首页 > 代码库 > squid

squid

1安装

 http://www.squid-cache.org/Versions/v3/3.0/
 yum  -y install  openssl-devel  openssl
 tar  squid-3.0.STABLE20.tar.gz
 cd  squid-3.0.STABLE20
./configure --prefix=/application/squid3.0 --enable-dlmalloc  --enable-debug-cbdata  --enable-async-io=100  --with-pthreads --enable-storeio="aufs,diskd,ufs" --enable-removal-policies="heap,lru" --enable-icmp --enable-delay-pools --enable-useragent-log --enable-referer-log --disable-wccp --disable-wccpv2 --enable-kill-parent-hack --enable-arp-acl --enable-snmp --enable-default-err-language=Simplify_Chinese --enable-err-languages="Simplify_Chinese English" --disable-poll --enable-epoll --disable-ident-lookups --disable-internal-dns --enable-truncate --enable-underscores --enable-basic-auth-helpers="NCSA" --enable-stacktrace --with-winbind-auth-challenge --enable-large-cache-files --with-large-files --with-maxfd=65535 --enable-ssl --enable-x-accelerator-vary --enable-linux-netfilter --enable-linux-tproxy --with-aio --enable-storeio --with-fileddescriptors=64000
make
make install

2.

ln  -s  /application/squid3.0  /application/squid
egrep  -v "^#|^$"  squid.conf
useradd  squid  -s /sbin/nologin   -M

3vi  /application/squid3.0/etc/squid.conf

cache_effective_user nobody改为 cache_effective_user squid
 cache_effective_group squid  添加上
 打开日志的功能
 access_log /application/squid3.0/var/logs/access.log squid
 cache_store_log /application/squid3.0/var/logs/store.log
 cache_log /application/squid3.0/var/logs/cache.log
 cache_dir ufs /application/squid3.0/var/cache 100 16 256
 http_port 默认3128
 visible_hostname img01.etiantian.org #新加  不配起不来
 cache_mgr w673004708@163.com  #修改 管理员邮箱

4.

 [root@cache01 etc]# /application/squid/sbin/squid  -k parse
2017/08/05 21:35:20| Processing Configuration File: /application/squid3.0/etc/squid.conf (depth 0)
2017/08/05 21:35:20| Initializing https proxy context
WARNING: Cannot write log file: /application/squid3.0/var/logs/cache.log
/application/squid3.0/var/logs/cache.log: Permission denied
         messages will be sent to ‘stderr‘.
[root@cache01 etc]# 


[root@cache01 squid3.0]# chown  -R  squid.squid  /application/squid3.0/var/
[root@cache01 squid3.0]# /application/squid/sbin/squid  -k parse
2017/08/05 21:36:51| Processing Configuration File: /application/squid3.0/etc/squid.conf (depth 0)
2017/08/05 21:36:51| Initializing https proxy context
[root@cache01 squid3.0]# 

vim /etc/profile
export PATH=$PATH:/application/squid/sbin:/application/squid/bin/
source /etc/profile

5.

[root@cache01 squid]# squid  -z   ##初始化磁盘目录
2017/08/05 21:41:58| Creating Swap Directories
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/00
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/01
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/02
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/03
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/04
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/05
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/06
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/07
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/08
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/09
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0A
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0B
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0C
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0D
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0E
2017/08/05 21:41:58| Making directories in /application/squid3.0/var/cache/0F

6.

[root@cache01 squid]# squid  -N -d1  #测试 不要终止

技术分享

[root@cache01 ~]# tail -f   /application/squid/var/logs/access.log 
1501944635.557   3472 192.168.56.1 TCP_MISS/200 365 POST http://client.show.qq.com/cgi-bin/qqshow_user_props_info - DIRECT/163.177.73.109 text/xml
1501944652.606  21121 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.100 -
1501944653.105  21072 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.102 -
1501944653.405  21070 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.101 -
1501944684.853      7 192.168.56.1 TCP_MISS/404 0 CONNECT api.growingio.com:443 - DIRECT/- -
1501944684.853      7 192.168.56.1 TCP_MISS/503 314 HEAD http://tsfrepl/ - DIRECT/tsfrepl text/html
1501944684.853      6 192.168.56.1 TCP_MISS/503 314 HEAD http://tyzkduwwgqgd/ - DIRECT/tyzkduwwgqgd text/html
1501944684.853      6 192.168.56.1 TCP_MISS/404 0 CONNECT z13.cnzz.com:443 - DIRECT/- -
1501944684.853      6 192.168.56.1 TCP_MISS/404 0 CONNECT www.senseyun.com:443 - DIRECT/- -
1501944684.872     25 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.138 -
1501944684.872     25 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.139 -
1501944684.873     26 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/64.233.189.113 -
1501944685.009      0 192.168.56.1 TCP_MISS/404 0 CONNECT www.senseyun.com:443 - DIRECT/- -
1501944688.045      0 192.168.56.1 TCP_MISS/503 2671 POST http://client.show.qq.com/cgi-bin/qqshow_user_props_info - D


7.squid后台启动和日志轮询

[root@cache01 squid]# squid  -D  #放在后台启动

squid  -k rotate  日志轮询
[root@localhost logs]# squid  -k  rotate
[root@localhost logs]# ll
总用量 60

-rw-r----- 1 squid squid     0 8月   6 09:36 access.log
-rw-r----- 1 squid squid 18890 8月   5 23:02 access.log.0
-rw-r----- 1 squid squid   456 8月   6 09:36 cache.log
-rw-r----- 1 squid squid 17277 8月   6 09:36 cache.log.0
-rw-r--r-- 1 root  squid     5 8月   6 09:35 squid.pid
-rw-r----- 1 squid squid     0 8月   6 09:36 store.log
-rw-r----- 1 squid squid  6829 8月   5 23:02 store.log.0

[root@localhost logs]# 
cp squid.conf  squid.conf.putong.01
 egrep  -v "^#|^$"   squid.conf.putong.01 >squid.conf
[root@localhost etc]# squid  -k parse
[root@localhost etc]# squid  -k reconfigure

8 squid设置acl屏蔽

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT
acl sex url_regex -i  ^     #写在此处
http_access deny sex                          #两行


http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs /application/squid3.0/var/cache 100 16 256
access_log /application/squid3.0/var/logs/access.log squid
cache_log /application/squid3.0/var/logs/cache.log
cache_store_log /application/squid3.0/var/logs/store.log
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern (cgi-bin|\?)    0    0%    0
refresh_pattern .        0    20%    4320
cache_mgr w673004708@163.com
cache_effective_user squid
cache_effective_group squid
visible_hostname img01.etiantian.org
icp_port 3130
coredump_dir /application/squid3.0/var/cache


[root@localhost etc]# squid  -k parse
[root@localhost etc]# squid  -k reconfigure

技术分享

9浏览器查看squid信息

yum -y install httpd

vim  /etc/httpd/conf/httpd.conf  添加如下端口我修改了8080

ScriptAlias "/squid"  "/application/squid3.0/libexec/cachemgr.cgi"
<Location "/squid">
    Order deny,allow
        Deny from all
    Allow from all
</location>
/etc/init.d/httpd  restart
浏览器:http://192.168.56.7:8080/squid  默认没有密码

10squid透明代理

技术分享

eth0 外网
eth1 内网


[root@localhost etc]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:26:0d:19 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.7/24 brd 192.168.56.255 scope global eth0
    inet6 fe80::20c:29ff:fe26:d19/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:26:0d:23 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.7/8 brd 10.255.255.255 scope global eth1
    inet6 fe80::20c:29ff:fe26:d23/64 scope link 
       valid_lft forever preferred_lft forever
[root@localhost etc]# 


squid.conf  
http_port 3128  transparent  #端口号后边加上就行

在squid.conf后边加几个参数
cache_mem  90 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 8192 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 4096 KB
memory_replacement_policy lru
emulate_httpd_log on
启动squid

/etc/init.d/iptables stop 
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE

net.ipv4.ip_forward = 1
sysctl  -p

配置另外一台服务器(10.10.10.8)

route  add default gw 10.10.10.7

curl g.cn

在10.10.10.7查看日志

[root@localhost logs]# tail -f access.log
1501990490.416  21071 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.102 -
1501990495.298  21124 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.113 -
1501990504.690  21069 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.101 -
1501990514.471  21070 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.138 -
1501990525.242  21067 192.168.56.1 TCP_MISS/503 0 CONNECT clients1.google.com:443 - DIRECT/74.125.204.139 -
1501990530.513 600100 192.168.56.1 TCP_CLIENT_REFRESH_MISS/204 143 GET http://notify3.note.youdao.com/pushserver3/client? - DIRECT/123.58.182.253 -
1501990543.929 526389 192.168.56.1 TCP_MISS/200 432 CONNECT mtalk.google.com:443 - DIRECT/64.233.188.188 -
1501991898.960    430 10.10.10.8 TCP_MISS/301 573 GET http://www.baidd.com/ - DIRECT/47.88.136.144 text/html
1501991902.684    148 10.10.10.8 TCP_MISS/302 282 GET http://www.baidu.com/ - DIRECT/61.135.169.121 -
1501991909.475    238 10.10.10.8 TCP_MISS/301 655 GET http://g.cn/ - DIRECT/203.208.43.87 text/html

本文出自 “砖家博客” 博客,请务必保留此出处http://wsxxsl.blog.51cto.com/9085838/1953943

squid