环境:
vim
/etc/sysconfig/network-scripts/ifcfg-ens192 #配置静态地址
更新yum源
cd /etc/yum.repos.d/
cp CentOS-Base.repo CentOS-Base.repo_BAK
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo
yum clean all
yum makecache
安装:
yum install squid
-y #安装squid程序
vim /etc/squid/squid.conf #编辑squid正向代理配置文件
squid -z # 初始化在squid.conf里配置的cache目录。如果有错误提示,请检查cache目录的权限,可以更改目录权限chown
-R squid:squid /cache目录
squid -k parse #对squid.conf排错,即验证squid.conf的语法和配置。如果在squid.conf中有语法或配置错误,这里会返回提示,若无返回,尝试启动squid
/usr/local/squid/sbin/squid -N -d1 #前台启动squid,并输出启动过程。如果有ready
to server reques相关信息,说明squid启动成功,然后ctrl+c ,停止squid,并以后台运行的方式启动它
squid -s #启动squid在后台运行。可以使用ps
-ax | grep squid 来查看squid进程是否存在
squid -k shutdown #停止squid
squid -k reconfigure
-f /XXX/squid.conf
#重新引导修改过的squid.conf。当squid进行配置更改后,可以使用该命令进行squid配置重载
vim /etc/rc.local #把squid添加到系统启动项
/usr/local/squid/sbin/squid -s
chown -R squid.squid /cache目录 修改cache缓存目录的权限cache缓存目录根据自己的配置更改,squid用户和组是squid,squid
修改squid日志目录的权限
chown -R squid.squid 定义的日志文件所在目录
这一步并不是适合每一个使用squid的用户,意为让squid有权限在该目录里进行写操作
查看你的日志文档
more /usr/local/squid/var/logs/access.log | grep TCP_MEM_HIT
该指令可以看到在squid运行过程中,有那些文件被squid缓存到内存中,并返回给访问用户。
more /usr/local/squid/var/logs/access.log | grep TCP_HIT
该指令可以看到在squid运行过程中,有那些文件被squid缓存到cache目录中,并返回给访问用户。
more /usr/local/squid/var/logs/access.log | grep TCP_MISS
该指令可以看到在squid运行过程中,有那些文件没有被squid缓存,而是从原始服务器获取并返回给访问用户。
实例配置:
/etc/squid/squid.conf
http_port 3128
cache_mem 512 MB
maximum_object_size 16 MB
cache_dir ufs /var/spool/squid 512 16 256
access_log /var/log/squid/access.log
acl localnet src 192.168.1.0/24
acl localnet src 192.168.30.0/24
acl local-Server dstdomain .xxx.com
acl denyweb dstdomain "/etc/squid/denyweb.list"
acl SSL_ports port 443
acl Safe_ports port 80 #Http
acl Safe_ports port 443 # https
acl Safe_ports port 4118 #xiangrikui_rmote
acl Safe_ports port 3000 #xiangrikui_rmote
acl Safe_ports port 7008-7024 #xiangrikui_rmote
acl CONNECT method CONNECT
acl conn maxconn 18
acl timelist time SMTWHFA 09:00-20:00
always_direct allow local-Server
http_access allow localnet Safe_ports timelist
http_access deny !Safe_ports
http_access deny denyweb
http_access deny conn
http_access deny !timelist
http_access deny CONNECT !SSL_ports
http_access deny all
#Anonymous access
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
#info
visible_hostname squid.xxx.com
cache_mgr admin@xxx.com
