -e use_proxy=yes -e http_proxy=192.168.10.10:3128
    
    ## 想要下载https的东西,得这样,如下所示,将http改成https;
    wget --no-check-certificate https://mirrors.aliyun.com/repo/Centos-7.repo -e use_proxy=yes -e https_proxy=192.168.10.10:3128
    
    ## 第二种方法,在wget的配置文件里面写,~/.wgetrc,新测有效;
    http_proxy = http://192.168.10.10:3128
    https_proxy = https://192.168.10.10:3128
    ftp_proxy = http://192.168.10.10:3128
    use_proxy = on
    wait = 15
    -------------------------------------------------------------------------------------
    # yum
    vim /etc/yum.conf
    proxy=http://192.168.10.10:3128
    proxy_username=erbu
    proxy_password=123456
    -------------------------------------------------------------------------------------
    # pip
    cd 
    mkdir .pip
    vim .pip/pip.conf
    	[global]
    	index-url=http://mirrors.aliyun.com/pypi/simple/
    	[install]
    	trusted-host=mirrors.aliyun.com
    
    # 安装测试
    pip install t5 --proxy="http://192.168.10.10:3128"
    ------------------------------------------------------------------------------------
    

    windows可以这样,如下所示:

    ubuntu18+

    ----------------------------------------------------------------------------------------------
    # 加环境变量,放到.bashrc和/etc/profile是一样的效果
    root@client:~# cat .bashrc | tail -4
    export http_proxy='http://192.168.10.10:3128'
    export https_proxy='http://192.168.10.10:3128'
    export ftp_proxy='http://192.168.10.10:3128'
    export no_proxy='localhost,127.0.0.1'
    
    # 重读
    root@client:~# source .bashrc
    
    ## 测试
    apt update && apt install apache2 -y
    ----------------------------------------------------------------------------------------------
    # pip 源设置
    pip config list
    pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
    pip config list
    
    或者
    
    cd 
    mkdir .pip
    vim .pip/pip.conf
    	[global]
    	index-url=http://mirrors.aliyun.com/pypi/simple/
    	[install]
    	trusted-host=mirrors.aliyun.com
    
    # 安装测试
    pip install t5 --proxy="http://192.168.10.10:3128"
    --------------------------------------------------------------------------------------------
    

    故障处理

    • 可以通过看查看3128端口的连接判断客户端是否已经连接到服务端
    # 查看当前有哪些IP正在连接代理
    netstat -n | grep 3128 | awk '{print $5}' | awk -F':' '{print $1}' | sort | uniq
    
    • 当然细致的错误还得是看日志
    ## 排错相关,排错主要看这两个日志
    ls /var/log/squid/
    	access.log  cache.log
    
    • MISS/503
    cat /var/log/squid/access.log
    1467339283.619  60229 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -
    1467339292.627  61011 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -
    1467339292.627  61014 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -
    

    当时出现这个问题,我解决了一个星期,通过对比正常squid服务器的日志发现,日志当中只有IPV6的地址,而正常的服务器解析出来的是IPV4的地址,后来查找了一段时间发现可以通过在配置文件当中的添加:

    dns_v4_first on
    

    然后重启squid服务之后,恢复正常。

    常用源

    ubuntu

    Ubuntu 的软件源配置文件是 /etc/apt/sources.list

    ##################16.04
    deb http://mirrors.aliyun.com/ubuntu/ xenial main
    deb-src http://mirrors.aliyun.com/ubuntu/ xenial main
    
    deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
    deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main
    
    deb http://mirrors.aliyun.com/ubuntu/ xenial universe
    deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
    deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
    deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
    
    deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
    deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
    deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
    deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe
    
    ##################18.04
    deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
    
    deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
    
    deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
    
    deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
    
    deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
    
    #################20.04
    deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
    
    deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
    
    deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
    
    deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
    
    deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
    
    #### 16.04
    # 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted universe multiverse
    
    # 预发布软件源,不建议启用
    # deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse
    
    ########18.4
    # 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
    
    # 预发布软件源,不建议启用
    # deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
    
    #####20.04
    # 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
    
    # 预发布软件源,不建议启用
    # deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
    
    ######21.04
    # 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-updates main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-updates main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-backports main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-backports main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-security main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-security main restricted universe multiverse
    
    # 预发布软件源,不建议启用
    # deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-proposed main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-proposed main restricted universe multiverse
    
    root@client:~# cat /proc/version
    Linux version 5.13.0-19-generic (buildd@lgw01-amd64-013) (gcc (Ubuntu 11.2.0-7ubuntu2) 11.2.0, GNU ld (GNU Binutils for Ubuntu) 2.37) #19-Ubuntu SMP Thu Oct 7 21:58:00 UTC 2021
    root@client:~# uname -a
    Linux client 5.13.0-19-generic #19-Ubuntu SMP Thu Oct 7 21:58:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
    root@client:~# cat /etc/apt/sources.list
    # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
    # newer versions of the distribution.
    deb http://archive.ubuntu.com/ubuntu impish main restricted
    # deb-src http://archive.ubuntu.com/ubuntu impish main restricted
    
    ## Major bug fix updates produced after the final release of the
    ## distribution.
    deb http://archive.ubuntu.com/ubuntu impish-updates main restricted
    # deb-src http://archive.ubuntu.com/ubuntu impish-updates main restricted
    
    ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
    ## team. Also, please note that software in universe WILL NOT receive any
    ## review or updates from the Ubuntu security team.
    deb http://archive.ubuntu.com/ubuntu impish universe
    # deb-src http://archive.ubuntu.com/ubuntu impish universe
    deb http://archive.ubuntu.com/ubuntu impish-updates universe
    # deb-src http://archive.ubuntu.com/ubuntu impish-updates universe
    
    ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
    ## team, and may not be under a free licence. Please satisfy yourself as to
    ## your rights to use the software. Also, please note that software in
    ## multiverse WILL NOT receive any review or updates from the Ubuntu
    ## security team.
    deb http://archive.ubuntu.com/ubuntu impish multiverse
    # deb-src http://archive.ubuntu.com/ubuntu impish multiverse
    deb http://archive.ubuntu.com/ubuntu impish-updates multiverse
    # deb-src http://archive.ubuntu.com/ubuntu impish-updates multiverse
    
    ## N.B. software from this repository may not have been tested as
    ## extensively as that contained in the main release, although it includes
    ## newer versions of some applications which may provide useful features.
    ## Also, please note that software in backports WILL NOT receive any review
    ## or updates from the Ubuntu security team.
    deb http://archive.ubuntu.com/ubuntu impish-backports main restricted universe multiverse
    # deb-src http://archive.ubuntu.com/ubuntu impish-backports main restricted universe multiverse
    
    ## Uncomment the following two lines to add software from Canonical's
    ## 'partner' repository.
    ## This software is not part of Ubuntu, but is offered by Canonical and the
    ## respective vendors as a service to Ubuntu users.
    # deb http://archive.canonical.com/ubuntu impish partner
    # deb-src http://archive.canonical.com/ubuntu impish partner
    
    deb http://archive.ubuntu.com/ubuntu impish-security main restricted
    # deb-src http://archive.ubuntu.com/ubuntu impish-security main restricted
    deb http://archive.ubuntu.com/ubuntu impish-security universe
    # deb-src http://archive.ubuntu.com/ubuntu impish-security universe
    deb http://archive.ubuntu.com/ubuntu impish-security multiverse
    # deb-src http://archive.ubuntu.com/ubuntu impish-security multiverse
    

    centos

    centos官方镜像:https://www.centos.org/centos-linux/ 里面涵盖cnetos7和centos8,注意下载的时候别下载错了,我们通常要下载x86架构的,而不是arm架构的。
    阿里云镜像:https://developer.aliyun.com/mirror/
    清华源:https://mirrors.tuna.tsinghua.edu.cn
    
    # centos7
    wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
    或
    curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
    # epel
    wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
    yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
    --------------------------------------------------------------------------------
    # centos8
    wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
    或
    curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
    
  • 相关阅读:
    CSS3 颜色渐变、阴影、渐变的阴影
    AxureRP分页签 / Tab选项卡切换功能~
    这是我的第一篇博客!
    天池nlp新人赛_task6
    天池nlp新人赛_task5
    天池nlp新人赛_task4
    天池nlp新人赛_task3.对TF-IDF进一步认识
    天池nlp新人赛_task2:数据预处理改进和一些思路
    天池nlp新人赛_task1
    希尔伯特空间
  • 原文地址:https://www.cnblogs.com/yizhangheka/p/15518338.html
Copyright © 2020-2023  润新知