Squid Proxy

目录

• 前言
• 服务端
• 客户端
  • windows
  • centos7
  • ubuntu18+
• 故障处理
• 常用源
  • ubuntu
  • centos

前言

关于squid的这种应用详细原理这里不做赘述，推荐大家看了一下马哥教育对squid服务的详解，我们这里更多的关注的squid的使用

我们公司内部使用squid做代理服务，在某天突然坏了，我搞了五天，还没有修复，终于在第五天的凌晨才修复，通过这次故障处理，我也成长了很多；从头到尾把这次过程梳理一下。其实这个问题可以更快的解决，我虽然大概知道了问题所在，但是却犹犹豫豫，没有真正仔细的面对自己的判断，没有仔细看日志，白白浪费了好多天的时间。

拓扑描述：

服务端两个网卡，可以上网的网卡IP为192.168.0.100，连接内网的网卡的IP是192.168.10.10

客户端的IP都位于192.168.10.x网段，上网需要通过设置代理的服务端的IP即：192.168.10.10

服务端

服务的搭建相当简单，就简单的几条命令就搞定了。

## Centos7
# 创建一个不能登录的用户erbu，密码设置为123456，让客户端使用
# 有的的时候客户端在使用代理的时候必须指定代理的用户名和密码，但我们又不能给客户端root密码，让用一个普通用户即可。

useradd -s /sbin/nologin erbu && echo 123456 | passwd --stdin erbu

yum -y install squid
vim /etc/squid/squid.conf
	acl lanhome1 src 192.168.0.2/32
	http_access allow lanhmoe1
systemctl restart squid && ss -tnlp | grep 3128 && systemctl enable squid
systemctl stop firewalld && systemctl disable firewalld

建议我们在搭建客户端的时候最好使用自己擅长的操作系统，我比较擅长centos，所以就假设我们的服务端是centos，因为ubuntu不太方便，比如ubuntu默认不允许root直接登录，普通用户默认拥有sudo到root的权限，squid默认的配置文件 废话太多，尽管上述几个缺点可以通过修改配置文件改变，但我就是不愿意费这个事，就直接使用centos做为服务端。

客户端

服务端的搭建比较简单，因为方法比较固定，但是客户端使用方法有很多。

windows

widows只要在设置当中开启代理 ，指定服务端的IP+端口即可，早年间我在某个单位出差的时候发现，他们的很多电脑没有设置网关，却能正常的打开百度搜索，我非常惊讶，后来发现原是设置了代理 。

centos7

在centos7当中，我们用代理往往是为了安装软件，比如yum、pip

-------------------------------------------------------------------------------------
# wget
## 第一种方法，在命令行当中直接指代理的IP和端口，如下所示，经测试成功，值得一提的是我的代理服务端应用是squid，套接字是10.100.0.9+3128，客户端直接指定IP+端口就能使用wget，根本不需要指定用户名和密码，但这种方法只能下载http协议的东西，对https的东西是无法下载的；
wget http://www.baidu.com -e use_proxy=yes -e http_proxy=192.168.10.10:3128

## 想要下载https的东西，得这样，如下所示，将http改成https；
wget --no-check-certificate https://mirrors.aliyun.com/repo/Centos-7.repo -e use_proxy=yes -e https_proxy=192.168.10.10:3128

## 第二种方法,在wget的配置文件里面写，~/.wgetrc,新测有效；
http_proxy = http://192.168.10.10:3128
https_proxy = https://192.168.10.10:3128
ftp_proxy = http://192.168.10.10:3128
use_proxy = on
wait = 15
-------------------------------------------------------------------------------------
# yum
vim /etc/yum.conf
proxy=http://192.168.10.10:3128
proxy_username=erbu
proxy_password=123456
-------------------------------------------------------------------------------------
# pip
cd 
mkdir .pip
vim .pip/pip.conf
	[global]
	index-url=http://mirrors.aliyun.com/pypi/simple/
	[install]
	trusted-host=mirrors.aliyun.com

# 安装测试
pip install t5 --proxy="http://192.168.10.10:3128"
------------------------------------------------------------------------------------

windows可以这样，如下所示：

ubuntu18+

----------------------------------------------------------------------------------------------
# 加环境变量，放到.bashrc和/etc/profile是一样的效果
root@client:~# cat .bashrc | tail -4
export http_proxy='http://192.168.10.10:3128'
export https_proxy='http://192.168.10.10:3128'
export ftp_proxy='http://192.168.10.10:3128'
export no_proxy='localhost,127.0.0.1'

# 重读
root@client:~# source .bashrc

## 测试
apt update && apt install apache2 -y
----------------------------------------------------------------------------------------------
# pip 源设置
pip config list
pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
pip config list

或者

cd 
mkdir .pip
vim .pip/pip.conf
	[global]
	index-url=http://mirrors.aliyun.com/pypi/simple/
	[install]
	trusted-host=mirrors.aliyun.com

# 安装测试
pip install t5 --proxy="http://192.168.10.10:3128"
--------------------------------------------------------------------------------------------

故障处理

• 可以通过看查看3128端口的连接判断客户端是否已经连接到服务端

# 查看当前有哪些IP正在连接代理
netstat -n | grep 3128 | awk '{print $5}' | awk -F':' '{print $1}' | sort | uniq

• 当然细致的错误还得是看日志

## 排错相关，排错主要看这两个日志
ls /var/log/squid/
	access.log  cache.log

• MISS/503

cat /var/log/squid/access.log
1467339283.619  60229 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -
1467339292.627  61011 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -
1467339292.627  61014 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -

当时出现这个问题，我解决了一个星期，通过对比正常squid服务器的日志发现，日志当中只有IPV6的地址，而正常的服务器解析出来的是IPV4的地址，后来查找了一段时间发现可以通过在配置文件当中的添加：

dns_v4_first on

然后重启squid服务之后，恢复正常。

常用源

ubuntu

Ubuntu 的软件源配置文件是 /etc/apt/sources.list

##################16.04
deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main

deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe

deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe

##################18.04
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse

#################20.04
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse

#### 16.04
# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted universe multiverse

# 预发布软件源，不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse

########18.4
# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse

# 预发布软件源，不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse

#####20.04
# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse

# 预发布软件源，不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse

######21.04
# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-security main restricted universe multiverse

# 预发布软件源，不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-proposed main restricted universe multiverse

root@client:~# cat /proc/version
Linux version 5.13.0-19-generic (buildd@lgw01-amd64-013) (gcc (Ubuntu 11.2.0-7ubuntu2) 11.2.0, GNU ld (GNU Binutils for Ubuntu) 2.37) #19-Ubuntu SMP Thu Oct 7 21:58:00 UTC 2021
root@client:~# uname -a
Linux client 5.13.0-19-generic #19-Ubuntu SMP Thu Oct 7 21:58:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
root@client:~# cat /etc/apt/sources.list
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu impish main restricted
# deb-src http://archive.ubuntu.com/ubuntu impish main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu impish-updates main restricted
# deb-src http://archive.ubuntu.com/ubuntu impish-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu impish universe
# deb-src http://archive.ubuntu.com/ubuntu impish universe
deb http://archive.ubuntu.com/ubuntu impish-updates universe
# deb-src http://archive.ubuntu.com/ubuntu impish-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://archive.ubuntu.com/ubuntu impish multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish multiverse
deb http://archive.ubuntu.com/ubuntu impish-updates multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu impish-backports main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu impish partner
# deb-src http://archive.canonical.com/ubuntu impish partner

deb http://archive.ubuntu.com/ubuntu impish-security main restricted
# deb-src http://archive.ubuntu.com/ubuntu impish-security main restricted
deb http://archive.ubuntu.com/ubuntu impish-security universe
# deb-src http://archive.ubuntu.com/ubuntu impish-security universe
deb http://archive.ubuntu.com/ubuntu impish-security multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish-security multiverse

centos

centos官方镜像：https://www.centos.org/centos-linux/ 里面涵盖cnetos7和centos8，注意下载的时候别下载错了，我们通常要下载x86架构的，而不是arm架构的。
阿里云镜像：https://developer.aliyun.com/mirror/
清华源：https://mirrors.tuna.tsinghua.edu.cn

# centos7
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
或
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
# epel
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
--------------------------------------------------------------------------------
# centos8
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
或
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo