squid搭建代理

1.1 目的或背景

万得数据部门需要海外相关数据,但由于GFW的缘故,中国大陆直接访问海外网站会遇到诸多问题,因此需要在香港搭建一台代理服务器,以此解决相关问题。

专注于为中小企业提供网站建设、成都网站制作服务,电脑端+手机端+微信端的三站合一,更高效的管理,为中小企业威宁免费做网站提供优质的服务。我们立足成都,凝聚了一批互联网行业人才,有力地推动了上千家企业的稳健成长,帮助中小企业通过网站建设实现规模扩充和转变。

1.1 部署Squid

1.1.1获取软件

从squid的官方站点:http://www.squid-cache.org/

可以下载源代码包,也可以下载RPM包。该文档介绍源代码安装。

1.1.2安装软件

1.      将下载文件拷贝到

hkproxy:/usr/local/src# dir

-rw-r--r--  1 root        root   4828446  7月  1 22:14 squid-3.5.20.tar.gz

2.      解压安装包
hkproxy:/usr/local/src #tar zxvf squid-3.5.20.tar.gz

3.      进入到安装包
hkproxy:/usr/local/src # cd squid-3.5.20/

hkproxy:/usr/local/src/squid-3.5.20 #

4.      创建安装squid目录

hkproxy:/usr/local # mkdir squid

5.      添加squid用户

# useradd squid -g squid -s /bin/false

同时设置密码

创建组:

#groupadd squid

6.      ./configure安装

hkproxy:/usr/local/src/squid-3.5.20 #./configure--prefix=/usr/local/squid/ --enable-ssl --enable-underscore --enable-icmp--enable-kill-parent-hack --enable-gnuregex--enable-default-err-language="Simplify_Chinese" --with-large-files--with-default-user=squid --disable-loadable-modules

注:--prefix=/usr/local/squid/:Squid的安装目录,缺省值为/usr/local/squid;

 --enable-ssl:允许Squid终止SSL/TLS连接,仅对代理模式的加速请求有效;

--enable-underscores:允许主机名里包含下划线,但仍须考虑DNS解析程序可能会禁止主机名里包含下划线。

--enable-icmp:利用ICMP消息来确定回环时间(round-trip time),这类似于ping程序;

--enable-kill-parent-hack: 关掉squid的时候,要不要连同父进程一起关掉。

--enable-gnuregex:使用GNU正则表达式。

--enable-default-err-language=lang:错误消息采用的默认语言,英语是默认值。

--with-large-files:支持大文件

--with-default-user=squid  : 指定squid用户

--disable-loadable-modules :禁用加载动态的相关模块或预装的模块。在编译GCC的时候会报错,因此需要禁用该模块。

更多模块可以参考: ./configure –help

hkproxy:/usr/local/src/squid-3.5.20# ./configure --help | more

`configure'configures Squid Web Proxy 3.5.20 to adapt to many kinds of systems.

 

Usage: ./configure[OPTION]... [VAR=VALUE]...

 

To assignenvironment variables (e.g., CC, CFLAGS...), specify them as

VAR=VALUE.  See below for descriptions of some of theuseful variables.

 

Defaultsfor the options are specified in brackets.

 

Configuration:

  -h, --help              display this help and exit

      --help=short        display options specific to thispackage

      --help=recursive    display the short help of all the includedpackages

  -V, --version           display version information and exit

  -q, --quiet, --silent   do not print `checking ...' messages

      --cache-file=FILE   cache test results in FILE [disabled]

  -C, --config-cache      alias for `--cache-file=config.cache'

  -n, --no-create         do not create output files

      --srcdir=DIR        find the sources in DIR [configure diror `..']

 

Installationdirectories:

  --prefix=PREFIX         install architecture-independent filesin PREFIX

                          [/usr/local/squid]

  --exec-prefix=EPREFIX   install architecture-dependent files inEPREFIX

                          [PREFIX]

 

Bydefault, `make install' will install all the files in

`/usr/local/squid/bin',`/usr/local/squid/lib' etc.  You canspecify

aninstallation prefix other than `/usr/local/squid' using `--prefix',

forinstance `--prefix=$HOME'.

 

For bettercontrol, use the options below.

 

Finetuning of the installation directories:

  --bindir=DIR            user executables [EPREFIX/bin]

  --sbindir=DIR           system admin executables[EPREFIX/sbin]

  --libexecdir=DIR        program executables [EPREFIX/libexec]

  --sysconfdir=DIR        read-only single-machine data[PREFIX/etc]

  --sharedstatedir=DIR    modifiable architecture-independent data[PREFIX/com]

  --localstatedir=DIR     modifiable single-machine data[PREFIX/var]

  --runstatedir=DIR       modifiable per-process data[LOCALSTATEDIR/run]

  --libdir=DIR            object code libraries [EPREFIX/lib]

  --includedir=DIR        C header files [PREFIX/include]

  --oldincludedir=DIR     C header files for non-gcc [/usr/include]

  --datarootdir=DIR       read-only arch.-independent data root[PREFIX/share]

  --datadir=DIR           read-only architecture-independentdata [DATAROOTDIR]

  --infodir=DIR           info documentation[DATAROOTDIR/info]

  --localedir=DIR         locale-dependent data[DATAROOTDIR/locale]

  --mandir=DIR            man documentation [DATAROOTDIR/man]

  --docdir=DIR            documentation root[DATAROOTDIR/doc/squid]

  --htmldir=DIR           html documentation [DOCDIR]

  --dvidir=DIR            dvi documentation [DOCDIR]

  --pdfdir=DIR            pdf documentation [DOCDIR]

  --psdir=DIR             ps documentation [DOCDIR]

 

 

7.      如果configure安装报错,我遇到的是没有安装GCC编译器,因此需要安装该插件。

直接suse 的yast工具安装。

      squid搭建代理                       

8.      Make 编译

hkproxy:/usr/local/src/squid-3.5.20 # make  #大约4分钟

9.      Make install 安装

hkproxy:/usr/local/src/squid-3.5.20 # make install

10.  将安装目录的权限进行调整。

chown -R squid:squid /usr/local/squid/

11.  启动

hkproxy:/usr/local/squid/sbin # ./squid

12.  查看默认侦听端口是否启动,默认是3128,我更改为3129了。

hkproxy:/usr/local/squid/sbin# netstat -an | grep "3129"

tcp        0     0 :::3129                :::*                    LISTEN     

tcp        0     0 10.90.5.33:3129        10.200.1.12:2131       ESTABLISHED

 

1.1.3配置squid

Squid的配置文件squid.conf

#acllocalnet src 10.0.0.0/8    # RFC1918possible internal network

#acllocalnet src 172.16.0.0/12 # RFC1918 possible internal network

#acllocalnet src 192.168.0.0/16        #RFC1918 possible internal network

#acllocalnet src fc00::/7       # RFC 4193local private network range

#acllocalnet src fe80::/10      # RFC 4291link-local (directly plugged) machines

#acllocalnet src 222.66.202.206/32

#acllocalnet src 58.247.3.26/32

acllocalnet src 10.200.1.12/32

acllocalnet src 10.100.4.3/32

acllocalnet src 10.200.0.8/32

acllocalnet src 10.200.6.228/32

acllocalnet src 10.200.4.63/32

aclSSL_ports port 443

aclSafe_ports port 80          # http

aclSafe_ports port 21          # ftp

aclSafe_ports port 443         # https

aclSafe_ports port 70          # gopher

acl Safe_portsport 210         # wais

aclSafe_ports port 1025-65535  #unregistered ports

aclSafe_ports port 280         # http-mgmt

aclSafe_ports port 488         # gss-http

aclSafe_ports port 591         # filemaker

aclSafe_ports port 777         # multilinghttp

acl CONNECT method CONNECT

 

# Squidnormally listens to port 3128

http_port 3129

将squid.conf配置文件变更后,通过命令重新加载

hkproxy:/usr/local/squid/etc # /usr/local/squid/sbin/squid –k  reconfigure

其它操作,请参考帮助:
 hkproxy:/usr/local/squid/etc #/usr/local/squid/sbin/squid –k 

hkproxy:/usr/local/squid/etc# /usr/local/squid/sbin/squid -k

/usr/local/squid/sbin/squid:option requires an argument -- 'k'

Usage:squid [-cdhvzCFNRVYX] [-n name] [-s | -l facility] [-f config-file] [-[au]port] [-k signal]

       -a port  Specify HTTP port number (default: 3128).

       -d level Write debugging to stderr also.

       -f file  Use given config-file instead of

                /usr/local/squid/etc/squid.conf

       -h       Print help message.

       -k reconfigure|rotate|shutdown|restart|interrupt|kill|debug|check|parse

                 Parse configuration file, thensend signal to

                 running copy (except -k parse)and exit.

       -n name  Specify service name to use for service operations

                 default is: squid.

       -s | -l facility

                 Enable logging to syslog.

       -u port  Specify ICP port number (default: 3130), disable with 0.

       -v       Print version.

       -z       Create missing swap directories and then exit.

       -C       Do not catch fatal signals.

       -D       OBSOLETE. Scheduled for removal.

       -F       Don't serve any requests until store is rebuilt.

       -N       No daemon mode.

       -R       Do not set REUSEADDR on port.

       -S       Double-check swap duringrebuild.

       -X       Force full debugging.

1.1.1客户端配置代理

 squid搭建代理

                             

 

至此可以浏览google了。。。。

squid搭建代理

1.1.1查看代理的访问记录

hkproxy:/usr/local/squid/var/logs #cat access.log  | more

1468291506.630    183 10.100.4.3 TCP_TUNNEL/200 848 CONNECTwww.google.com:443 - HIER_DIRECT/216.58.203.4 -

1468291506.791    877 10.100.4.3 TCP_TUNNEL/200 1626 CONNECTad.afy11.net:443 - HIER_DIRECT/74.117.199.102 -

1468291506.798 20 10.100.4.3TCP_MISS/200 842 GEThttp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBkrTynxASad- HIER_DIRECT/216.58.199.14 application/ocsp-response

1468291506.824    828 10.100.4.3 TCP_TUNNEL/200 43033 CONNECTfw.adsafeprotected.com:443 - HIER_DIRECT/52.196.221.84 -

1468291506.831    88010.100.4.3 TCP_TUNNEL/200 43033 CONNECT fw.adsafeprotected.com:443 -HIER_DIRECT/52.196.221.84 -


本文题目:squid搭建代理
标题链接:http://myzitong.com/article/gjhigc.html