Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Linux proxy Settings

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

Http Agent

Some local area network environments need to use agents to surf the Internet, the graphical interface is very good to set up the browser proxy, but the Linux pure command line interface needs to be manually configured.

You need to modify the / etc/profile file if you want global users to use the Shell that is applied to all

1 # vi / etc/profile

Add the following configuration to the file

1 http_proxy=proxy.abc.com:8080 2 https_proxy=$http_proxy

3 ftp_proxy=user:password@proxy.abc.com:8080 4 no_proxy=*.abc.com,10.*,192.168.*.*,*.local,localhost,127.0.0.1 5 export http_proxy https_proxy ftp_proxy no_proxy

Where:

Http_proxy:http protocol uses proxy server address

Https_proxy:https protocol uses secure proxy address

Ftp_proxy:ftp protocol uses proxy server address

User: the user name used by the agent

Password: the password of the user name used by the agent

Proxy.abc.com: proxy address, which can be IP or domain name

8080: Port used

No_proxy: host or IP that does not use proxies.

Save exit, log out and log back into the system will take effect.

This method is only suitable for configuring http proxy, and there are other configuration methods for using socket proxy to surf the Internet.

Common ways for linux programs to configure proxy servers:

[generic proxy server configuration]

For most Linux console programs, such as the apt-get and aptitude commands, git commands, and wget commands in Debian or Ubuntu, these programs use the http_proxy and ftp_proxy environment variables to obtain the configuration of the agent service.

The way to do this is to add something like this to your ~ / .bashrc:

Export http_proxy= http://username:password@proxyserver:port/export ftp_proxy= http://username:password@proxyserver:port/

If your proxy server requires a user name and password to access, you need to fill in the username and passwd sections above, otherwise, omit them.

For example, suppose your proxy server is 192.168.1.1, port is 8080, user name is easwy, and password is 123456, you should set these two environment variables like this:

Export http_proxy= http://easwy:123456@192.168.1.1:8080 export ftp_proxy= http://easwy:123456@192.168.1.1:8080

After this configuration, log out and log in again, or simply use the following command to source .bashrc:

Source / .bashrc

Now, the above programs can access the network through the proxy server.

[proxy server configuration for subversion]

To configure the proxy server for subversion, modify the $HOME/.subversion/servers file by adding the following in the [global] section of the file:

Http-proxy-host = 192.168.1.1http-proxy-port = 8080 http-proxy-username = easwyhttp-proxy-password = 123456

Svn can now use a proxy server to access the version library.

[proxy server configuration for yum]

If you want the yum in CentOS to update the program through the proxy server, you need to modify the file / etc/yum.conf by adding:

Proxy= http://easwy:123456@192.168.1.1:8080

Now you can update your software using yum.

The internal network machine accesses the external network and acts as an agent

Generally speaking, for security reasons, only one machine in the same local area network can access the external network, and the operation and maintenance staff have imposed overall restrictions, but in the later work, some software and commands need to be installed on the machine. so other machines need to access the external network to simplify the work, but can not disrupt the original operation and maintenance settings, so they need to do an agent on the machines that can access the external network.

The first step and the second step are to operate on the machine that can access the external network, and the third step is to operate on the machine that cannot access the external network.

1. Check the machine

During the operation, it is found that the machine accessing the external network itself cannot use yum installation software, so it is necessary to configure the yum installation source. If possible, this step can be ignored.

[html] view plain copy

[root@localhost test] # lsb_release-a

LSB Version:: core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch

Distributor ID: RedHatEnterpriseServer

Description: Red Hat Enterprise Linux Server release 5.7 (Tikanga)

Release: 5.7

Codename: Tikanga

[root@localhost test] # cd / etc/yum.repos.d/

[root@localhost test] # wget http://mirrors.163.com/.help/CentOS5-Base-163.repo

The file obtained by the intermediate wget, you need to modify $releasever to 5

[html] view plain copy

# CentOS-Base.repo

#

# The mirror system uses the connecting IP address of the client and the

# update status of each mirror to pick mirrors that are updated to and

# geographically close to the client. You should use this for CentOS updates

# unless you are manually picking other mirrors.

#

# If the mirrorlist= does not work for you, as a fall back you can try the

# remarked out baseurl= line instead.

#

#

[base]

Name=CentOS-5-Base-163.com

Baseurl= http://mirrors.163.com/centos/5/os/$basearch/

# mirrorlist= http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=os

Gpgcheck=1

Gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

# released updates

[updates]

Name=CentOS-5-Updates-163.com

Baseurl= http://mirrors.163.com/centos/5/updates/$basearch/

# mirrorlist= http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=updates

Gpgcheck=1

Gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

# packages used/produced in the build but not released

[addons]

Name=CentOS-5-Addons-163.com

Baseurl= http://mirrors.163.com/centos/5/addons/$basearch/

# mirrorlist= http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=addons

Gpgcheck=1

Gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

# additional packages that may be useful

[extras]

Name=CentOS-5-Extras-163.com

Baseurl= http://mirrors.163.com/centos/5/extras/$basearch/

# mirrorlist= http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=extras

Gpgcheck=1

Gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

# additional packages that extend functionality of existing packages

[centosplus]

Name=CentOS-5-Plus-163.com

Baseurl= http://mirrors.163.com/centos/5/centosplus/$basearch/

# mirrorlist= http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=centosplus

Gpgcheck=1

Enabled=0

Gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

# contrib-packages by Centos Users

[contrib]

Name=CentOS-5-Contrib-163.com

Baseurl= http://mirrors.163.com/centos/5/contrib/$basearch/

# mirrorlist= http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=contrib

Gpgcheck=1

Enabled=0

Gpgkey= http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

Yum clean all clears the original cache

Yum list gets the yum list

If the list data appears as follows, the setting is successful.

[html] view plain copy

Sqlite-devel.i386 3.3.6-7 base

Sqlite-devel.x86_64 3.3.6-7 base

Squashfs-tools.x86_64 3.0-4 base

Squirrelmail.noarch 1.4.8-21.el5.centos base

Srptools.x86_64 0.0.4-10.el5 base

Sssd.x86_64 1.5.1-70.el5 base

Sssd-client.i386 1.5.1-70.el5 base

Sssd-client.x86_64 1.5.1-70.el5 base

Sssd-tools.x86_64 1.5.1-70.el5 base

2. Install squid

Introduction of squid and its simple configuration

The yum command is ready and can be installed directly online.

[html] view plain copy

Yum install squid

After the installation is completed, modify the contents of the squid.conf file under cd / etc/squid/. You can back up the file before you modify it:

[html] view plain copy

Cp squid.conf squid.conf_bak

Then find the http_access deny all in the file and modify it to http_access allow all to indicate that all users can access the agent

Also find http_port 3128 and modify it to http_port 192.168.3.171IP 3128 where the IP and port is the proxy IP and port of squid.

The IP is the IP address that can access the public network machine. If it is local, you do not need to modify the address. Start the squid agent below.

[html] view plain copy

[root@localhost squid] # squid-k parse

[root@localhost squid] #

[root@localhost squid] #

[root@localhost squid] # squid-z

14:43:01 on 2014-07-22 | Creating Swap Directories

[root@localhost squid] #

[root@localhost squid] #

[root@localhost squid] # service squid start

Starting squid: [OK]

[root@localhost squid] #

[root@localhost squid] #

[root@localhost squid] #

[root@localhost squid] # netstat-nltp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

Tcp 0 0 0.0.0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 01. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 15. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0

Tcp 0 0 0.0.0.0 squid 3128 0.0.0.0 squid * LISTEN 22862 /

Tcp 0 0 0.0.0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0

3. Configure machine agents that cannot access the public network

Set up proxy machines to access the external network on other intranet machines that need to access the external network

[html] view plain copy

Export http_proxy= http://192.168.3.171:3128

The effect of export is only limited to this login operation, which is not global. For more information, please refer to: linux environment variable export command

In this way, the intranet machines that can not access the external network can access the external network as agents to facilitate the installation of some software, commands and other operations.

4. Test

Execute "curl www.baidu.com" on the configured private network machine. If the following appears, the network access is successful:

[html] view plain copy

[cosw@platdevsxyd01 ~] $curl www.baidu.com

Baidu, you will know.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report