一、正向代理
[[email protected] ~]# yum install -y squid [[email protected] ~]# squid -v //查看squid版本 Squid Cache: Version 3.1.10 [[email protected] ~]# rm -f /etc/squid/squid.conf //不使用默认配置 [[email protected] ~]# vim /etc/squid/squid.conf //加入 http_port 3128 acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 8080 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost http_access allow all cache_dir aufs /data/cache 1024 16 256 cache_mem 128 MB hierarchy_stoplist cgi-bin ? coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern \.(jpg|png|gif|mp3|xml) 1440 50% 2880 ignore-reload refresh_pattern . 0 20% 4320 [[email protected] ~]# squid -kcheck //检测一下是否有语法错误 1.提示信息: squid: ERROR: No running copy --> squid还未启动,没有关系,显示成这样说明配置文件没有问题了。 2. 提示信息: WARNING: Could not determine this machines public hostname. Please configure one or set ‘visible_hostname‘. --> [[email protected] ~]# vim /etc/squid/squid.conf //加入 visible_hostname aminglinux.com #可自定义 [[email protected] ~]# mkdir -p /data/cache //初始化缓存目录 [[email protected] ~]# chown -R squid:squid /data/cache/ [[email protected] ~]# squid -z 2013/06/12 16:25:14| Creating Swap Directories 2013/06/12 16:25:14| /data/cache exists //初始化完成 [[email protected] ~]# /etc/init.d/squid start 正在启动 squid:. [确定]
测试:
1. [[email protected] ~]# curl -xlocalhost:3128 http://www.baidu.com/ //看到了一大串,说明squid正向代理设置ok 2. [[email protected]calhost ~]# curl -xlocalhost:3128 http://www.lishiming.net/static/image/common/logo.png -I HTTP/1.0 200 OK Server: nginx/1.0.0 Date: Sat, 08 Jun 2013 04:30:17 GMT Content-Type: image/png Content-Length: 7785 Last-Modified: Wed, 13 Jan 2010 03:33:47 GMT Accept-Ranges: bytes X-Cache: HIT from dx_cache216.5d6d.com X-Cache: MISS from localhost.localdomain X-Cache-Lookup: MISS from localhost.localdomain:3128 Via: 1.0 dx_cache216.5d6d.com:80 (squid), 1.0 localhost.localdomain (squid/3.1.10) Connection: keep-alive [[email protected] ~]# curl -xlocalhost:3128 http://www.lishiming.net/static/image/common/logo.png -I HTTP/1.0 200 OK Server: nginx/1.0.0 Content-Type: image/png Content-Length: 7785 Last-Modified: Wed, 13 Jan 2010 03:33:47 GMT Accept-Ranges: bytes Date: Sat, 08 Jun 2013 04:30:17 GMT X-Cache: HIT from dx_cache216.5d6d.com Age: 360898 Warning: 113 localhost.localdomain (squid/3.1.10) This cache hit is still fresh and more than 1 day old X-Cache: HIT from localhost.localdomain X-Cache-Lookup: HIT from localhost.localdomain:3128 Via: 1.0 dx_cache216.5d6d.com:80 (squid), 1.0 localhost.localdomain (squid/3.1.10) Connection: keep-alive 3. 配置白名单 ,表示机器只可以访问白名单的网站 [[email protected] ~]# vim /etc/squid/squid.conf ... ... acl CONNECT method CONNECT #在此下面添加 acl http proto HTTP acl good_domain dstdomain .lishiming.net .aminglinux.com http_access allow http good_domain http_access deny http !good_domain [[email protected] ~]# /etc/init.d/squid restart [[email protected] ~]# curl -xlocalhost:3128 http://www.baidu.com/ -I HTTP/1.0 403 Forbidden Server: squid/3.1.23 Mime-Version: 1.0 Date: Fri, 15 Apr 2016 16:32:28 GMT Content-Type: text/html Content-Length: 3274 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from localhost.localdomain X-Cache-Lookup: NONE from localhost.localdomain:3128 Via: 1.0 localhost.localdomain (squid/3.1.23) Connection: keep-alive 4. 配置黑名单,表示机器不可以访问黑名单 acl http proto HTTP acl bad_domain dstdomain .sina.com .souhu.com http_access allow http !bad_domain http_access deny http bad_domain
===============我是分割线。==============================
二、反向代理
[[email protected] ~]# vim /etc/squid/squid.conf http_port 3128 #改为http_port 80 accel vhost vport ... ... #文件最尾增加 cache_peer 123.125.119.147 parent 80 0 originserver name=a cache_peer 61.135.169.125 parent 80 0 originserver name=b cache_peer_domain a www.qq.com cache_peer_domain b www.baidu.com [[email protected] ~]# /etc/init.d/squid restart [[email protected] ~]# curl -xlocalhost:80 http://www.baidu.com/ -I [[email protected] ~]# curl -xlocalhost:80 http://www.qq.com/ -I [[email protected] ~]# curl -xlocalhost:80 http://www.sina.com/ -I #您会发现,baidu.com和qq.com都能正常访问,然而sina.com访问503了
===============我是分割线。==============================
三、squid使用选项
1 。
[[email protected] ~]# squid -h
Usage: squid [-cdhvzCFNRVYX] [-s | -l facility] [-f config-file] [-[au] port] [-k signal]
-a port Specify HTTP port number (default: 3128).
-d level Write debugging to stderr also.
-f file Use given config-file instead of
/etc/squid/squid.conf
-h Print help message.
-k reconfigure|rotate|shutdown|interrupt|kill|debug|check|parse
Parse configuration file, then send signal to
running copy (except -k parse) and exit.
-s | -l facility
Enable logging to syslog.
-u port Specify ICP port number (default: 3130), disable with 0.
-v Print version.
-z Create swap directories
-C Do not catch fatal signals.
-D OBSOLETE. Scheduled for removal.
-F Don‘t serve any requests until store is rebuilt.
-N No daemon mode.
-R Do not set REUSEADDR on port.
-S Double-check swap during rebuild.
-X Force full debugging.
-Y Only return UDP_HIT or UDP_MISS_NOFETCH during fast reload.
2.
[[email protected] ~]# squid -kche //==squid -kcheck
[[email protected] ~]# squid -krec //重加载
时间: 2024-08-27 16:12:30