美文网首页
Squid 配置

Squid 配置

作者: Lisong | 来源:发表于2017-06-07 18:15 被阅读267次

安装

使用YUM 安装 squid
yum install -y squid
查看squid的配置文件
rpm -ql squid
rpm -qc squid

备份配置文件

test -f /etc/squid/squid.conf.bak || \cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

去除配置文件中的注释和空行

sed -r -i -e '/(^[ \t]*#|^[ \t]*$)/d' /etc/squid/squid.conf

vi /etc/squid/squid.conf
配置Squid的可见主机名,主机名会出现在<squid的错误消息里>、<squid转发的cache单元的HTTP Via头里>等等。

visible_hostname server03.test.com
## 配置用户和组
cache_effective_user squid
cache_effective_group squid
## 配置管理联系信息(即:管理员邮箱)
cache_mgr 156405304@@qq.com
##检测配置文件的正确性
squid -k parse

服务管理

chkconfig squid on
service squid start | stop | restart | reload
netstat -tunlp | grep squid

查看版本机编译参数

squid -v

配置防火墙

service iptables restart
iptables -D INPUT -p tcp --dport 3128 -j ACCEPT
iptables -I INPUT -p tcp --dport 3128 -j ACCEPT

使用编译安装squid

安装 gcc

yum install -y gcc*
tar -axf ~/squid-3.5.22.tar.gz
cd ~/squid-3.5.22
./configure --prefix=/usr/local/squid
make all && make install
cat >/etc/profile.d/squid.sh<<EOF
export PATH="/usr/local/squid/bin:/usr/local/squid/sbin:\$PATH"
EOF
source /etc/profile
echo $PATH

备份配置文件

test -f /usr/local/squid/etc/squid.conf.bak || \cp /usr/local/squid/etc/squid.conf /usr/local/squid/etc/squid.conf.bak

去除注释和空行

sed -r -i -e '/(^[ \t]*#|^[ \t]*$)/d' /usr/local/squid/etc/squid.conf
vi /usr/local/squid/etc/squid.conf

## 配置Squid的可见主机名,主机名会出现在<squid的错误消息里>、<squid转发的cache单元的HTTP Via头里>等等。
visible_hostname server03.test.com
## 配置用户和组
cache_effective_user nobody
## 配置管理联系信息(即:管理员邮箱)
cache_mgr 156405304@@qq.com
chown -R nobody:nobody /usr/local/squid/var/cache
chown -R nobody:nobody /usr/local/squid/var/logs
检测配置文件的正确性(OK)
squid -k parse

##配置 cache 缓存配置
cache_dir ufs /var/spool/squid 100 16 256
cache_mem 100MB
cache_swap_high 95
cache_swap_low 90
maximum_object_size 4MB
minimum_object_size 0KB
maximum_object_size_in_memory 4096 KB

初始化 cache 缓存

squid -k parse
service squid stop
squid -z

启动/重启/停止/重载 Squid服务

chkconfig squid on
service squid start|restart|stop|reload
查看squid服务进程
netstat -tunlp |grep squid
查看版本及编译参数
squid -v

为Squid配置证书

cd /etc/squid
openssl genrsa -out ${HOSTNAME}.key.pem 1024
openssl req -new -x509 -inform PEM -outform PEM -key ${HOSTNAME}.key.pem -out ${HOSTNAME}.cert.pem


hostname_fqdn=squid.one.com
test -f /etc/squid/squid.conf.bak || cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
cat >/etc/squid/squid.conf<<EOF
visible_hostname ${hostname_fqdn}
cache_effective_user squid
cache_effective_group squid
cache_mgr li@qq.com
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow localhost manager
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow all
http_access deny all
http_port 3128
coredump_dir /var/spool/squid
cache_dir ufs /var/spool/squid 100 16 256
cache_mem 100 MB
cache_swap_high 95
cache_swap_low 90
maximum_object_size 4 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4096 KB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
## 设置:反向代理<同IP,同port端口,不同主机头>
acl vport01 port 80
acl vport02 port 443
http_port 192.168.30.3:80 accel vhost vport
https_port 192.168.30.3:443 accel vhost vport cert=/etc/squid/${HOSTNAME}.cert.pem key=/etc/squid/${HOSTNAME}.key.pem
cache_peer 192.168.30.12 parent 80 0 no-query no-digest originserver name=www
cache_peer 192.168.30.12 parent 443 0 no-query no-digest originserver name=web login=PASS ssl sslflags=DONT_VERIFY_PEER front-end-https=on
cache_peer_access www allow vport01 
cache_peer_access web allow vport02 
EOF
cat /etc/squid/squid.conf
squid -k parse
service squid reload

配置iptables

service iptables restart
iptables -D INPUT -p tcp --dport 3128 -j ACCEPT
iptables -I INPUT -p tcp --dport 3128 -j ACCEPT
iptables -D INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -D INPUT -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
service iptables save
service iptables reload

相关文章

网友评论

      本文标题:Squid 配置

      本文链接:https://www.haomeiwen.com/subject/rssafxtx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|Squid 配置|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!