首页 > 代码库 > squid
squid
1安装
http://www.squid-cache.org/Versions/v3/3.0/ yum -y install openssl-devel openssl tar squid-3.0.STABLE20.tar.gz cd squid-3.0.STABLE20 ./configure --prefix=/application/squid3.0 --enable-dlmalloc --enable-debug-cbdata --enable-async-io=100 --with-pthreads --enable-storeio="aufs,diskd,ufs" --enable-removal-policies="heap,lru" --enable-icmp --enable-delay-pools --enable-useragent-log --enable-referer-log --disable-wccp --disable-wccpv2 --enable-kill-parent-hack --enable-arp-acl --enable-snmp --enable-default-err-language=Simplify_Chinese --enable-err-languages="Simplify_Chinese English" --disable-poll --enable-epoll --disable-ident-lookups --disable-internal-dns --enable-truncate --enable-underscores --enable-basic-auth-helpers="NCSA" --enable-stacktrace --with-winbind-auth-challenge --enable-large-cache-files --with-large-files --with-maxfd=65535 --enable-ssl --enable-x-accelerator-vary --enable-linux-netfilter --enable-linux-tproxy --with-aio --enable-storeio --with-fileddescriptors=64000 make make install
2.
ln -s /application/squid3.0 /application/squid egrep -v "^#|^$" squid.conf useradd squid -s /sbin/nologin -M
3vi /application/squid3.0/etc/squid.conf
cache_effective_user nobody改为 cache_effective_user squid cache_effective_group squid 添加上 打开日志的功能 access_log /application/squid3.0/var/logs/access.log squid cache_store_log /application/squid3.0/var/logs/store.log cache_log /application/squid3.0/var/logs/cache.log cache_dir ufs /application/squid3.0/var/cache 100 16 256 http_port 默认3128 visible_hostname img01.etiantian.org #新加 不配起不来 cache_mgr w673004708@163.com #修改 管理员邮箱
4.
[root@cache01 etc]# /application/squid/sbin/squid -k parse 2017/08/05 21:35:20| Processing Configuration File: /application/squid3.0/etc/squid.conf (depth 0) 2017/08/05 21:35:20| Initializing https proxy context WARNING: Cannot write log file: /application/squid3.0/var/logs/cache.log /application/squid3.0/var/logs/cache.log: Permission denied messages will be sent to ‘stderr‘. [root@cache01 etc]# [root@cache01 squid3.0]# chown -R squid.squid /application/squid3.0/var/ [root@cache01 squid3.0]# /application/squid/sbin/squid -k parse 2017/08/05 21:36:51| Processing Configuration File: /application/squid3.0/etc/squid.conf (depth 0) 2017/08/05 21:36:51| Initializing https proxy context [root@cache01 squid3.0]# vim /etc/profile export PATH=$PATH:/application/squid/sbin:/application/squid/bin/ source /etc/profile
5.
[root@cache01 squid]# squid -z ##初始化磁盘目录 2017/08/05 21:41:58| Creating Swap Directories 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/00 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/01 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/02 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/03 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/04 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/05 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/06 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/07 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/08 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/09 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0A 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0B 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0C 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0D 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0E 2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0F
6.
[root@cache01 squid]# squid -N -d1 #测试 不要终止
[root@cache01 ~]# tail -f /application/squid/var/logs/access.log 1501944635.557 3472 192.168.56.1 TCP_MISS/200 365 POST http://client.show.qq.com/cgi-bin/qqshow_user_props_info - DIRECT/163.177.73.109 text/xml 1501944652.606 21121 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.100 - 1501944653.105 21072 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.102 - 1501944653.405 21070 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.101 - 1501944684.853 7 192.168.56.1 TCP_MISS/404 0 CONNECT api.growingio.com:443 - DIRECT/- - 1501944684.853 7 192.168.56.1 TCP_MISS/503 314 HEAD http://tsfrepl/ - DIRECT/tsfrepl text/html 1501944684.853 6 192.168.56.1 TCP_MISS/503 314 HEAD http://tyzkduwwgqgd/ - DIRECT/tyzkduwwgqgd text/html 1501944684.853 6 192.168.56.1 TCP_MISS/404 0 CONNECT z13.cnzz.com:443 - DIRECT/- - 1501944684.853 6 192.168.56.1 TCP_MISS/404 0 CONNECT www.senseyun.com:443 - DIRECT/- - 1501944684.872 25 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.138 - 1501944684.872 25 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.139 - 1501944684.873 26 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.113 - 1501944685.009 0 192.168.56.1 TCP_MISS/404 0 CONNECT www.senseyun.com:443 - DIRECT/- - 1501944688.045 0 192.168.56.1 TCP_MISS/503 2671 POST http://client.show.qq.com/cgi-bin/qqshow_user_props_info - D
7.squid后台启动和日志轮询
[root@cache01 squid]# squid -D #放在后台启动
squid -k rotate 日志轮询 [root@localhost logs]# squid -k rotate [root@localhost logs]# ll 总用量 60
-rw-r----- 1 squid squid 0 8月 6 09:36 access.log
-rw-r----- 1 squid squid 18890 8月 5 23:02 access.log.0
-rw-r----- 1 squid squid 456 8月 6 09:36 cache.log
-rw-r----- 1 squid squid 17277 8月 6 09:36 cache.log.0
-rw-r--r-- 1 root squid 5 8月 6 09:35 squid.pid
-rw-r----- 1 squid squid 0 8月 6 09:36 store.log
-rw-r----- 1 squid squid 6829 8月 5 23:02 store.log.0
[root@localhost logs]# cp squid.conf squid.conf.putong.01 egrep -v "^#|^$" squid.conf.putong.01 >squid.conf [root@localhost etc]# squid -k parse [root@localhost etc]# squid -k reconfigure
8 squid设置acl屏蔽
acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl sex url_regex -i ^ #写在此处 http_access deny sex #两行 http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access deny all icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? cache_dir ufs /application/squid3.0/var/cache 100 16 256 access_log /application/squid3.0/var/logs/access.log squid cache_log /application/squid3.0/var/logs/cache.log cache_store_log /application/squid3.0/var/logs/store.log refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_mgr w673004708@163.com cache_effective_user squid cache_effective_group squid visible_hostname img01.etiantian.org icp_port 3130 coredump_dir /application/squid3.0/var/cache [root@localhost etc]# squid -k parse [root@localhost etc]# squid -k reconfigure
9浏览器查看squid信息
yum -y install httpd
vim /etc/httpd/conf/httpd.conf 添加如下端口我修改了8080
ScriptAlias "/squid" "/application/squid3.0/libexec/cachemgr.cgi"
<Location "/squid">
Order deny,allow
Deny from all
Allow from all
</location>
/etc/init.d/httpd restart
浏览器:http://192.168.56.7:8080/squid 默认没有密码
10squid透明代理
eth0 外网 eth1 内网 [root@localhost etc]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:26:0d:19 brd ff:ff:ff:ff:ff:ff inet 192.168.56.7/24 brd 192.168.56.255 scope global eth0 inet6 fe80::20c:29ff:fe26:d19/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:26:0d:23 brd ff:ff:ff:ff:ff:ff inet 10.10.10.7/8 brd 10.255.255.255 scope global eth1 inet6 fe80::20c:29ff:fe26:d23/64 scope link valid_lft forever preferred_lft forever [root@localhost etc]# squid.conf http_port 3128 transparent #端口号后边加上就行 在squid.conf后边加几个参数 cache_mem 90 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 8192 KB minimum_object_size 0 KB maximum_object_size_in_memory 4096 KB memory_replacement_policy lru emulate_httpd_log on 启动squid /etc/init.d/iptables stop iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3128 iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE net.ipv4.ip_forward = 1 sysctl -p
配置另外一台服务器(10.10.10.8)
route add default gw 10.10.10.7
curl g.cn
在10.10.10.7查看日志
[root@localhost logs]# tail -f access.log
1501990490.416 21071 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.102 -
1501990495.298 21124 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.113 -
1501990504.690 21069 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.101 -
1501990514.471 21070 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.138 -
1501990525.242 21067 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.139 -
1501990530.513 600100 192.168.56.1 TCP_CLIENT_REFRESH_MISS/204 143 GET http://notify3.note.youdao.com/pushserver3/client? - DIRECT/123.58.182.253 -
1501990543.929 526389 192.168.56.1 TCP_MISS/200 432 CONNECT mtalk.google.com:443 - DIRECT/64.233.188.188 -
1501991898.960 430 10.10.10.8 TCP_MISS/301 573 GET http://www.baidd.com/ - DIRECT/47.88.136.144 text/html
1501991902.684 148 10.10.10.8 TCP_MISS/302 282 GET http://www.baidu.com/ - DIRECT/61.135.169.121 -
1501991909.475 238 10.10.10.8 TCP_MISS/301 655 GET http://g.cn/ - DIRECT/203.208.43.87 text/html
本文出自 “砖家博客” 博客,请务必保留此出处http://wsxxsl.blog.51cto.com/9085838/1953943
squid