缓存加速----Squid
-----------------------------一.搭建Squid的传统模式
1.解压squid软件包
monut.cifs //192.168.1.150/qq-Download /mnt
cd /mnt
tar xzvf squid-3.4.6.tar.gz -C /opt
2.安装相关软件包
yum install gcc gcc-c++ make -y
3.配置服务模块,编译安装
cd /opt/squid-3.4.6/
./configure \
--prefix=/usr/local/squid \
--sysconfdir=/etc --enable-arp-acl \
--enable-linux-netfilter \
--enable-linux-tproxy \
--enable-async-io=100 \
--enable-err-language="Simplify_Chinese" \
--enable-underscore \
--enable-poll \
--enable-gnuregex
make && make install
4.创建软链接,优化服务控制方式
ln -s /usr/local/squid/sbin/squid /usr/local/sbin/
5.创建squid用户
useradd -M -s /sbin/nologin squid
6.修改squid中的var的属性
chown -R squid.squid /usr/local/squid/var/
7.编辑squid的配置文件
vim /etc/squid.conf
55 # And finally deny all other access to this proxy
56 http_access allow all
57 http_access deny all //允许所有用户访问
58
59 # Squid normally listens to port 3128
60 http_port 3128
61 cache_mem 64 MB //指定缓存功能所使用的内存空间大小
62 reply_body_max_size 10 MB //允许用户下载的最大文件大小
63 maximum_object_size 4096 KB //允许保存到缓存空间的最大对象大小
64 cache_effective_user squid //添加指定程序用户
65 cache_effective_group squid //添加指定账户基本组
66
67 # Uncomment and adjust the following to add a disk cache directory.
68 #cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
8.编辑防火墙规则
iptables -F //清除所有规则
iptables -I INPUT -p tcp --dport 3128 -j ACCEPT //允许目标端口3128做转发
9.检查语法并且开启服务
squid -k parse //检查配置文件语法
squid -z //初始化缓存目录
squid //启动服务
[root@squid ~]# netstat -natp | grep squid
tcp6 0 0 :::3128 :::* LISTEN 36414/(squid-1)
[root@squid ~]#
10.编辑脚本,优化服务控制方式(service 工具)
vim /etc/init.d/squid
#!/bin/bash
#chkconfig: 2345 90 25
PID="/usr/local/squid/var/run/squid.pid"
CONF="/etc/squid.conf"
CMD="/usr/local/squid/sbin/squid"
case "$1" in
start)
netstat -natp | grep squid &> /dev/null
if [ $? -eq 0 ]
then
echo "squid is running"
else
echo "正在启动 squid...."
echo "成功启动"
$CMD
fi
;;
stop)
$CMD -k kill &> /dev/null
rm -rf $PID &> /dev/null
;;
status)
[ -f $PID ] &> /dev/null
if [ $? -eq 0 ]
then
netstat -natp | grep squid
else
echo "squid is not running"
fi
;;
restart)
$0 stop &> /dev/null
echo "正在关闭 squid..."
echo "关闭成功"
$0 start &> /dev/null
echo "正在启动 squid..."
echo "启动成功"
;;
reload)
$CMD -k reconfigure
;;
check)
$CMD -k parse
;;
*)
echo "用法:$0{start|stop|status|reload|check|restart}"
;;
esac
chmod +x /etc/init.d/squid //添加服务执行权限
chkconfig --add squid //添加到service的服务列表
chkconfig --level 35 squid on //开机自启
[root@localhost ~]# service squid restart
正在关闭 squid...
关闭成功
正在启动 squid...
启动成功
[root@localhost ~]#
------------------------------------------Web服务器配置
[root@apache ~]# yum install httpd -y
systemctl stop firewalld.service
setenforce 0
systemctl start httpd.service
netstat -natp | grep 80
tcp 0 0 192.168.43.102:22 192.168.43.1:58000 ESTABLISHED 1372/sshd: root@pts
tcp6 0 0 :::80 :::* LISTEN 1633/httpd
----------------------------------------客户机Win10的配置
配置地址192.168.100.10
搜索代理,打开使用代理服务器
输入代理服务器地址 192.168.100.140 端口3128 点击保存
浏览器访问192.168.100.150
192.168.100.140 - - [06/Sep/2020:11:29:07 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1" 404 240 "http://192.168.100.150/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.113 Safari/537.36"
----------二.搭建Squid的透明模式
###配置squid服务器
1.配置网卡
ens33为NAT模式
ens36为仅主机模式
cd /etc/sysconfig/network-scripts/
cp -p ifcfg-ens33 ifcfg-ens36
vim ifcfg-ens36
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens36"
DEVICE="ens36"
ONBOOT="yes"
IPADDR="192.168.10.1" '这个地址是客户机的网关'
PREFIX="24"
IPV6_PRIVACY="no"
~
service network restart
[root@squid network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.140 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::7264:7578:de4e:190 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:17:9c:75 txqueuelen 1000 (Ethernet)
RX packets 96630 bytes 110402508 (105.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 94922 bytes 172796714 (164.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
[root@squid ~]#
2.配置路由转发功能
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl -p '使其生效'
3.配置squid文件
vim /etc/squid.conf
59 # Squid normally listens to port 3128
60 http_port 192.168.10.1:3128 transparent 配置网卡网关地址及端口
service squid restart
4.添加防火墙规则
iptables -F //清空规则
iptables -t nat -F
iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
iptables -t nat -I PREROUTING -i ens36 -s 192.168.10.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
iptables -I INPUT -p tcp --dport 3128 -j ACCEPT
####配置web服务器 nat模式
yum install httpd -y
route add -net 192.168.10.0/24 gw 192.168.100.140 //添加静态路由 下一跳
systemctl stop firewalld.service
setenforce 0
###配置客户端,虚拟机处于仅主机模式
客户机配置192.168.10.10 网关192.168.10.1
[root@localhost ~]# service network restart
Restarting network (via systemctl): [ 确定 ]
验证服务
浏览器访问192.168.100.150
192.168.100.140 - - [06/Sep/2020:13:38:53 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1" 404 240 "http://192.168.100.150/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.113 Safari/537.36"
