久久久久久久视色,久久电影免费精品,中文亚洲欧美乱码在线观看,在线免费播放AV片

<center id="vfaef"><input id="vfaef"><table id="vfaef"></table></input></center>

<p id="vfaef"><kbd id="vfaef"></kbd></p>

<pre id="vfaef"><u id="vfaef"></u></pre>

<thead id="vfaef"><input id="vfaef"></input></thead>

當(dāng)前位置：站長資訊網(wǎng) > 服務(wù)器技術(shù) > 正文

Linux基礎(chǔ)入門教程-使用Squid部署代理緩存服務(wù)

2018-11-12 分類：服務(wù)器技術(shù) 閱讀(1132) 評(píng)論(0)

使用Squid部署代理緩存服務(wù)

Squid是Linux系統(tǒng)中最為流行的一款高性能代理服務(wù)軟件,通常作為Web網(wǎng)站的前置緩存服務(wù),能夠代替用戶向網(wǎng)站服務(wù)器請(qǐng)求頁面數(shù)據(jù)并進(jìn)行緩存。Squid服務(wù)配置簡單、效率高、更能豐富，可以基于多種條件禁止用戶訪問存在威脅或不適宜的網(wǎng)站資源,因此可以保護(hù)企業(yè)內(nèi)網(wǎng)的安全,提升用戶的網(wǎng)絡(luò)體驗(yàn),幫助節(jié)省網(wǎng)絡(luò)帶寬.

配置Squid服務(wù)程序

首先準(zhǔn)備兩臺(tái)虛擬機(jī),一臺(tái)用做Squid服務(wù)器,一臺(tái)用作Squid客戶端.

主機(jī)	操作系統(tǒng)	IP地址
Squid服務(wù)器	RHEL7	172.16.10.20
Squid客戶端	CentOS7	172.16.10.10

[root@Squid-Server ~]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
64 bytes from 61.135.169.121 (61.135.169.121): icmp_seq=1 ttl=128 time=38.0 ms
64 bytes from 61.135.169.121 (61.135.169.121): icmp_seq=2 ttl=128 time=37.9 ms

//安裝Squid服務(wù)
[root@Squid-Server ~]# yum install squid
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
dvd | 4.1 kB 00:00:00
Resolving Dependencies
–> Running transaction check
—> Package squid.x86_64 7:3.5.20-10.el7 will be installed
–> Processing Dependency: perl(DBI) for package: 7:squid-3.5.20-10.el7.x86_64
–> Processing Dependency: perl(Digest::MD5) for package: 7:squid-3.5.20-10.el7.x86_64
–> Processing Dependency: squid-migration-script for package: 7:squid-3.5.20-10.el7.x86_64
–> Processing Dependency: libecap.so.3()(64bit) for package: 7:squid-3.5.20-10.el7.x86_64
–> Running transaction check
—> Package libecap.x86_64 0:1.0.0-1.el7 will be installed
—> Package perl-DBI.x86_64 0:1.627-4.el7 will be installed
–> Processing Dependency: perl(RPC::PlClient) >= 0.2000 for package: perl-DBI-1.627-4.el7.x86_64
–> Processing Dependency: perl(RPC::PlServer) >= 0.2001 for package: perl-DBI-1.627-4.el7.x86_64
—> Package perl-Digest-MD5.x86_64 0:2.52-3.el7 will be installed
–> Processing Dependency: perl(Digest::base) >= 1.00 for package: perl-Digest-MD5-2.52-3.el7.x86_64
—> Package squid-migration-script.x86_64 7:3.5.20-10.el7 will be installed
–> Running transaction check
—> Package perl-Digest.noarch 0:1.17-245.el7 will be installed
—> Package perl-PlRPC.noarch 0:0.2020-14.el7 will be installed
–> Processing Dependency: perl(Net::Daemon) >= 0.13 for package: perl-PlRPC-0.2020-14.el7.noarch
–> Processing Dependency: perl(Compress::Zlib) for package: perl-PlRPC-0.2020-14.el7.noarch
–> Processing Dependency: perl(Net::Daemon::Log) for package: perl-PlRPC-0.2020-14.el7.noarch
–> Processing Dependency: perl(Net::Daemon::Test) for package: perl-PlRPC-0.2020-14.el7.noarch
–> Running transaction check
—> Package perl-IO-Compress.noarch 0:2.061-2.el7 will be installed
–> Processing Dependency: perl(Compress::Raw::Bzip2) >= 2.061 for package: perl-IO-Compress-2.061-2.el7.noarch
–> Processing Dependency: perl(Compress::Raw::Zlib) >= 2.061 for package: perl-IO-Compress-2.061-2.el7.noarch
—> Package perl-Net-Daemon.noarch 0:0.48-5.el7 will be installed
–> Running transaction check
—> Package perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 will be installed
—> Package perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================
Package Arch Version Repository Size
==========================================================================================
Installing:
squid x86_64 7:3.5.20-10.el7 dvd 3.1 M
Installing for dependencies:
libecap x86_64 1.0.0-1.el7 dvd 21 k
perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 dvd 32 k
perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 dvd 57 k
perl-DBI x86_64 1.627-4.el7 dvd 802 k
perl-Digest noarch 1.17-245.el7 dvd 23 k
perl-Digest-MD5 x86_64 2.52-3.el7 dvd 30 k
perl-IO-Compress noarch 2.061-2.el7 dvd 260 k
perl-Net-Daemon noarch 0.48-5.el7 dvd 51 k
perl-PlRPC noarch 0.2020-14.el7 dvd 36 k
squid-migration-script x86_64 7:3.5.20-10.el7 dvd 48 k

Transaction Summary
==========================================================================================
Install 1 Package (+10 Dependent packages)

Total download size: 4.4 M
Installed size: 14 M
Is this ok [y/d/N]: y
Downloading packages:
——————————————————————————————
Total 10 MB/s | 4.4 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64 1/11
Installing : perl-Digest-1.17-245.el7.noarch 2/11
Installing : perl-Digest-MD5-2.52-3.el7.x86_64 3/11
Installing : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64 4/11
Installing : perl-IO-Compress-2.061-2.el7.noarch 5/11
Installing : libecap-1.0.0-1.el7.x86_64 6/11
Installing : 7:squid-migration-script-3.5.20-10.el7.x86_64 7/11
Installing : perl-Net-Daemon-0.48-5.el7.noarch 8/11
Installing : perl-PlRPC-0.2020-14.el7.noarch 9/11
Installing : perl-DBI-1.627-4.el7.x86_64 10/11
Installing : 7:squid-3.5.20-10.el7.x86_64 11/11
Verifying : perl-Net-Daemon-0.48-5.el7.noarch 1/11
Verifying : 7:squid-migration-script-3.5.20-10.el7.x86_64 2/11
Verifying : perl-Digest-MD5-2.52-3.el7.x86_64 3/11
Verifying : libecap-1.0.0-1.el7.x86_64 4/11
Verifying : perl-IO-Compress-2.061-2.el7.noarch 5/11
Verifying : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64 6/11
Verifying : perl-Digest-1.17-245.el7.noarch 7/11
Verifying : perl-DBI-1.627-4.el7.x86_64 8/11
Verifying : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64 9/11
Verifying : perl-PlRPC-0.2020-14.el7.noarch 10/11
Verifying : 7:squid-3.5.20-10.el7.x86_64 11/11

Installed:
squid.x86_64 7:3.5.20-10.el7

Dependency Installed:
libecap.x86_64 0:1.0.0-1.el7
perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7
perl-DBI.x86_64 0:1.627-4.el7
perl-Digest.noarch 0:1.17-245.el7
perl-Digest-MD5.x86_64 0:2.52-3.el7
perl-IO-Compress.noarch 0:2.061-2.el7
perl-Net-Daemon.noarch 0:0.48-5.el7
perl-PlRPC.noarch 0:0.2020-14.el7
squid-migration-script.x86_64 7:3.5.20-10.el7

Complete!

參數(shù)	作用
http_port 3128	監(jiān)聽的端口號(hào)
cache_mem 64M	內(nèi)存緩沖區(qū)的大小
cache_dir ufs /var/spool/squid 2000 16 256	硬盤緩沖區(qū)的大小
cache_effective_user squid	設(shè)置緩存的有效用戶
cache_effective_group squid	設(shè)置緩存的有效用戶組
dns_nameservers [IP地址]	一般不設(shè)置,而是用服務(wù)器默認(rèn)的DNS地址
cache_access_log /var/log/squid/access.log	訪問日志文件的保存路徑
cache_log /var/log/squid/cache.log	緩存日志文件的保存路徑
visible_hostname [Name]	設(shè)置Squid服務(wù)器的名稱

標(biāo)準(zhǔn)正向代理
//啟動(dòng)服務(wù)加入開機(jī)啟動(dòng)項(xiàng)
[root@Squid-Server ~]# systemctl restart squid
[root@Squid-Server ~]# systemctl enable squid
Created symlink from /etc/systemd/system/multi-user.target.wants/squid.service to /usr/lib/systemd/system/squid.service.

52 http_access allow localnet
53 http_access allow localhost
54
55 # And finally deny all other access to this proxy
56 http_access deny all
57
58 # Squid normally listens to port 3128
59 http_port 3128

如果你開啟了防火墻和Selinux又更改了默認(rèn)端口號(hào)需要對(duì)端口進(jìn)行放行
//查看
semanage port -l | grep squid_port_t
//添加新的端口號(hào)
semanage port -a -t squid_port_t -p tcp 10000
//再次查看
semanage port -l | grep squid_port_t

實(shí)驗(yàn)1: 只允許IP地址為172.16.10.10的客戶端使用服務(wù)器上的Squid服務(wù)程序提供的代理服務(wù),禁止其余所有主機(jī)代理請(qǐng)求
#################################################################
27 acl client src 172.16.10.10
28 #################################################################
29 #
30 # Recommended minimum Access Permission configuration:
31 #
32 # Deny requests to certain unsafe ports
33 #################################################################
34 http_access allow client
35 http_access deny all
36 #################################################################
37 http_access deny !Safe_ports

更改客戶端的IP地址,再次嘗試聯(lián)網(wǎng)發(fā)現(xiàn)無法上網(wǎng)了,代理服務(wù)器拒絕連接.

實(shí)驗(yàn)2: 禁止所有客戶端訪問網(wǎng)址中包含linux關(guān)鍵詞的網(wǎng)站.
#################################################################
27 #acl client src 172.16.10.10
28 acl deny_keyword url_regex -i linux
29 #################################################################
30 #
31 # Recommended minimum Access Permission configuration:
32 #
33 # Deny requests to certain unsafe ports
34 #################################################################
35 #http_access allow client
36 http_access deny deny_keyword
37 #http_access deny all

訪問含有l(wèi)inux關(guān)鍵字的網(wǎng)址時(shí)被拒絕.

實(shí)驗(yàn)3: 禁止所有客戶端訪問某個(gè)特定的網(wǎng)站
#################################################################
27 #acl client src 172.16.10.10
28 #acl deny_keyword url_regex -i linux
29 acl deny_url url_regex http://www.linuxidc.com
30 #################################################################
31 #
32 # Recommended minimum Access Permission configuration:
33 #
34 # Deny requests to certain unsafe ports
35 #################################################################
36 #http_access allow client
37 #http_access deny deny_keyword
38 http_access deny deny_url
39 #http_access deny all
40 #################################################################
41 http_access deny !Safe_ports
42
43 # Deny CONNECT to other than secure SSL ports
44 http_access deny CONNECT !SSL_ports

訪問指定網(wǎng)址被拒絕.訪問其他網(wǎng)址正常訪問.

實(shí)驗(yàn)4: 禁止員工在企業(yè)網(wǎng)內(nèi)部下載帶有某些后綴的文件
#################################################################
#acl client src 172.16.10.10
#acl deny_keyword url_regex -i linux
#acl deny_url url_regex http://www.linuxidc.com
acl badfile urlpath_regex -i .rar$ .avi$
#################################################################
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
#################################################################
#http_access allow client
#http_access deny deny_keyword
#http_access deny deny_url
#http_access deny all
http_access deny badfile
#################################################################
http_access deny !Safe_ports

透明正向代理
//客戶端取消代理,網(wǎng)關(guān)指向squid服務(wù)器地址
[root@Squid-Server ~]# echo “net.ipv4.ip_forward=1” >> /etc/sysctl.conf
[root@Squid-Server ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@Squid-Server ~]# iptables -t nat -A POSTROUTING -p udp –dport 53 -o ens35 -j MASQUERADE
此處網(wǎng)卡為對(duì)外的網(wǎng)卡

72 http_port 3128 transparent
73
74 # Uncomment and adjust the following to add a disk cache directory.
75 cache_dir ufs /var/spool/squid 100 16 256
[root@Squid-Server ~]# squid -k parse
[root@Squid-Server ~]# squid -z
2018/08/23 10:39:30| Squid is already running! Process ID 2299
[root@Squid-Server ~]# iptables -t nat -A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-port 3128
[root@Squid-Server ~]# iptables -t nat -A POSTROUTING -s 172.16.10.0/24 -o ens35 -j SNAT –to 192.168.56.15
//此處網(wǎng)卡為對(duì)外的網(wǎng)卡
[root@Squid-Server ~]# service iptables save

反向代理
//主機(jī)設(shè)為NAT或者DHCP模式,配置文件編輯如下
http_port 192.168.56.15:80 vhost
cache_peer 39.104.16.126 parent 80 0 originserver

當(dāng)你訪問本機(jī)IP時(shí)訪問的卻是目標(biāo)站點(diǎn)

更多Squid相關(guān)教程見以下內(nèi)容：

Linux下Squid代理緩存服務(wù)環(huán)境部署 http://www.sfodin.cn/Linux/2016-10/136594.htm
Squid：實(shí)現(xiàn)高速的Web訪問 http://www.sfodin.cn/Linux/2013-04/83512.htm
CentOS 6.2 編譯安裝Squid 配置反向代理服務(wù)器 http://www.sfodin.cn/Linux/2012-11/74529.htm
Squid代理http和https方式上網(wǎng)的操作記錄 http://www.sfodin.cn/Linux/2017-02/140398.htm
Squid代理服務(wù)器搭建及配置 http://www.sfodin.cn/Linux/2016-03/129392.htm
CentOS 6.4下DNS+Squid+Nginx+MySQL搭建高可用Web服務(wù)器 http://www.sfodin.cn/Linux/2014-04/99984.htm
配置squid代理服務(wù)器加快網(wǎng)站訪問速度 http://www.sfodin.cn/Linux/2017-05/143460.htm

贊(0)

標(biāo)簽：AI centos Centos7 IDC linux Linux系統(tǒng)list NEC nginx ping word 關(guān)鍵字內(nèi)存操作系統(tǒng)服務(wù)器硬盤虛擬機(jī)

相關(guān)推薦

網(wǎng)站地圖滬ICP備18035694號(hào)-2

滬公網(wǎng)安備31011702889846號(hào)