Shulou(Shulou.com)05/31 Report--

This article is about how to achieve squid traditional agent, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Install squid proxy server yum install gcc gcc-c++ make-yyum install perl-devel-yyum install lrz*-ytar xf squid-3.5.27.tar.gz-C / opt/

Cd / opt/squid-3.5.27/./configure\-- prefix=/usr/local/squid\-- sysconfdir=/etc\-- enable-arp-acl\-- enable-linux-netfilter\-- enable-linux-tproxy\-- enable-async-io=100\-- enable-err-language= "Simplify_Chinese"\-- enable-underscore\-- enable-poll\-- enable-gnuregex Note:. / configure\ # configuration-- prefix=/usr/local/squid\ # specify installation path-- sysconfdir=/etc\ # configuration file storage directory-- enable-arp-acl\ # can be set in ACL to manage via MAC address Prevent IP spoofing-enable-linux-netfilter\ # uses kernel filtering to provide support for transparent mode-enable-linux-tproxy\ # allows the use of transparent mode-enable-async-io=100\ # Asynchronous Imando O to improve storage performance. -- enable-err-language= "Simplify_Chinese"\ #-- enable-underscore\ # allows underscores in URL-- enable-poll\ # uses Poll () mode to improve performance-- enable-gnuregex # uses GNU regular expressions make & & make installln-s / usr/local/squid/sbin/* / usr/local/sbinuseradd-M-s / sbin/nologin squidchown-R squid:squid / usr/local/squid/var/

Vi / etc/squid.confhttp_access allow all http_port 3128 / / add visible_hostname 192.168.80.181 # below to determine the public hostname cache_mem 64 MBcache_swap_low 80cache_swap_high 97cache_dir ufs / usr/local/squid/var/cache/squid 512 16 256 / / configure the hard disk cache, open #. Cache directory 512m, of which there are 16 first-level directories and 256 cache_effective_user squid # second-level directories used to set the initialization and run-time cached accounts, otherwise unsuccessful startup cache_effective_group squid # / / defaults to the basic group of the specified account

Squid-k parse / / check the configuration file

Squid-k rec / / reload the configuration file squid-zX / / initialize the cache directory-create squid system service scripts-to make it easier to start, stop and reload Squid services, you can write Squid service scripts and use chkconfig and service tools to manage them. Vi / usr/local/squid/var/run/squid.pid CONF= init. D case case in start) netstat-utpln | grep squid & > / dev/null if [$?-eq 0] then echo "Squid is running" else $CMD fi ; stop) $CMD-k kill & > / dev/null rm-rf $PID & > / dev/null Status) [- f $PID] & > / dev/null if [$?-eq 0] then netstat-utpln | grep squid else echo "Squid is not running" fi ; restart) $0 stop & > / dev/null echo "shuts down Squid..." $0 start & > / dev/null echo "starting Squid...";; reload) $CMD-k reconfigure;; check) $CMD-k parse *) echo "usage: {start | stop | restart | reload | check | status}" esacchmod + x / etc/init.d/squid

Chkconfig-- add squidchkconfig squid onservice firewalld stopsetenforce 0service squid startnetstat-anpt | grep 3128

Set up a web server: yum install httpd-ycd / var/www/htmldd if=/dev/zero of=test1.tgz bs=1M count=11dd if=/dev/zero of=test2.tgz bs=1M count=2 [root@lq1 squid-3.5.27] # vi / etc/squid.confreply_body_max_size 10MB / / prohibited downloads of files exceeding 10MB maximum_object_size 4096 KB / / files exceeding 4MB are not cached http_access deny The first two lines of all / / need to be placed above this line to take effect.

Restart the squid proxy service service squid startvi / etc/httpd/conf/httpd.conf to remove the comment from the line and add index.php service httpd start after ServerName www.example.com:80 DirectoryIndex index.html

Test, set the proxy service address in the windows browser and enter 192.168.80.101/test1.tgz. Appear for a moment:

Before entering 192.168.80.101/test2.tgz

Check the new record of Squid access log tail / usr/local/squid/var/logs/access.log / / you can see the record of client C accessing Web server

Check the new record of Web access log tail / var/log/httpd/access_log / / you can see the access record from the Squid server. The Squid server accesses the Web server instead of client C.

When the client visits the same page again, the Squid access log adds a new record, while the record of the Web access log does not change (unless the page changes or force refresh, and so on). This shows that when the client accesses the same static page, it is actually provided by the proxy server through the cache. Test on linux server: yum install wget-y sets proxy server [root@lq3 ~] # vi / etc/wgetrc HTTP_PROXY= http://192.168.80.100:3128HTTPS_PROXY=https://192.168.80.100:3128FTP_PROXY=http://192.168.80.100:3128NO_PROXY=192.168.1.,192.168.2. on linux system

[root@lq3 ~] # source / etc/wgetrc [root@lq3 ~] # wget http://192.168.80.101/test1.tgz

[root@lq3 ~] # wget http://192.168.80.101/test2.tgz

On the web server: [root@lq2 html] # tail-f / etc/httpd/logs/access_log

Need to open a second network card

Case: build Squid on Linux gateway to provide proxy service for client to access Internet, set IP address and default gateway on client, and do not need to specify proxy server address, port and other information cp-p ifcfg-ens32 ifcfg-ens34vi ifcfg-ens34

Systemctl restart network on squid proxy server: vi / etc/squid.confhttp_port 192.168.90.100 etc/squid.confhttp_port 3128 transparent (internal address) yum install-y iptables* install iptables firewall iptables-F # clear firewall rules iptables-t nat-A PREROUTING-I ens34-p tcp-dport 80-s 192.168.90.0max 24-j REDIRECT-to-ports 3128 / transfer port 80 to port 3128 There is a transparent proxy to access the website server iptables-t nat-Lservice iptables save # Save the rule service iptables start in the test client, enter 192.168.80.101: enter 192.168.80.101/test1.tgz

The above is how to achieve the traditional agent of squid, the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.