In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/03 Report--
A brief introduction to Squid
Squid is a kind of software used to buffer Internet data. This is how it works, accepting requests from the object that people need to download and handling them appropriately. That is, if a person wants to download a web page, he asks Squid to get the page for him. Squid then connects to a remote server (such as http://squid.nlanr.net/) and makes a request to the page. Squid then explicitly aggregates the data to the client machine and makes a copy at the same time. The next time someone needs the same page, Squid can simply read it from disk so that the data is immediately transferred to the client. The current Squid can handle protocols such as HTTP,FTP,GOPHER,SSL and WAIS. But it can't handle things like POP,NNTP,RealAudio and other types of things.
Basic types of agents
Traditional agent: for Internet, the server needs to be specified clearly
Transparent proxy: the client does not need to specify the address and port of the proxy server, but through the default route, the firewall redirects the web to the proxy
Benefits of agency
Improve web access speed
Hide the real IP address of the client
Experimental environment
Squid server: 192.168.149.125
Web server: 192.168.149.135
Client server: 192.168.149.188
Install the squid proxy server on the squid server
[root@squid ~] # mkdir / abc
[root@squid ~] # mount.cifs / / 192.168.100.3/LNMP-C7 / abc/ # # Mount
[root@squid ~] # cd / abc/
[root@squid abc] # tar zxvf squid-3.4.6.tar.gz-C / opt # # decompress
[root@squid abc] # yum install gcc gcc-c++ make-y # # install environment components
[root@squid abc] # cd / opt/squid-3.4.6
[root@squid squid-3.4.6] #. / configure\
-- prefix=/usr/local/squid\ # # installation path
-- sysconfdir=/etc\ # # configuration file directory
-- enable-arp-acl\ # # support acl access control lists
-- enable-linux-netfilter\ # # supports network filtering
-- enable-linux-tproxy\ # # supports transparency
-enable-async-io=100\ # # io optimization
-- enable-err-language= "Simplify_Chinese"\ # # error display in simplified Chinese
-- enable-underscore\
-- enable-poll\
-- enable-gnuregex # # supports regular expression
[root@squid squid-3.4.6] # make & & make install # # compile and install
[root@squid squid-3.4.6] # ln-s / usr/local/squid/sbin/* / usr/local/sbin/ # # easy for system identification
[root@squid squid-3.4.6] # useradd-M-s / sbin/nologin squid # # create a system user
[root@squid squid-3.4.6] # chown-R squid.squid / usr/local/squid/var/ # # give all files in the directory master group permissions
Modify the squid configuration file and optimize startup items
[root@squid squid-3.4.6] # vim / etc/squid.conf # # modify squid configuration file
Http_access allow all # # add this item
# http_access deny all # # Notes to allow terminal access
Http_port 3128
Cache_effective_user squid # # specify user squid
Cache_effective_group squid # # specify a group
[root@squid squid-3.4.6] # squid- k parse # # check configuration file syntax
[root@squid squid-3.4.6] # squid- z # # initialize cache directory
[root@squid squid-3.4.6] # squid # # enable the service
[root@squid squid-3.4.6] # netstat-ntap | grep 3128 # # View squid port
[root@squid squid-3.4.6] # cd / etc/init.d/
[root@squid init.d] # vim squid # # Edit the script for service to start squid
#! / bin/bash
# chkconfig: 2345 90 25
PID= "/ usr/local/squid/var/run/squid.pid" # # PID file process number
CONF= "/ etc/squid.conf" # # main configuration file
CMD= "/ usr/local/squid/sbin/squid" # # start command
Case "$1" in
Start)
Netstat-ntap | grep squid & > / dev/null
If [$?-eq 0]
Then
Echo "squid is running"
Else
Echo "starting squid...."
$CMD
Fi
Stop)
$CMD-k kill & > / dev/null # # close squid
Rm-rf $PID & > / dev/null # # Delete the PID file
Status)
[- f $PID] & > / dev/null
If [$?-eq 0]
Then
Netstat-ntap | grep squid
Else
Echo "squid is not running"
Fi
Restart)
$0 stop & > / dev/null
Echo "shutting down squid..."
$0 start & > / dev/null
Echo "starting squid..."
Reload)
$CMD-k reconfigure # # reload configuration file
Check)
$CMD-k parse # # check syntax
*)
Echo "usage: $0 {start | stop | reload | status | check | restart}"
Esac
[root@squid init.d] # chmod + x squid # # give execution permission
[root@squid init.d] # chkconfig-- add squid # # add to service management
[root@squid init.d] # chkconfig-- level 35 squid on # # Boot
Set up traditional proxy configuration
[root@squid init.d] # vim / etc/squid.conf # # modify the main configuration file
Http_port 3128
Cache_mem 64 MB # # memory space size
Reply_body_max_size 10 MB # # allows maximum file size to be downloaded
Maximum_object_size 4096 KB # # allows you to save the maximum cache space object size
[root@squid init.d] # service squid restart
[root@squid init.d] # iptables-L # # View table contents
[root@squid init.d] # iptables-F # # clear the table cache
[root@squid init.d] # setenforce 0
[root@squid init.d] # iptables-I INPUT-p tcp-- dport 3128-j ACCEPT # # allow port 3128
[root@squid init.d] # service squid reload # # reload configuration file
Install the http service on the web server
[root@web ~] # systemctl stop firewalld.service # # turn off the firewall
[root@web ~] # setenforce 0
[root@web ~] # yum install httpd-y # # install the web service
[root@web ~] # systemctl start httpd.service
Test the proxy service and clear the cache
View the httpd service log file of the web host
[root@localhost logs] # head-1 access_log
192.168.52.138-[04/Dec/2019:17:09:15 + 0800] "GET / HTTP/1.1" 403 4897 "-" Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 "
# you can see that it is accessed by the IP address of the client host
[root@localhost logs] #
[root@localhost logs] # tail-1 access_log
192.168.52.134-[04/Dec/2019:17:26:55 + 0800] "GET / browserconfig.xml HTTP/1.1" 404 215 "-" Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 "
# you can see that it is accessed by the IP address of the squid server
[root@localhost logs] #
Transparent proxy
Squid:192.168.100.1 private network: ens33
12.0.0.1 Public Network: ens36
Web:12.0.0.12
Client:192.168.100.50
Add a network card and set up a transparent proxy
Ens33 Nic profile:
[root@squid ~] # cd / etc/sysconfig/network-scripts/
[root@squid network-scripts] # vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=8ecd53ce-afdb-46f8-b7ff-b2f428a3bc8f
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.1
NETMASK=255.255.255.0
Ens36 Nic profile:
[root@squid network-scripts] # cp-p ifcfg-ens33 ifcfg-ens36
[root@squid network-scripts] # vim ifcfg-ens36
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens36
DEVICE=ens36
ONBOOT=yes
IPADDR=12.0.0.1
NETMASK=255.255.255.0
[root@squid network-scripts] # systemctl restart network
[root@squid network-scripts] # ifconfig
Ens33: flags=4163 mtu 1500
Inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255
Inet6 fe80::c776:9d00:618:88f2 prefixlen 64 scopeid 0x20
Ether 00:0c:29:eb:34:07 txqueuelen 1000 (Ethernet)
RX packets 226 bytes 31111 (30.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 84 bytes 10776 (10.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Ens36: flags=4163 mtu 1500
Inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255
Inet6 fe80::55bc:65c1:7046:e2d6 prefixlen 64 scopeid 0x20
Ether 00:0c:29:eb:34:11 txqueuelen 1000 (Ethernet)
RX packets 216bytes 30613 (29.8KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 76 bytes 9847 (9.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@squid network-scripts] # service network restart # # restart the network service
[root@squid network-scripts] # vim / etc/sysctl.conf # # enable routing forwarding
Net.ipv4.ip_forward=1
[root@squid network-scripts] # sysctl-p # # load
Set up a transparent proxy on the squid server
[root@squid network-scripts] # vim / etc/squid.conf # Settings profile
Http_port 192.168.100.1 3128 transparent # set transparent proxy
[root@squid ~] # iptables-F # clear the table cache
[root@squid ~] # iptables-t nat-F # clear the NAT table cache
Root@squid ~] # setenforce 0 # turn off enhanced security features
[root@squid network-scripts] # iptables-t nat-I PREROUTING-I ens33-s 192.168.100.0 tcp 24-p tcp-- dport 80-j REDIRECT-- to 3128
# define rule entry ens33,80 port redirect to 3128
[root@squid network-scripts] # iptables-t nat-I PREROUTING-I ens33-s 192.168.100.0 tcp 24-p tcp-- dport 443-j REDIRECT-- to 3128
# https443 Port
[root@squid network-scripts] # iptables-I INPUT-p tcp-- dport 3128-j ACCEPT # allow access to port 3128
[root@squid network-scripts] # service squid stop # disable the service
[root@squid network-scripts] # service squid start # enable the service
Starting squid...
[root@squid network-scripts] #
Change the web host and client test host network mode to host only, configure a fixed IP address, and shut down the proxy server
Test the server, view the log
[root@localhost] # tail-1 / etc/httpd/logs/access_log
12.0.0.1-[04/Dec/2019:19:57:53 + 0800] "GET / favicon.ico HTTP/1.1" 404 209 "-" Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 "
# you can see that it is accessed by the IP address of the proxy server
[root@localhost ~] #
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.