Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1647313
  • 博文数量: 409
  • 博客积分: 6240
  • 博客等级: 准将
  • 技术积分: 4908
  • 用 户 组: 普通用户
  • 注册时间: 2011-06-01 00:04
文章分类

全部博文(409)

文章存档

2021年(1)

2019年(1)

2017年(1)

2016年(13)

2015年(22)

2013年(4)

2012年(240)

2011年(127)

分类: LINUX

2016-09-06 18:50:58

squid既可以做正向代理,也可以做反向代理:

软件获取地址
一、软件编译

1)优化linux内核参数:文件描述符、对外端口连接范围、time_wait sockets快速回收等:
如果想永久变更需要修改/etc/security/limits.conf 文件,如下:
vi /etc/security/limits.conf
* hard nofile 102400
* soft nofile 102400
保存退出后重新登录,其最大文件描述符已经被永久更改了。

2)安装依赖包, perlgccawk gcc-c++net-snmpnet-snmp-utilslibtool,利用rpm进行检查,如果系统没有预装,就利用yum安装;通互联网的话可以使用互联网的yum源,内网可以使用公司自己的,配置方法:/etc/yum.repos.d目录就编辑一个文件CentOS.repo,就这几行:

3)编译软件

把文件上传至服务器的opt目录,然后解压:tar –xzvf squid-3.5.19.tar.gz;进入解压后的目录,执行./configure -–prefix=/opt/squid_install --enable-useragent-log -- enable-referer-log  -- enable-htcp ,如果中间无报错则执行make,如果make无报错则执行make install,整个过程大概需要半个小时。

注:

编译安装的原因:虽然RPM或者预编译的packages能节省一些时间(linux软件安装的三种方式的前两种),但它们也有一些弊端,他们可能包括了某些自己不需要的功能,而且,squid./configure脚本侦察系统中的特定参数,这些在系统中的参数可能与编译它的机器的参数不同。
二、软件配置

       软件部署到了/opt/squid_install/,目录结构:

./sbin ——启动命令执行文件

./etc ——配置文件

./var ——日志、cache

./bin ——清除缓存、计算命中率的命令

./share

./libexec

1)正向代理配置(105网段的代理服务器供扫描器扫描使用

默认安装完的配置是正向代理的基础配置,可以修改部分参数,如:portcache_diraccess_loglogfile_rotate cache_memacl等等

2)反向代理配置(106网段的代理服务器供外部互联网用户访问使用

cache_peer 172.16.1.197 parent 8080 0 no-query originserver round-robin

http_port 8081 accel vhost vport

http_access allow all——这行到到http_access deny all的上面

如果有多个代理节点,可以配置负载均衡环境。

3acl配置

acl adserver src 192.168.106.0/24

http_access deny adserver

可以对源地址、目的地址的访问设置访问控制列表。

三、运行测试

1、修改完配置文件之后,执行检查配置文件:./squid –k parse (每次修改配置文件都要执行一次)

2、如果是首次运行,必须执行创建cache./squid –z

3启动:./squid

如果是重启、关闭等,就用./squid –k shutdown等,一般常用的有:-k rotate,-k reconfigure, 其中注意事项是,squid启动、关闭时,都需要10秒左右的时间,执行的时候不要太着急,注意看cache_log

4、日志查询

tail –f ./access_log

tail –f ./cache_log

可以看到系统是否有异常和代理访问执行情况:

四、启动过程

  1. [mss@lossan etc]$ ../sbin/squid -k parse
  2. 2016/09/06 15:57:07| Startup: Initializing Authentication Schemes ...
  3. 2016/09/06 15:57:07| Startup: Initialized Authentication Scheme 'basic'
  4. 2016/09/06 15:57:07| Startup: Initialized Authentication Scheme 'digest'
  5. 2016/09/06 15:57:07| Startup: Initialized Authentication Scheme 'negotiate'
  6. 2016/09/06 15:57:07| Startup: Initialized Authentication Scheme 'ntlm'
  7. 2016/09/06 15:57:07| Startup: Initialized Authentication.
  8. 2016/09/06 15:57:07| Processing Configuration File: /opt/proxy_security/squid_intall/etc/squid.conf (depth 0)
  9. 2016/09/06 15:57:07| Processing: acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  10. 2016/09/06 15:57:07| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range
  11. 2016/09/06 15:57:07| Processing: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  12. 2016/09/06 15:57:07| Processing: acl SSL_ports port 443
  13. 2016/09/06 15:57:07| Processing: acl Safe_ports port 80 # http
  14. 2016/09/06 15:57:07| Processing: acl Safe_ports port 21 # ftp
  15. 2016/09/06 15:57:07| Processing: acl Safe_ports port 443 # https
  16. 2016/09/06 15:57:07| Processing: acl Safe_ports port 70 # gopher
  17. 2016/09/06 15:57:07| Processing: acl Safe_ports port 210 # wais
  18. 2016/09/06 15:57:07| Processing: acl Safe_ports port 1025-65535 # unregistered ports
  19. 2016/09/06 15:57:07| Processing: acl Safe_ports port 280 # http-mgmt
  20. 2016/09/06 15:57:07| Processing: acl Safe_ports port 488 # gss-http
  21. 2016/09/06 15:57:07| Processing: acl Safe_ports port 591 # filemaker
  22. 2016/09/06 15:57:07| Processing: acl Safe_ports port 777 # multiling http
  23. 2016/09/06 15:57:07| Processing: acl CONNECT method CONNECT
  24. 2016/09/06 15:57:07| Processing: http_access deny !Safe_ports
  25. 2016/09/06 15:57:07| Processing: http_access deny CONNECT !SSL_ports
  26. 2016/09/06 15:57:07| Processing: http_access allow localhost manager
  27. 2016/09/06 15:57:07| Processing: http_access deny manager
  28. 2016/09/06 15:57:07| Processing: http_access allow localnet
  29. 2016/09/06 15:57:07| Processing: http_access allow localhost
  30. 2016/09/06 15:57:07| Processing: http_access deny all
  31. 2016/09/06 15:57:07| Processing: http_port 3128
  32. 2016/09/06 15:57:07| Processing: coredump_dir /opt/proxy_security/squid_intall/var/cache/squid
  33. 2016/09/06 15:57:07| Processing: refresh_pattern ^ftp: 1440 20% 10080
  34. 2016/09/06 15:57:07| Processing: refresh_pattern ^gopher: 1440 0% 1440
  35. 2016/09/06 15:57:07| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  36. 2016/09/06 15:57:07| Processing: refresh_pattern . 0 20% 4320
  37. 2016/09/06 15:57:07| Processing: access_log /opt/proxy_security/squid_intall/var/logs/access.log
  38. 2016/09/06 15:57:07| Processing: cache_log /opt/proxy_security/squid_intall/var/logs/cache.log
  39. 2016/09/06 15:57:07| Processing: logfile_rotate 10
  40. 2016/09/06 15:57:07| Processing: cache_mgr yangkai#chinamobilesz.com
  41. 2016/09/06 15:57:07| Processing: request_header_max_size 64 KB
  42. 2016/09/06 15:57:07| Processing: request_body_max_size 0
  43. 2016/09/06 15:57:07| Processing: cache_mem 20000 MB
  44. 2016/09/06 15:57:07| Processing: workers 8
  45. 2016/09/06 15:57:07| Processing: cpu_affinity_map process_numbers=1,2,3,4,5,6,7,8 cores=1,2,3,4,5,6,7,8


  46. ----------------------------------------------------------------------------------------------------------------------------------
  47. [msss@le-scan logs]$ tail -f cache.log
  48. 2016/09/06 15:57:26| Set Current Directory to /opt/proxy_security/squid_intall/var/cache/squid
  49. 2016/09/06 15:57:26 kid9| Logfile: opening log /opt/proxy_security/squid_intall/var/logs/access.log
  50. 2016/09/06 15:57:26 kid9| WARNING: log name now starts with a module name. Use 'stdio:/opt/proxy_security/squid_intall/var/logs/access.log'
  51. 2016/09/06 15:57:26 kid9| Squid plugin modules loaded: 0
  52. 2016/09/06 15:57:26 kid9| Adaptation support is off.
  53. 2016/09/06 15:57:26 kid9| Store logging disabled
  54. 2016/09/06 15:57:26 kid9| DNS Socket created at [::], FD 8
  55. 2016/09/06 15:57:26 kid9| DNS Socket created at 0.0.0.0, FD 9
  56. 2016/09/06 15:57:26 kid9| Adding nameserver 8.8.8.8 from /etc/resolv.conf
  57. 2016/09/06 15:57:26 kid9| Adding nameserver 114.114.114.114 from /etc/resolv.conf
  58. 2016/09/06 15:57:26 kid6| Logfile: opening log /opt/proxy_security/squid_intall/var/logs/access.log
  59. 2016/09/06 15:57:26 kid6| WARNING: log name now starts with a module name. Use 'stdio:/opt/proxy_security/squid_intall/var/logs/access.log'
  60. 2016/09/06 15:57:26 kid6| Squid plugin modules loaded: 0
  61. 2016/09/06 15:57:26 kid6| Adaptation support is off.
  62. 2016/09/06 15:57:26 kid6| Store logging disabled
  63. 2016/09/06 15:57:26 kid7| Logfile: opening log /opt/proxy_security/squid_intall/var/logs/access.log
  64. 2016/09/06 15:57:26 kid2| Logfile: opening log /opt/proxy_security/squid_intall/var/logs/access.log
  65. 2016/09/06 15:57:26 kid2| WARNING: log name now starts with a module name. Use 'stdio:/opt/proxy_security/squid_intall/var/logs/access.log'
  66. 2016/09/06 15:57:26 kid7| WARNING: log name now starts with a module name. Use 'stdio:/opt/proxy_security/squid_intall/var/logs/access.log'
  67. 2016/09/06 15:57:26 kid2| Squid plugin modules loaded: 0
  68. 2016/09/06 15:57:26 kid4| Logfile: opening log /opt/proxy_security/squid_intall/var/logs/access.log
  69. 2016/09/06 15:57:26 kid7| Squid plugin modules loaded: 0
  70. 2016/09/06 15:57:26 kid2| Adaptation support is off.
  71. 2016/09/06 15:57:26 kid7| Adaptation support is off.
  72. 2016/09/06 15:57:26 kid4| WARNING: log name now starts with a module name. Use 'stdio:/opt/proxy_security/squid_intall/var/logs/access.log'
  73. 2016/09/06 15:57:26 kid3| Logfile: opening log /opt/proxy_security/squid_intall/var/logs/access.log
  74. 2016/09/06 15:57:26 kid7| Store logging disabled
  75. 2016/09/06 15:57:26 kid4| Squid plugin modules loaded: 0
  76. 2016/09/06 15:57:26 kid2| Store logging disabled
  77. 2016/09/06 15:57:26 kid4| Adaptation support is off.
  78. 2016/09/06 15:57:26 kid3| WARNING: log name now starts with a module name. Use 'stdio:/opt/proxy_security/squid_intall/var/logs/access.log'
  79. 2016/09/06 15:57:26 kid7| DNS Socket created at [::], FD 11
  80. 2016/09/06 15:57:26 kid4| Store logging disabled
  81. 2016/09/06 15:57:26 kid2| DNS Socket created at [::], FD 11
  82. 2016/09/06 15:57:26 kid7| DNS Socket created at 0.0.0.0, FD 13
  83. 2016/09/06 15:57:26 kid2| DNS Socket created at 0.0.0.0, FD 13
  84. 2016/09/06 15:57:26 kid3| Squid plugin modules loaded: 0
  85. 2016/09/06 15:57:26 kid8| Logfile: opening log /opt/proxy_security/squid_intall/var/logs/access.log
  86. 2016/09/06 15:57:26 kid3| Adaptation support is off.
  87. 2016/09/06 15:57:26 kid4| DNS Socket created at [::], FD 11
  88. 2016/09/06 15:57:26 kid2| Adding nameserver 8.8.8.8 from /etc/resolv.conf
  89. 2016/09/06 15:57:26 kid8| WARNING: log name now starts with a module name. Use 'stdio:/opt/proxy_security/squid_intall/var/logs/access.log'
  90. 2016/09/06 15:57:26 kid3| Store logging disabled
  91. 2016/09/06 15:57:26 kid4| DNS Socket created at 0.0.0.0, FD 13
  92. 2016/09/06 15:57:26 kid7| Adding nameserver 8.8.8.8 from /etc/resolv.conf
  93. 2016/09/06 15:57:26 kid2| Adding nameserver 114.114.114.114 from /etc/resolv.conf
  94. 2016/09/06 15:57:26 kid3| DNS Socket created at [::], FD 11
  95. 2016/09/06 15:57:26 kid8| Squid plugin modules loaded: 0
  96. 2016/09/06 15:57:26 kid6| DNS Socket created at [::], FD 11
  97. 2016/09/06 15:57:26 kid3| DNS Socket created at 0.0.0.0, FD 13
  98. 2016/09/06 15:57:26 kid8| Adaptation support is off.
  99. 2016/09/06 15:57:26 kid5| Logfile: opening log /opt/proxy_security/squid_intall/var/logs/access.log
  100. 2016/09/06 15:57:26 kid3| Adding nameserver 8.8.8.8 from /etc/resolv.conf
  101. 2016/09/06 15:57:26 kid6| DNS Socket created at 0.0.0.0, FD 13
  102. 2016/09/06 15:57:26 kid8| Store logging disabled
  103. 2016/09/06 15:57:26 kid5| WARNING: log name now starts with a module name. Use 'stdio:/opt/proxy_security/squid_intall/var/logs/access.log'
  104. 2016/09/06 15:57:26 kid3| Adding nameserver 114.114.114.114 from /etc/resolv.conf
  105. 2016/09/06 15:57:26 kid5| Squid plugin modules loaded: 0
  106. 2016/09/06 15:57:26 kid6| Adding nameserver 8.8.8.8 from /etc/resolv.conf
  107. 2016/09/06 15:57:26 kid5| Adaptation support is off.
  108. 2016/09/06 15:57:26 kid2| HTCP Disabled.
  109. 2016/09/06 15:57:26 kid8| DNS Socket created at [::], FD 11
  110. 2016/09/06 15:57:26 kid5| Store logging disabled
  111. 2016/09/06 15:57:26 kid8| DNS Socket created at 0.0.0.0, FD 13
  112. 2016/09/06 15:57:26 kid6| Adding nameserver 114.114.114.114 from /etc/resolv.conf
  113. 2016/09/06 15:57:26 kid5| DNS Socket created at [::], FD 11
  114. 2016/09/06 15:57:26 kid8| Adding nameserver 8.8.8.8 from /etc/resolv.conf
  115. 2016/09/06 15:57:26 kid5| DNS Socket created at 0.0.0.0, FD 13
  116. 2016/09/06 15:57:26 kid7| Adding nameserver 114.114.114.114 from /etc/resolv.conf
  117. 2016/09/06 15:57:26 kid5| Adding nameserver 8.8.8.8 from /etc/resolv.conf
  118. 2016/09/06 15:57:26 kid8| Adding nameserver 114.114.114.114 from /etc/resolv.conf
  119. 2016/09/06 15:57:26 kid5| Adding nameserver 114.114.114.114 from /etc/resolv.conf
  120. 2016/09/06 15:57:26 kid6| HTCP Disabled.
  121. 2016/09/06 15:57:26 kid4| Adding nameserver 8.8.8.8 from /etc/resolv.conf
  122. 2016/09/06 15:57:26 kid3| HTCP Disabled.
  123. 2016/09/06 15:57:26 kid4| Adding nameserver 114.114.114.114 from /etc/resolv.conf
  124. 2016/09/06 15:57:26 kid5| HTCP Disabled.
  125. 2016/09/06 15:57:26 kid8| HTCP Disabled.
  126. 2016/09/06 15:57:26 kid7| HTCP Disabled.
  127. 2016/09/06 15:57:26 kid4| HTCP Disabled.
  128. 2016/09/06 15:57:26 kid1| Logfile: opening log /opt/proxy_security/squid_intall/var/logs/access.log
  129. 2016/09/06 15:57:26 kid1| WARNING: log name now starts with a module name. Use 'stdio:/opt/proxy_security/squid_intall/var/logs/access.log'
  130. 2016/09/06 15:57:26 kid1| Squid plugin modules loaded: 0
  131. 2016/09/06 15:57:26 kid1| Adaptation support is off.
  132. 2016/09/06 15:57:26 kid1| Store logging disabled
  133. 2016/09/06 15:57:26 kid1| DNS Socket created at [::], FD 11
  134. 2016/09/06 15:57:26 kid1| DNS Socket created at 0.0.0.0, FD 13
  135. 2016/09/06 15:57:26 kid1| Adding nameserver 8.8.8.8 from /etc/resolv.conf
  136. 2016/09/06 15:57:26 kid1| Adding nameserver 114.114.114.114 from /etc/resolv.conf
  137. 2016/09/06 15:57:26 kid1| HTCP Disabled.
  138. 2016/09/06 15:57:26 kid2| Finished loading MIME types and icons.
  139. 2016/09/06 15:57:26 kid8| Finished loading MIME types and icons.
  140. 2016/09/06 15:57:26 kid5| Finished loading MIME types and icons.
  141. 2016/09/06 15:57:26 kid7| Finished loading MIME types and icons.
  142. 2016/09/06 15:57:26 kid6| Finished loading MIME types and icons.
  143. 2016/09/06 15:57:26 kid1| Finished loading MIME types and icons.
  144. 2016/09/06 15:57:26 kid4| Finished loading MIME types and icons.
  145. 2016/09/06 15:57:26 kid3| Finished loading MIME types and icons.
  146. 2016/09/06 15:57:26 kid9| Finished loading MIME types and icons.
  147. 2016/09/06 15:57:26 kid2| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 18 flags=1
  148. 2016/09/06 15:57:26 kid8| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 18 flags=1
  149. 2016/09/06 15:57:26 kid7| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 18 flags=1
  150. 2016/09/06 15:57:26 kid5| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 18 flags=1
  151. 2016/09/06 15:57:26 kid6| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 18 flags=1
  152. 2016/09/06 15:57:26 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 18 flags=1
  153. 2016/09/06 15:57:26 kid4| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 18 flags=1
  154. 2016/09/06 15:57:26 kid3| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 18 flags=1

阅读(2243) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~