|
|
楼主 |
发表于 2023-2-22 14:07:45
|
显示全部楼层
测试连通性
8 p5 o% n& i- C. @Windows下测试:
5 J8 U' b" T. y1 _+ B# ?& ]7 }7 B" m( e$ ]; Y8 r
使用SwitchyOmega工具,配置一条HTTP代理,默认端口是3128。; ^6 [" q- _0 g$ P: l
) M# N& ~2 [/ `* }+ ?+ K7 X
image-20211202190634526; r. h1 ~, @1 _. N
8 f4 ?. }/ l9 j9 O; @/ d3 a) a切换到新建的策略,代理成功
' e( x# [9 S( s. q
. W2 j1 q6 U) l* oimage-20211202191253822
! x- Z( G5 _ r# @/ }3 E, m) H; u: K, L! B9 R2 A+ R
Linux下测试:' t/ R$ |' p3 V4 N g, s( `7 u
@6 | d9 ^' A* f6 D. Y9 xwget -e "http_proxy=http://***.**.**.***" https://www.baidu.com% m; O9 j8 Q" z: W6 j. {+ y7 F
[root@Ubuntu ~]# wget -e "http_proxy=http://***.**.**.***" https://www.baidu.com
7 I; e+ U2 ~& z; @--2021-12-02 19:26:05-- https://www.baidu.com/: Z* W) K- H/ N" Y
正在解析主机 www.baidu.com (www.baidu.com)... 180.101.49.12, 180.101.49.11
% u% F M( Q. J) E正在连接 www.baidu.com (www.baidu.com)|180.101.49.12|:443... 已连接。- Q' D2 V, ^8 @* `
已发出 HTTP 请求,正在等待回应... 200 OK3 |5 l; F, |: x) ]3 e
长度: 2443 (2.4K) [text/html]
% _2 @: M" v& O( L; H正在保存至: “index.html”
- U4 [2 ]3 w- B! c
- b- Z) ~3 s$ ]2 R% vindex.html 100%[==================================================================>] 2.39K --.-KB/s 用时 0s
! j& x" e* o0 E2 r, x
" m6 x/ u" p2 B: T4 \8 V2 M2021-12-02 19:26:05 (112 MB/s) - 已保存 “index.html” [2443/2443]). {( r! k5 W, [
* b! I# Z% p! K2 ^# r& c2 N4 d
全局代理配置5 s6 s& F& F7 |
+ W! M% g7 X: I# _& F) k( m
vim /etc/profile
( c3 Z9 V/ P& v% X/ k: i, T ^& K7 }0 ` s
#在最后加入(有认证的情况)9 ~) c& i6 F6 @7 E% ]' r5 E
0 P1 w$ F) v. K7 x* Q x9 v
export http_proxy=”http://squid:123456@192.168.0.200:3128" H6 J7 _+ l2 g+ w+ C, {4 Z: F
4 e& Z7 y9 X, oexport https_proxy=”http://squid:123456@192.168.0.200:3128"/ q. O* t2 X6 j5 P
5 [5 @. [. |$ ^8 [7 f- i6 W如果没有开启认证. V' d* R4 [. f
1 \! n1 V7 C6 c8 e/ t0 Y
export http_proxy=http://192.168.0.200:3128
9 `: s U8 N( X$ ]6 ]0 k0 X; I9 T- J0 V4 B0 H
export https_proxy=http://192.168.0.200:3128
+ Z$ t7 d( @) U2 T8 o) K% Y7 V" [6 g7 q& k- |
source /etc/profile
) E- W! t* x/ V. c* H3 x; `
2 u' O- e7 }; w2 y/ M Q9 {+ U, F+ H! ^# g增加安全验证6 W0 N4 q1 Q, @) e
直接裸奔不太安全,首先把默认的端口改了,改成一个自己喜欢的端口(记得同步放行策略)。
- j% _ ~# x6 L% c
5 N; a2 u* M: G7 u" X: h vim /etc/squid/squid.conf
* \! G/ B$ s' Xhttp_port 3129/ _& \6 ]; {. D' X% t+ y! q
然后可以使用httpd-tools工具添加密码验证
4 V+ B, m) ]) p% r1 |( ~- @$ C1 m, P7 H8 Z1 ?% A
没有就先安装5 L6 l8 g. q& e0 Z7 ~+ Y
yum install httpd-tools -yLoaded plugins: fastestmirror+ y, c- j( m* z& r' N, {
Loading mirror speeds from cached hostfile
: {, _0 j/ D3 ] q * base: mirrors.huaweicloud.com
$ ~$ o. L+ k( L% V * extras: mirrors.bupt.edu.cn+ N% F% o4 u e
* updates: mirrors.huaweicloud.com4 z: Y8 S$ ?# }+ N' @& }4 p
Resolving Dependencies
( a9 P4 X& q# s9 ?4 S7 T--> Running transaction check2 i* \- i0 j7 Q- a$ ~4 F
---> Package httpd-tools.x86_64 0:2.4.6-98.el7.centos.6 will be installed
) {3 @) i# J- r4 L8 v' ?--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-tools-2.4.6-98.el7.centos.6.x86_64
$ C) K9 L* v b2 L2 \8 ~+ ]2 F--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-tools-2.4.6-98.el7.centos.6.x86_642 _3 [2 Z) z3 |. {! m
--> Running transaction check
! g% ?5 d$ E5 f8 K! v---> Package apr.x86_64 0:1.4.8-7.el7 will be installed2 M" e4 A- q* e! A O! ~
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
, k' ]+ v' k7 M2 v/ ]( C& e--> Finished Dependency Resolution3 V, P+ x6 J% J# K
k! B3 B, r7 }7 E7 J: G5 ~
Dependencies Resolved
6 Q1 `7 c: C8 e, Q. F( [7 z. W0 k7 n( n2 i7 C2 G
==================================================================================================================================, y4 S! C! f: o6 s& f7 K- Q
Package Arch Version Repository Size
/ Q# B% M% U' Z" x1 h7 E==================================================================================================================================$ y) d' o, P2 f R
Installing:- H$ b& e1 {# G* Z$ ~) h" r8 h! R O
httpd-tools x86_64 2.4.6-98.el7.centos.6 updates 94 k
3 e& \. B, Q; tInstalling for dependencies:5 P. t2 E1 K+ z z7 U' b
apr x86_64 1.4.8-7.el7 base 104 k
, D( J* n! Y1 }) F; f! y3 z apr-util x86_64 1.5.2-6.el7 base 92 k
2 |2 r" ]7 C. \# f; ~; _5 ^- w& @
Transaction Summary
$ N* W, u2 d" d5 h C( P==================================================================================================================================
* o9 y0 n2 c% B- d9 {Install 1 Package (+2 Dependent packages)
3 C9 i5 K7 Z% o0 |+ u: ?6 D) s/ M. E4 e
Total download size: 290 k. X2 i8 v/ _% u1 A0 c( O
Installed size: 584 k
5 ^; \/ w& o% ^Downloading packages:0 L! S& k; ]" R5 G8 ?* P9 F D( E4 e
(1/3): apr-1.4.8-7.el7.x86_64.rpm | 104 kB 00:00:00 6 k; r* ^! }6 X" ]
(2/3): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00:00 1 J- F2 w5 s3 F w9 `" {/ X
(3/3): httpd-tools-2.4.6-98.el7.centos.6.x86_64.rpm | 94 kB 00:00:00 ( G3 Y8 g$ G$ y3 k8 M" g) A1 g1 l
----------------------------------------------------------------------------------------------------------------------------------
& h6 R& @* Y, I) H0 a5 E! aTotal 2.0 MB/s | 290 kB 00:00:00
1 |7 H, R9 L! v& P2 ?5 T% IRunning transaction check. X M- l8 U k/ {4 Q! E7 o; b
Running transaction test
# [- n8 l2 K- {5 A% }( l% YTransaction test succeeded
' D2 T! W5 p1 {% n, C: Z9 N2 q* JRunning transaction. p$ X5 l! o- g4 g! R" V" `
Installing : apr-1.4.8-7.el7.x86_64 1/3
5 G# s$ T0 v" n. }( o$ _ Installing : apr-util-1.5.2-6.el7.x86_64 2/3
+ d! N8 ?' M N, u Installing : httpd-tools-2.4.6-98.el7.centos.6.x86_64 3/3 ' y s4 Q9 F) H
Verifying : httpd-tools-2.4.6-98.el7.centos.6.x86_64 1/3
1 {. ?- A2 r# R" p6 g$ f Verifying : apr-1.4.8-7.el7.x86_64 2/3
8 ~% D( ?1 z# h% T0 o+ C- V" b; @% \ Verifying : apr-util-1.5.2-6.el7.x86_64 3/3 3 H, V+ V" Y8 H! d8 ?" \
|6 h" l, r9 X% [9 J8 O! ]' o5 qInstalled:; u9 v* L8 [- o0 t- J/ ~. z8 g
httpd-tools.x86_64 0:2.4.6-98.el7.centos.6 9 P4 p& p2 y& M7 \2 n' s* _
) h2 L* |- v4 z2 m
Dependency Installed:$ x0 {$ Y4 @4 s7 k: v7 \+ b
apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7
) J# u9 H {! x% g9 S) e" K/ W, x C. _" o% m/ O
Complete!, H; Y% o( ]5 T1 R: T& a
4 w/ `3 Z+ M/ \" _+ l
$ Z3 j# Q# H8 M' S6 p" h 生成密码文件,指定文件路径,其中squid是用户名,密码不能超过8个字符
6 G9 l: a, g) Q8 I, Ahtpasswd -cd /etc/squid/passwords squid7 G/ }: E* v1 w% Z& _* {
测试生成的密码文件! ^6 {, L9 f" A: W- j2 f
7 z$ M& s% r9 Z0 o /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords ' H8 V% Y, n+ _" U6 R: }- j
squid 123456, Z& C' u: A. c' { O( G% N& k
ok' y: q0 |- V/ Z6 h; d
, v. N) W/ X# G0 R8 K$ I7 n* X/usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
) c2 M2 f: o! G% X! [+ s9 Wsquid cuscqaws
+ Q- f: L! g5 y( {' qOK - ?# t" f% H/ Y
+ ~; J* n# H5 j1 U4 s$ O7 c 测试完成,crtl + c 打断' M! ^0 V/ U3 k* u
1 d( w% |( ]' [* W$ w0 t
( t2 Y+ I) e, `; Z8 _
配置Squid文件' n" e: G. H9 U! b8 Q% Z: \
z& h4 g0 f) d+ I4 p& j1 s5 q. m& L vim /etc/squid/squid.conf' |# N0 O% A1 d) @5 N/ O6 ]
8 M+ S% @/ E( e
#And finally deny all other access to this proxy
: `6 Y* U8 v# k) Pauth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords #账户密码文件
c' _' S7 G) W. |- ]auth_param basic realm proxy# a+ R; f1 y O8 [, }* K, `) v
auth_param basic children 50 #最多 50 个账户同时运行
; X! W; w9 P0 }4 J1 S* ?5 Iauth_param basic realm CoolTube Proxy Server #密码框描述
2 W1 p6 F; p: W2 `- sauth_param basic credentialsttl 8 hours #认证持续时间
: I7 K: a1 \0 H9 }" Eacl authenticated proxy_auth REQUIRED #对 authenticated 进行外部认证& F) ^4 L, X8 l5 \6 T) Y! A6 b' g5 {
http_access allow authenticated #允许 authenticated 中的成员访问 M2 p. N% V. |5 e- b1 g- K
http_access deny all #拒绝所有其他访问6 @: P' x$ K3 Q+ O4 A( S) l1 S7 ~
visible_hostname squid.CoolTube #代理机名字
1 {' @) \, T1 G5 }# n9 G J1 e! l1 L! I0 ]- g
重启服务5 e+ [1 [2 r( e5 F0 x) n, \7 A* w
systemctl restart squid.service
O, o7 C2 y! E# ?# k; a& ~& O6 y
# squid -z
6 M- ?! w4 S" d; E4 d2023/02/22 14:19:42| Squid is already running! Process ID 3793
: S% A1 _0 T8 `7 A. K( ~8 X( b9 J( l% g. @. p2 K
( j. A2 U' q* X. N, a; { systemctl restart squid.service7 n) r# k0 @/ r- p: W a/ ~8 j
. N. ~: z# W0 X/ O
% {: q- ]( g8 r5 q systemctl status squid.service
4 _0 l/ g6 N' {0 z5 N● squid.service - Squid caching proxy
, s+ q$ x3 p' a3 P9 I9 K9 [ Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
0 i2 G. q# V4 d7 K* S7 \1 N Active: active (running) since Wed 2023-02-22 14:18:18 CST; 1min 56s ago. i% e; d9 v( c1 J$ Y
Process: 3749 ExecStop=/usr/sbin/squid -k shutdown -f $SQUID_CONF (code=exited, status=1/FAILURE)
) G$ |! w A" E( I/ K3 Y+ ], M Process: 3789 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)! T0 }8 q6 b; p2 t. R% ]
Process: 3783 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)+ Q' `5 J: G( |+ l' {* N& o
Main PID: 3791 (squid)" F+ j( |6 Z- n8 L" k4 H1 w
CGroup: /system.slice/squid.service
; F( r" U3 @, a1 }; m0 O( X ├─3791 /usr/sbin/squid -f /etc/squid/squid.conf
# b& n. X2 z, _* b9 u ├─3793 (squid-1) -f /etc/squid/squid.conf
2 l+ {2 `$ t$ r8 H' J └─3798 (logfile-daemon) /var/log/squid/access.log
/ _. M6 j5 [9 C1 {+ U% d( k9 }$ K; X" {: D
Feb 22 14:18:18 squid-ntp systemd[1]: Starting Squid caching proxy...
; i! g$ m# _$ s1 tFeb 22 14:18:18 squid-ntp squid[3791]: Squid Parent: will start 1 kids6 Z& H1 s& }* i5 u C
Feb 22 14:18:18 squid-ntp squid[3791]: Squid Parent: (squid-1) process 3793 started
/ U+ d, k3 Y0 S4 B7 NFeb 22 14:18:18 squid-ntp systemd[1]: Started Squid caching proxy.
! S1 {! b7 `$ C$ C9 d2 F8 }$ P
5 X2 i* E! t4 {( b ?$ o1 n, z' ^5 ]1 R) |1 B: B
连接测试,弹出需要账号密码, l. S' q& Z; o) ?
) m1 D0 P$ ?/ O3 J3 t5 ~- r. ^
! l% O2 K& v7 m7 h: ^) ^
8 W1 t N# ]/ N) e7 {image-20211202210858694% q3 e2 o# Y+ u" C$ A, k8 q8 h
A" V; }" `8 V9 U- b# j9 f+ I
在SwitchyOmega中配置账号密码
4 G. _# k: l) U( A! ?* F( ]* J0 H7 s2 U* Q
image-202112022110384699 X _8 W8 `0 }1 r* ~" h
3 Q4 m4 l Y5 l3 H6 l$ g4 Z" U连接成功
6 Z% I( v- n: n9 g. ]
) j ~& j3 ]; R1 V y& Uimage-202112022111154891 G, }, D! Q$ A8 |: X
6 {$ _4 R( T% Z& K* s& R0 t
查看日志
. N0 Z; n5 A& O" _查看运行日志
& e, W1 B/ J0 q
8 k" G% Y$ l9 n. Q1 l! F9 V( U# tail -f /var/log/squid/cache.log
% F7 v! `7 [. `% L9 @tail默认显示最后10行。-f参数代表实时更新
L e6 K5 A: v: a+ o1 m2 e5 l* t
查看连接日志' e' W7 i- {( o
$ j. K0 I- i; y# tail -f /var/log/squid/access.log 0 T" S! U! k4 D0 I9 l# e4 @5 c
增强流量匿名性
6 \! k2 @/ d$ s4 @, J普通的代理会把原来的client信息放在X-Forwarded-For:这个header当中,这样子,我们请求的服务器就会知道我们的请求是从哪里来的了,这样子,我们显然没有做到匿名。所以我们通过forwarded_for off把这个信息去掉达到匿名的效果。
8 D8 d! S8 h# u4 }5 W$ S, k" z/ b8 n4 Q. b1 S! F# n
ANONYMOUS PROXY
, M! l* s' k1 g8 X$ j% dforwarded_for off# C9 b/ V9 U8 m: ?% }
request_header_access Allow allow all
" T# D+ {0 [7 ~0 U& q0 irequest_header_access Authorization allow all3 M" u, i; Z p6 D. m' J
request_header_access WWW-Authenticate allow all
( {* T+ O( g& C: }request_header_access Proxy-Authorization allow all
1 r( i9 c! k: ^9 D! w2 |request_header_access Proxy-Authenticate allow all* |2 n2 j, X( `
request_header_access Cache-Control allow all6 T3 h, E/ c+ v* h, U) E
request_header_access Content-Encoding allow all( r ~/ S9 D0 ^* i% h) E1 j
request_header_access Content-Length allow all
* X& ?5 {: _/ ]# L7 |request_header_access Content-Type allow all
$ C1 _! G) ~5 Y; F: Crequest_header_access Date allow all( M8 s+ T' c4 s
request_header_access Expires allow all
r: x' y0 e! u Krequest_header_access Host allow all
: @; N7 V. S+ yrequest_header_access If-Modified-Since allow all
' Y$ B; P2 _4 K- C' S" r A+ ~" Prequest_header_access Last-Modified allow all C# [9 ]) Z; V3 _# U
request_header_access Location allow all" V( \0 z& p; L7 O1 z% J3 U
request_header_access Pragma allow all, r* \, s( L& O# E# h9 E
request_header_access Accept allow all$ k) {& m* L2 z" ~ Y) u9 A
request_header_access Accept-Charset allow all
5 @$ g) X5 ~" T. q6 |request_header_access Accept-Encoding allow all$ H# o! c6 Q# ~! W( G
request_header_access Accept-Language allow all7 C2 O9 [, X- y2 z! G4 c; I- \+ S: T
request_header_access Content-Language allow all
! i% h& r/ z: v) V* trequest_header_access Mime-Version allow all
, w) d6 R5 p/ G4 H) w" E5 s- Frequest_header_access Retry-After allow all$ Z8 u0 r$ z$ G i d
request_header_access Title allow all
" k' G1 a. N M+ X% U Lrequest_header_access Connection allow all& k* M4 q* H6 F' R+ H" w. Y$ Z
request_header_access Proxy-Connection allow all4 Z% q1 V$ O4 ^: |9 X9 T
request_header_access User-Agent allow all+ {: |2 n' V5 e1 H3 @% [
request_header_access Cookie allow all
, K7 u' \/ p: d/ yrequest_header_access All deny all
/ m5 ^) p+ e7 b( ]1 M6 E9 a: ]- u$ g3 \( p
request_header_access Via deny all% w g8 Y( {7 i& j
request_header_access Forwarded-For deny all
( w4 e" u9 J) Frequest_header_access X-Forwarded-For deny all' o2 c+ @& \/ W0 \: M6 Z2 U
request_header_access中的allow all是指squid保留我们client请求的header信息,如果使用deny则squid会把我们对应的header也一起隐藏掉。我们最好是保留header,因为我们用到了不同的useragent。, \/ `7 [ e) V+ z6 B
J. A/ K) g8 { f8 E重启服务
, ^) c+ _. T' p% e2 t& z; q, Z5 j2 f3 K5 G- y& ~: n2 U+ l; l8 k
[root@Q1nghuan ~]# squid -z2 n9 E7 G: k' ?# n0 y6 M
[root@Q1nghuan ~]# systemctl restart squid.service
! R) C; J% u( x/ b" C' E[root@Q1nghuan ~]# systemctl status squid
1 C" j8 Y$ }" k5 _7 x- _也可以在配置中增加一条关闭缓存服务8 F6 ~# j7 i% P% i
, P! ]4 k( r- \! R! ~2 b3 avim /etc/squid/squid.conf
5 q" B0 X! p0 B/ O% A# ecache deny all
2 \ B% g' k3 r* k. i. O% [8 D
2 ~2 K+ O. s" x7 Q/ r: G2 ?% O4 {- }9 W1 K9 E4 J" D
8 i# b. i: R" z+ Q
8 p, ~' X3 ]& L7 X* i. E |
|
发表于 2023-2-22 13:36:54