squid安装配置
首先安装squid
yum install squid
安装完成,接下来就是修改配置文件以符合我们的要求:
vim /etc/squid/squid.conf
将http_access deny all
改为http_access allow all
-
http_access allow localnet
-
http_access allow localhost
修改默认的监听端口:
因为我要访问google,facebook等网站,主要作用是访问web页面,所以我要将监听端口设为80以起到代理缓存加速功能:
http_port 80
在squid.conf 添加主机地址:
-
acl manager proto cache_object
-
acl localhost src 127.0.0.1/32 ::1
-
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
添加代理端口:
-
acl SSL_ports port 995
-
acl SSL_ports port 993
-
acl SSL_ports port 465
-
acl SSL_ports port 443
如果想要代理所有端口的话可以添加
acl SSL_ports port 1-65535
全部代理
这是测试的配置文件:
-
#
-
# Recommended minimum configuration:
-
#
-
acl manager proto cache_object
-
acl localhost src 127.0.0.1/32 ::1
-
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
-
-
# Example rule allowing access from your local networks.
-
# Adapt to list your (internal) IP networks from where browsing
-
# should be allowed
-
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
-
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
-
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
-
acl localnet src fc00::/7 # RFC 4193 local private network range
-
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
-
-
acl SSL_ports port 995
-
acl SSL_ports port 993
-
acl SSL_ports port 465
-
acl SSL_ports port 443
-
acl Safe_ports port 80 # http
-
acl Safe_ports port 21 # ftp
-
acl Safe_ports port 443 # https
-
acl Safe_ports port 70 # gopher
-
acl Safe_ports port 210 # wais
-
acl Safe_ports port 1025-65535 # unregistered ports
-
acl Safe_ports port 280 # http-mgmt
-
acl Safe_ports port 488 # gss-http
-
acl Safe_ports port 591 # filemaker
-
acl Safe_ports port 777 # multiling http
-
acl CONNECT method CONNECT
-
-
#
-
# Recommended minimum Access Permission configuration:
-
#
-
# Only allow cachemgr access from localhost
-
http_access allow manager localhost
-
http_access deny manager
-
-
# Deny requests to certain unsafe ports
-
http_access deny !Safe_ports
-
-
# Deny CONNECT to other than secure SSL ports
-
http_access deny CONNECT !SSL_ports
-
-
# We strongly recommend the following be uncommented to protect innocent
-
# web applications running on the proxy server who think the only
-
# one who can access services on "localhost" is a local user
-
#http_access deny to_localhost
-
#
-
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
-
#
-
-
# Example rule allowing access from your local networks.
-
# Adapt localnet in the ACL section to list your (internal) IP networks
-
# from where browsing should be allowed
-
http_access allow localnet
-
http_access allow localhost
-
-
# And finally deny all other access to this proxy
-
http_access allow all
-
-
# Squid normally listens to port 3128
-
#http_port 3128
-
http_port 80
-
# We recommend you to use at least the following line.
-
hierarchy_stoplist cgi-bin ?
-
-
# Uncomment and adjust the following to add a disk cache directory.
-
#cache_dir ufs /var/spool/squid 100 16 256
-
-
# Leave coredumps in the first cache dir
-
coredump_dir /var/spool/squid
-
-
# Add any of your own refresh_pattern entries above these.
-
refresh_pattern ^ftp: 1440 20% 10080
-
refresh_pattern ^gopher: 1440 0% 1440
-
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
-
refresh_pattern . 0 20% 4320
下面是squid常用命令作用:
使用squid命令启动
squid -s后台启动
squid -z初始化
squid -k reconfigure 重新加载配置文件
squid -k shutdown 停止squid
然后netstat -anp看一下端口
tcp 0 0 :::80 :::* LISTEN 3625/(squid)
squid安装配置完毕。
安装stunnel server 为了方便直接用yum 安装,当然也可以使用源代码安装,具体安装就不多说了
yum install stunnel
yum install stunnel
安装完成后生成一个证书,要填一下,就是城市,公司等等,可以随便填需要openssl提前请安装好
修改配置文档:
/usr/share/doc/stunnel-4.29/stunnel.conf
这是测试的stunnel.conf 文件,可以直接复制
-
#sion=zlib
-
fips=no
-
syslog=yes
-
debug=7
-
output=/var/log/stunnel.log
-
setuid=root
-
setgid=root
-
pid=/var/run/stunnel.pid
-
cert=/opt/stunnel/stunnel.pem
-
key=/opt/stunnel/stunnel.pem
-
client=no
-
[squid]
-
accept=443
-
connect=127.0.0.1:80
accept是stunnel的监听端口
connect是我转发的端口,也就是squid的端口
我将证书放在了/opt/stunnel下面了,pid 和cert指向证书
保存,退出
启动stunnel
/usr/bin/stunnel /usr/share/doc/stunnel-4.29/stunnel.conf
如果是二进制安装的话
/usr/local/bin/stunnel
看一下端口
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 11589/stunnel
stunnel安装完成
stunnel客户端安装配置
下载stunnel windows客户端,网上一大片,
在stunnel安装路径下
修改stunnel.conf
-
;Enable support for the insecure SSLv3 protocol 默认使用SSL23
-
options = -NO_SSLv3
-
client = yes
-
[squid]
-
accept = 8088
-
connect = stunnel server ip:443
打开桌面stunnel启动ok了
在IE浏览器里面设置代理,127.0.0.1 端口是:8088
ok可以打开google facebook等网站了。
阅读(2087) | 评论(0) | 转发(0) |