Shulou(Shulou.com)06/03 Report--

Cache proxy Overview of how web agents work: caching web objects and reducing duplicate requests

Basic types of proxy traditional proxy: for Internet, you need to specify a server transparent proxy: the client does not need to specify the address and port of the proxy server, but through the default route The advantage of the firewall redirecting web to the agent to improve the web access speed hide the real IP address of the client squid server: 192.168.52.134web server: 192.168.52.135client server: 192.168.52.1381, Install the squid proxy server on the squid server [root@squid ~] # mkdir / abc [root@squid ~] # mount.cifs / / 192.168.100.3/LNMP-C7 / abc/ # # Mount [root@squid ~] # cd / abc/ [root@squid abc] # tar zxvf squid-3.4.6.tar.gz-C / opt # # decompress [root@squid abc] # yum install gcc gcc-c++ make-y # # installation environment group Piece [root@squid abc] # cd / opt/squid-3.4.6 [root@squid squid-3.4.6] #. / configure\-- prefix=/usr/local/squid\ # installation path-- sysconfdir=/etc\ # # configuration file directory-- enable-arp-acl\ # # support acl access control lists-- enable-linux-netfilter\ # # support network filtering-- enable-linux-tproxy\ # # support transparency-- enable-async-io=100\ # # io optimization-- enable-err-language= "Simplify_Chinese"\ # error display simplified Chinese-- enable-underscore\-- enable-poll\-- enable-gnuregex # # support regular expression [root@squid squid-3.4.6] # make & & make install # # compile and install [root@squid squid-3.4.6] # ln-s / usr/local/squid/ Sbin/* / usr/local/sbin/ # # makes it easy for the system to identify [root@squid squid-3.4.6] # useradd-M-s / sbin/nologin squid # # create a system user [root@squid squid-3.4.6] # chown-R squid.squid / usr/local/squid/var/ # # give all files in the directory master group permissions 2, Modify squid configuration file And optimize the startup item [root@squid squid-3.4.6] # vim / etc/squid.conf # # modify the squid configuration file # And finally deny all other access to this proxyhttp_access allow all # # add this # http_access deny all # # comment Allow terminal access to # Squid normally listens to port 3128http_port 3128cache_effective_user squid # # specify user squidcache_effective_group squid # # specify group [root@squid squid-3.4.6] # squid- k parse # # check configuration file syntax [root@squid squid-3.4.6] # squid- z # # initialize cache directory [root@squid squid-3.4.6] # squid # # enable service [root@squid squid-3] .4.6] # netstat-ntap | grep 3128 # # View squid port [root@squid squid-3.4.6] # cd / etc/init.d/ [root@squid init.d] # vim squid # # Edit the script for service to launch squid #! / bin/bash#chkconfig: 2345 90 25PID = "/ usr/local/squid/var/run/squid.pid" # # PID file process number CONF= "/ etc/squid.conf" # # main configuration text CMD= "/ usr/local/squid/sbin/squid" # # launch command case "$1" instart) netstat-ntap | grep squid & > / dev/null if [$?-eq 0] then echo "squid is running" else echo "starting squid...." $CMD fi ; stop) $CMD-k kill & > / dev/null # # close squid rm-rf $PID & > / dev/null # # Delete the PID file Status) [- f $PID] & > / dev/null if [$?-eq 0] then netstat-ntap | grep squid else echo "squid is not running" Fi ; restart) $0 stop & > / dev/null echo "shutting down squid..." $0 start & > / dev/null echo "starting squid...";; reload) $CMD-k reconfigure # # reload configuration file Check) $CMD-k parse # # check syntax; *) echo "usage: $0 {start | stop | reload | status | check | restart}" Esac [root@squid init.d] # chmod + x squid # # add [root@squid init.d] # chkconfig-- add squid # # to service Management [root@squid init.d] # chkconfig-- level 35 squid on # # Boot 3, Set traditional proxy configuration [root@squid init.d] # vim / etc/squid.conf # # modify the main configuration file # Squid normally listens to port 3128http_port 3128cache_mem 64 MB # # memory space reply_body_max_size 10 MB # # allow download maximum file size maximum_object_size 4096 KB # # allow maximum cache space object size [root@squid init.d] # service squid restart [root@squid init .d] # iptables-L # # View table contents [root@squid init.d] # iptables-F # # clear the table cache [root@squid init.d] # setenforce 0 [root@squid init.d] # iptables-I INPUT-p tcp-- dport 3128-j ACCEPT # # allow port 3128 [root@squid init.d] # service squid reload # # to reload configuration file 4. Install the http service on the web server [root@web ~] # systemctl stop firewalld.service # # close the firewall [root@web ~] # setenforce 0 [root@web ~] # yum install httpd-y # # install the web service [root@web ~] # systemctl start httpd.service5, test the proxy service (1) use the client test machine to access the web web page directly (clear the cache after access)

(2) set the proxy to access again

(3) View the httpd service log file of the web host [root@localhost logs] # head-1 access_log 192.168.52.138-[04/Dec/2019:17:09:15 + 0800] "GET / HTTP/1.1" 403 4897 "-" Mozilla/5.0 (Windows NT 10.0; Win64) X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 "# you can see [root@localhost logs] # [root@localhost logs] # tail-1 access_log 192.168.52.134-[04/Dec/2019:17:26:55 + 0800]" GET / browserconfig.xml HTTP/1.1 "404215"-"" Mozilla/5.0 (Windows NT 10.0; Win64) accessed by the IP address of the client host. X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 "# you can see [root@localhost logs] # which is accessed by the IP address of the squid server. 2. Transparent proxy experimental environment: squid:192.168.100.1 intranet: ens33 12.0.0.1 extranet: ens36web:12.0.0.12client:192.168.100.501, add a network card to the squid service And set the ip address

Ens33 network card configuration file: [root@squid ~] # cd / etc/sysconfig/network-scripts/ [root@squid network-scripts] # vim ifcfg-ens33TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=8ecd53ce-afdb-46f8-b7ff-b2f428a3bc8fDEVICE=ens33ONBOOT=yesIPADDR=192.168.100.1NETMASK=255.255.255.0ens36 network card configuration file: [root@squid network-scripts] # cp-p ifcfg-ens33 ifcfg-ens36 [root@squid network-scripts] # vim ifcfg-ens36TYPE=EthernetPROXY _ METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens36DEVICE=ens36ONBOOT=yesIPADDR=12.0.0.1NETMASK=255.255.255.0 [root@squid network-scripts] # systemctl restart network [root@squid network-scripts] # ifconfig ens33: flags=4163 mtu 1500 inet 192.168.100.1 netmask 255.255.255.0 broadcast 192.168.100.255 inet6 fe80::c776:9d00:618:88f2 prefixlen 64 scopeid 0x20 ether 00:0c:29:eb: 34:07 txqueuelen 1000 (Ethernet) RX packets 226 bytes 31111 (30.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 84 bytes 10776 (10.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens36: flags=4163 mtu 1500 inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255 inet6 fe80::55bc:65c1:7046:e2d6 prefixlen 64 scopeid 0x20 ether 00 : 0c:29:eb:34:11 txqueuelen 1000 (Ethernet) RX packets 216bytes 30613 (29.8KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 76 bytes 9847 (9.6 KiB) TX errors 0 dropped 0 overruns 0c arrier 0 collisions 0 [root@squid network-scripts] # service network restart # # restart the network service [root@squid network-scripts] # vim / etc/sysctl.conf # # enable route forwarding net .ipv4.ip _ forward= 1 [root @ squid network-scripts] # sysctl-p # # load 2, Set transparent proxy on squid server [root@squid network-scripts] # vim / etc/squid.conf # Settings profile http_port 192.168.100.1vim 3128 transparent # set transparent proxy [root@squid] # iptables-F # clear table cache [root@squid] # iptables-t nat-F # clear NAT table cache root@squid ~] # setenforce 0 # turn off enhanced security [root@ Squid network-scripts] # iptables-t nat-I PREROUTING-I ens33-s 192.168.100.0 tcp 24-p tcp-- dport 80-j REDIRECT-- to 312 defines the rule entry ens33 Redirect port 80 to 3128 [root@squid network-scripts] # iptables-t nat-I PREROUTING-I ens33-s 192.168.100.0 REDIRECT 24-p tcp-- dport 443-j REDIRECT-- to 3128#https443 port [root@squid network-scripts] # iptables-I INPUT-p tcp-- dport 3128-j ACCEPT # allow port 3128 access [root@squid network-scripts] # service squid stop # shutdown service [root@squid network-scripts] # service squid start # enabling service is starting squid... [root@squid network-scripts] # 3. Change the network mode of web host and client test host to host-only

4 、 Configure the fixed IP address of the web host [root@localhost ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=3ceed540-b04c-48d6-a4f7-79951f09ea1dDEVICE=ens33ONBOOT=yesIPADDR=12.0.0.12NETMASK=255.255.255.0GATEWAY=12.0.0.1 [root@localhost ~] # systemctl restart network [root@localhost ~] # ifconfig ens33: flags=4163 mtu 1500 inet 12.0.0.12 netmask 255.255 . 255.0 broadcast 12.0.0.255 inet6 fe80::3e1d:31ba:f66a:6f80 prefixlen 64 scopeid 0x20 ether 00:0c:29:95:9b:1b txqueuelen 1000 (Ethernet) RX packets 189bytes 26901 (KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 83 bytes 10980 (10.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 05, Configure client test host fixed IP address And shut down the proxy server

6. Test agent service

View the httpd service access log [root@localhost ~] # tail-1 / etc/httpd/logs/access_log 12.0.0.1-[04/Dec/2019:19:57:53 + 0800] "GET / favicon.ico HTTP/1.1" 404209 "-" Mozilla/5.0 (Windows NT 10.0; Win64) on the web server X64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 "# you can see the [root@localhost ~] # accessed by the IP address of the proxy server

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.