squid

参考博客：https://www.cnblogs.com/cherishry/p/5706736.html

安装

yum isntall squid
yum install supervisor
yum install httpd

配置用户密码

htpasswd -c /etc/squid/passwd {主机名}

配置文件

[root@b6 squid]# egrep '^[1]' /etc/squid/squid.conf
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http 允许安全更新的端口为80
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT #请求方法以CONNECT
acl OverConnLimit maxconn 16 #限制每个IP最大允许16个连接，防止攻击

用户认证

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
acl b6 proxy_auth REQUIRED
http_access allow b6

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet #允许本地网段使用
http_access allow localhost
http_access deny all #拒绝所有
http_port 3128 #端口
cache_dir ufs /var/spool/squid_cache 100 16 256 #定义squid的cache 存放路径，cache目录容量（单位M），一级缓存目录数量、二级缓存目录数量
coredump_dir /var/spool/squid_coredump
access_log /var/log/squid/access.log #log文件存放路径和日志格式
cache_log /var/log/squid/cache.log #设置缓存日志

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320

高匿配置（高匿代理让别人根本无法发现你是用代理）

request_header_access Via deny all
request_header_access X-Forwarded-For deny all

管理员邮箱

cache_mgr 123@test.com

检查配置文件

[root@b6 ~]# squid -k check
squid: ERROR: No running copy

初始化

[root@b6 ~]# squid -z

=============================

测试获取

http_proxy=http://b25:maixunsquid@192.168.241.25:3128 curl httpbin.org/get

===============================================

supervisor 管理

[root@linux-node1 supervisord.d]# cat squid.ini
[program:squid]
directory = /etc/squid/
command = squid -N -f squid.conf
autostart = true
autorestart = true
stdout_logfile = /var/log/squid/squid.log
redirect_stderr = true

[root@b6 ~]# supervisorctl
squid RUNNING pid 26497, uptime 19:25:39
supervisor> status
squid RUNNING pid 26497, uptime 19:25:42
supervisor>

==================================

报错：Ipc::Mem::Segment::create failed to shm_open(/squid-cf__queues.shm): (17) File exists

解决：
删除或移走 目录 /dev/shm 下的文件

mv squid-cf__metadata.shm squid-cf__metadata.shm.bak
mv squid-cf__queues.shm squid-cf__queues.shm.bak
mv squid-cf__readers.shm squid-cf__readers.shm.bak

---

1. a-z ↩︎