Squid 3.3.1代理服务器安装与基本配置

 未分类  Add comments
2 月 232013
 

在CentOS6.3最小化安装环境中需要安装的软件包

[root@squid ~]# yum install wget gcc gcc-c++ make perl

编译安装Squid

 [root@squid ~]# cd squid-3.3.1
 [root@squid squid-3.3.1]# ./configure --prefix=/usr/local/squid
 [root@squid squid-3.3.1]# make all
 [root@squid squid-3.3.1]# make install

安装完成后查看安装文件目录及配置文件

 [root@squid squid-3.3.1]# cd /usr/local/squid/
 [root@squid squid]# ls
 bin etc include lib libexec sbin share var
 [root@squid squid]# ls etc/
 cachemgr.conf mime.conf squid.conf
 cachemgr.conf.default mime.conf.default squid.conf.default
 errorpage.css msntauth.conf squid.conf.documented
 errorpage.css.default msntauth.conf.default
 [root@squid squid]#

初始化前准备工作

赋予相关目录写权限

 [root@squid etc]# chmod -R 777 /usr/local/squid/var/

指定主机名

 [root@squid etc]# vi squid.conf
 visible_hostname 192.168.11.181

指定cache_mem大小

查看当前系统内存

 [root@squid ~]# free
 total used free shared buffers cached
 Mem: 4019920 521536 3498384 0 34080 420512
 -/+ buffers/cache: 66944 3952976
 Swap: 4161528 0 4161528
 [root@squid ~]#
[root@squid etc]# vi squid.conf
 cache_mem 2048 MB

指定缓存目录

61 # Uncomment and adjust the following to add a disk cache directory.
62 #cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
cache_dir ufs /usr/local/squid/var/cache/squid 4096 16 256

错误分析

 2013/02/24 11:27:16 kid1| WARNING cache_mem is larger than total disk cache space!

磁盘缓存空间须大于内存缓存空间

初始化cache

[root@squid sbin]# ./squid -z
 [root@squid sbin]# 2013/02/24 11:50:36 kid1| Creating missing swap directories
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/00
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/01
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/02
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/03
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/04
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/05
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/06
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/07
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/08
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/09
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0A
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0B
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0C
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0D
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0E
 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0F
 [root@squid sbin]#

测试配置

 [root@squid sbin]# ./squid -N -d 1

查看服务监听状态

 [root@squid ~]# netstat -ltu |grep squid
 tcp 0 0 *:squid *:* LISTEN
 [root@squid ~]# netstat -lutn |grep 3128
 tcp 0 0 :::3128 :::* LISTEN
 [root@squid ~]#

修改浏览器设置

squid-proxy-0301

访问Internet站点

squid-proxy-0302

查看squid access日志记录

squid-proxy-0303

浏览器设置代理前后IP地址的变化

squid-proxy-0201

squid-proxy-0202

启动和关闭squid

[root@squid sbin]# ./squid -s
[root@squid sbin]# netstat -ltu |grep squid
tcp 0 0 *:squid *:* LISTEN 
[root@squid sbin]# ps aux |grep squid
root 17519 0.0 0.0 9136 1540 ? Ss 12:46 0:00 ./squid -s
nobody 17521 0.2 0.2 13540 8812 ? S 12:46 0:00 (squid-1) -s
nobody 17522 0.0 0.0 3628 964 ? S 12:46 0:00 (logfile-daemon)
 /usr/local/squid/var/logs/access.log
root 17528 0.0 0.0 4352 736 pts/1 S+ 12:46 0:00 grep squid
[root@squid sbin]# ./squid -k shutdown
[root@squid sbin]# netstat -ltu |grep squid
[root@squid sbin]#

squid命令参数

 [root@squid sbin]# ./squid -h
 Usage: squid [-cdhvzCFNRVYX] [-s | -l facility] [-f config-file]
 [-[au] port] [-k signal]
 -a port Specify HTTP port number (default: 3128).
 -d level Write debugging to stderr also.
 -f file Use given config-file instead of
 /usr/local/squid/etc/squid.conf
 -h Print help message.
 -k reconfigure|rotate|shutdown|interrupt|kill|debug|check|parse
 Parse configuration file, then send signal to
 running copy (except -k parse) and exit.
 -s | -l facility
 Enable logging to syslog.
 -u port Specify ICP port number (default: 3130), disable with 0.
 -v Print version.
 -z Create missing swap directories and then exit.
 -C Do not catch fatal signals.
 -D OBSOLETE. Scheduled for removal.
 -F Don't serve any requests until store is rebuilt.
 -N No daemon mode.
 -R Do not set REUSEADDR on port.
 -S Double-check swap during rebuild.
 -X Force full debugging.
 -Y Only return UDP_HIT or UDP_MISS_NOFETCH during fast reload.
 [root@squid sbin]#

系统默认最小化配置文件

# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on “localhost” is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/var/cache/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

相关下载:
(1)Squid 3.3.1

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)