Squid proxy server

One 、squid Proxy server overview ;

Two 、squid Proxy server mode ;

3、 ... and 、 Case study ： build squid Proxy traditional proxy server ;

One 、squid Proxy server overview ;

summary ：Squid Cache（ Referred to as Squid） yes http proxy server Software .Squid A wide range of uses , Sure As a cache server, you can also act as a cache proxy server , Delegate users to web The server requests data and caches it , Can filter traffic to help network security , It can also be used as a link in the proxy server chain , Forward data to superior agent or connect to Internet directly . It can also be used in a local area network , Make LAN users surf the Internet through agents ;

Squid Cache data in memory , Also cache DNS Search results , besides , It also supports non modular DNS Inquire about , Passive caching of failed requests .Squid Support SSL, Support access control ;

advantage ：

1. Improve client access speed ;

2. Concealing the internal host ip Address ;

3. Simple deployment , Access control can be achieved ;

Two 、squid Proxy server mode ;

Traditional agency ：

Transparent proxy ：

Reverse proxy ：

3、 ... and 、 Case study ： build squid Traditional proxy server ;

Case Topology ：

Case environment ：

Case steps ：

Ø Foundation setting , Configuration Topology （ Network parameters 、 Firewall rules, etc ）;

Ø install squid Node squid service ;

Ø To configure squid Node squid Service and start ;

Ø Test the intranet win7 Whether the client can access the Internet normally ;

Ø Configure the intranet win7 The proxy server of the client ;

Ø Test the intranet win7 Whether the client can access the Internet normally ;

Ø Expand ： When the internal client host is linux System , Set the proxy as follows ：

Ø Autonomous Learning ：1.squid ACL Configuration of , Implement access control ;

Ø Autonomous Learning ：2.squid Configuration of transparent proxy ;

Ø Foundation setting , Configuration Topology （ Network parameters 、 Firewall rules, etc ）;

[[email protected] ~]# ip a|grep 192.168.100.101

    inet 192.168.100.101/24 brd 192.168.100.255 scope global eth0

[[email protected] ~]# ip r|grep 192.168.100.100

default via 192.168.100.100 dev eth0 proto static metric 100

[[email protected] ~]# ping -c 2 www.baidu.com

PING www.a.shifen.com (111.13.100.92) 56(84) bytes of data.

64 bytes from 111.13.100.92 (111.13.100.92): icmp_seq=1 ttl=127 time=16.1 ms

64 bytes from 111.13.100.92 (111.13.100.92): icmp_seq=2 ttl=127 time=17.7 ms

Ø install squid Node squid service ;

[[email protected] ~]# ls squid-3.4.6.tar.gz

squid-3.4.6.tar.gz

[[email protected] ~]# tar zxvf root/squid-3.4.6.tar.gz -C usr/src/

[[email protected] ~]# cd usr/src/squid-3.4.6

[[email protected] ~]# ./configure --prefix=/usr/local/squid --sysconfdir=/etc --enable-arp-acl --enable-linux-netfilter --enable--linux-tproxy --enable-async-io=100 --enable-err-language="Simplify_Chinese" --enable-underscore --enable-poll --enable-gnuregex

[[email protected] ~]# make &&make install

annotation ：

--prefix： Specify installation path

--sysconfdir： Specify the profile path

--enable-arp-acl ： Can be specified in the configuration file acl The rules , Implement access control

--enable-linux-netfilter： have access to iptables Kernel filtering for

--enable-linux-tproxy： Support transparent mode

--enable-async-io： asynchronous I/O, Improve storage performance , Specify cache space size

--enable-err-language： The language in which the error message is displayed

--enable-underscore： allow URL There is an underline in

--enable-poll： Use Poll Pattern , Lifting performance

--enable-gnregex： Use GNU Regular expressions

Ø To configure squid Node squid Service and start ;

[[email protected] ~]# ln -s usr/local/squid/sbin/* usr/local/sbin/      

[[email protected] ~]# useradd -M -s sbin/nologin squid

[[email protected] ~]# chown -R squid:squid /usr/local/squid/var/                     ## take squid Cache path setting attribution

[[email protected] ~]# vi /etc/squid.conf                                                               ## Append at the end

visible_hostname squid.linuxfan.cn                   ## Host name , Avoid reverse parsing during startup

cache_mem 64 MB　　　                                   ## Provide extra to squid Memory used ,squid The total memory used is X   *10+15+“cache_mem”, among X by squid Of cache Occupied capacity （ With GB In units of ）, Like the following cache Size is 100M, namely 0.1GB, The total memory usage is 0.1*10+15+64=80M, The recommended size is... Of physical memory 1/3-1/2 Or more .

maximum_object_size 4 MB                              ## Set up squid Disk cache maximum files , exceed 4M Files are not saved to the hard disk

minimum_object_size 0 KB 　                             ## Set up squid Disk cache minimum file size

maximum_object_size_in_memory 4096 KB    ## Set up squid Memory cache maximum files , exceed 4M The file is not saved to memory

cache_dir ufs /usr/local/squid/var/cache/squid 100 16  256  　　              ## Definition squid Of cache Storage path 、cache Directory capacity （ Company M）、 Number of first level cache directories 、 Number of secondary cache directories

:wq

[[email protected] ~]# sed -i '/^http_port/a cache_effective_user squid\ncache_effective_group squid' /etc/squid.conf

[[email protected] ~]# sed -i '55ahttp_access allow all' /etc/squid.conf                ## Set up acl The policy is to allow all , Must be in deny front

[[email protected] ~]# sed -i '59areply_body_max_size 10 MB' /etc/squid.conf  ## The maximum file size allowed to download is 10M

[[email protected] ~]# vi /etc/init.d/squid

#!/bin/bash

# chkconfig: 35 90 25

# config file:/etc/squid.conf

# Description: squid - internet object cache.

PID="/usr/local/squid/var/run/squid.pid"

CONF="/etc/squid.conf"

CMD="/usr/local/squid/sbin/squid"

case "$1" in

       start)

              netstat -utpln |grep squid &>/dev/null

              if [ $? -eq 0 ];then

                     echo "squid is running."

              else

                     echo "squid is starting."

                     $CMD

              fi

       ;;

       stop)

              $CMD -k kill &>/dev/null

              rm -rf $PID &>/dev/null

              echo "squid is stoped."

       ;;

       status)

              [ -f $PID ] &>/dev/null

              if [ $? -eq 0 ];then

                     netstat -anpt |grep squid

              else

                     echo "squid is not running" &&/bin/false

              fi

       ;;

       restart)

              $0 stop

              $0 start

       ;;

       reload)

              $CMD -k reconfigure

       ;;

       check)

              $CMD -k parse

       ;;

       *)

       echo "Usage:$0 {start|stop|restart|reload|check|status}"

       exit 1

       ;;

esac

[[email protected] ~]# chmod +x /etc/init.d/squid

[[email protected] ~]# chkconfig --add squid

[[email protected] ~]# chkconfig squid on

[[email protected] ~]# squid -z                                                          ## Initialize cache directory

[[email protected] ~]# squid                                                          ## Start the service

[[email protected] ~]# netstat -utpln |grep 3128

tcp        0      0 :::3128                     :::*                        LISTEN      35833/(squid-1) 

Ø Test the intranet win7 Whether the client can access the Internet normally ;

Ø Configure the intranet win7 The proxy server of the client ;

Ø Test the intranet win7 Whether the client can access the Internet normally ;

Ø Expand ： When the internal client host is linux System , Set the proxy as follows ：

[[email protected] ~]# cat < >/etc/profile

HTTP_PROXY=http://192.168.100.101:3128

HTTPS_PROXY=http://192.168.100.101:3128

FTP_PROXY=http://192.168.100.101:3128

NO_PROXY=192.168.100.100

export HTTP_PROXY HTTPS_PROXY FTP_PROXY NO_PROXY

END

[[email protected] ~]# source /etc/profile

Ø Autonomous Learning ：1.squid ACL Configuration of , Implement access control ;

Ø Autonomous Learning ：2.squid Configuration of transparent proxy ;