如何在CentOS 7上安装和配置Squid代理

代理服务器 位于两个端点设备之间并充当中间设备的计算机。当客户端计算机从服务器请求资源时,它可以是文件或网页,并且请求是 代理服务器 首先接下来,代理服务器将请求发送到目标服务器,以获取服务器发送的资源。代理服务器获取资源后,会将资源发送到客户端计算机。您可以使用代理服务器来缓存资源。例如,如果您经常从代理服务器访问网站, 代理服务器 现在,您可以将网站内容保留在缓存中,并直接向用户提供网页。您可以使用代理服务器来促进安全性,管理控制和缓存服务。代理服务器也可以用于匿名,因为代理服务器每次从服务器获取资源时,都会使用自己的IP地址而不是客户端的IP地址。

什么是鱿鱼代理

鱿鱼 功能齐全的Web代理缓存服务器应用程序提供n 代理商 现金服务 对于HTTP,FTP,SSL请求和DNS查找。它还可以缓存和重用经常请求的网页,从而提供透明的缓存,从而减少带宽并缩短响应时间。在本教程中,您将学习如何在CentOS 7上安装Squid代理。您还将学习可以在Squid缓存服务器上执行的基本配置。

要求条件

鱿鱼 尽管没有最低硬件要求,但RAM的数量可能会有所不同,具体取决于谁通过代理访问Internet以及缓存了哪些对象。要遵循本教程,您需要: CentOS 7.x 具有root用户访问权限的服务器。如果您以非root用户身份登录,请运行sudo -i切换到root用户。您还可以在所有管理命令之前使用sudo命令以root用户身份运行。

如何在CentOS 7上安装Squid

在安装软件包之前,建议您使用以下命令更新系统和软件包:

sudo yum -y update

鱿鱼包装 默认可用 百胜库。在服务器上执行以下命令以安装SQUID代理服务器。

sudo yum -y install squid

启动鱿鱼服务

sudo systemctl start squid

输入以下命令以在启动过程中自动启动鱿鱼服务。

sudo systemctl  enable squid

此时,Squid Web代理应该已经在运行,您可以检查服务的状态。

sudo systemctl status squid

样本输出:

systemctl status squid
● squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-03-28 13:45:39 EDT; 1min 47s ago
 Main PID: 3659 (squid)
   CGroup: /system.slice/squid.service
           ├─3659 /usr/sbin/squid -f /etc/squid/squid.conf
           ├─3661 (squid-1) -f /etc/squid/squid.conf
           └─3662 (logfile-daemon) /var/log/squid/access.log

Mar 28 13:45:38 lintut.loc systemd[1]: Starting Squid caching proxy...
Mar 28 13:45:39 lintut.loc systemd[1]: Started Squid caching proxy.
Mar 28 13:45:39 lintut.loc squid[3659]: Squid Parent: will start 1 kids
Mar 28 13:45:39 lintut.loc squid[3659]: Squid Parent: (squid-1) process 3661...d
Hint: Some lines were ellipsized, use -l to show in full.

如果Firewalld正在运行,则需要允许squid代理服务。

sudo firewall-cmd --add-service=squid --permanent
sudo firewall-cmd --reload

鱿鱼配置

鱿鱼 容易的 设置 通过编辑全局配置文件 /etc/squid/squid.conf。要编辑配置文件,请执行以下命令:

sudo vi /etc/squid/squid.conf

您可以使用任何编辑器。本教程使用vi编辑器。最小样本配置文件如下所示:

 #
    # Recommended minimum configuration:
    ## Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
    acl localnet src fc00::/7       # RFC 4193 local private network range
    acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machinesacl SSL_ports port 443
    acl Safe_ports port 80          # http
    acl Safe_ports port 21          # ftp
    acl Safe_ports port 443         # https
    acl Safe_ports port 70          # gopher
    acl Safe_ports port 210         # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280         # http-mgmt
    acl Safe_ports port 488         # gss-http
    acl Safe_ports port 591         # filemaker
    acl Safe_ports port 777         # multiling http
    acl CONNECT method CONNECT#
    # Recommended minimum Access Permission configuration:
    #
    # Deny requests to certain unsafe ports
    http_access deny !Safe_ports# Deny CONNECT to other than secure SSL ports
    http_access deny CONNECT !SSL_ports# Only allow cachemgr access from localhost
    http_access allow localhost manager
    http_access deny manager# We strongly recommend the following be uncommented to protect innocent
    # web applications running on the proxy server who think the only
    # one who can access services on "localhost" is a local user
    #http_access deny to_localhost#
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    ## Example rule allowing access from your local networks.
    # Adapt localnet in the ACL section to list your (internal) IP networks
    # from where browsing should be allowed
    http_access allow localnet
    http_access allow localhost# And finally deny all other access to this proxy
    http_access deny all# Squid normally listens to port 3128
    http_port 3128# Uncomment and adjust the following to add a disk cache directory.
    #cache_dir ufs /var/spool/squid 100 16 256# Leave coredumps in the first cache dir
    coredump_dir /var/spool/squid
# # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|?) 0 0% 0 refresh_pattern . 0 20% 4320
Sidebar