|
|
楼主 |
发表于 2023-2-22 14:07:45
|
显示全部楼层
测试连通性
u: o* h8 r# P5 `& N! P9 M9 \* UWindows下测试:
1 _7 }' G* O* j
4 b7 j' B+ ^6 D8 i. d5 t5 c" u使用SwitchyOmega工具,配置一条HTTP代理,默认端口是3128。
" j0 f; K1 I$ |# |8 f- `3 s; s6 ~1 G. g9 Q+ c. \
image-202112021906345260 z( m1 q0 n/ a/ g+ s5 t4 J
# R" K2 {. h& r" S切换到新建的策略,代理成功
# q6 m% m( c, l8 E) W( }! T% h3 Z% H2 R
image-20211202191253822+ @0 D' Z9 u b( t! g
6 t$ u; u/ q' W3 I: W: ~
Linux下测试:
* _6 D* q0 ~& V' ?# W1 c& o
: C! C& E3 a4 vwget -e "http_proxy=http://***.**.**.***" https://www.baidu.com
6 v+ f9 f3 b+ t- N' |1 B[root@Ubuntu ~]# wget -e "http_proxy=http://***.**.**.***" https://www.baidu.com% ~( V" @! p/ w! ^ i# B
--2021-12-02 19:26:05-- https://www.baidu.com/
7 z5 ]+ l x! g/ U" o正在解析主机 www.baidu.com (www.baidu.com)... 180.101.49.12, 180.101.49.11' x% o0 a; R2 n- ?; d/ u+ n7 L* i& M
正在连接 www.baidu.com (www.baidu.com)|180.101.49.12|:443... 已连接。
+ \1 h. {- ]" q9 d' e* `8 W" W已发出 HTTP 请求,正在等待回应... 200 OK S7 l0 p9 [5 c' Q
长度: 2443 (2.4K) [text/html]) D0 k* d- U# K% J1 M& d
正在保存至: “index.html”
+ H3 _! I6 Y8 s9 K; U3 K5 |& k/ y" R$ D' N6 E
index.html 100%[==================================================================>] 2.39K --.-KB/s 用时 0s
9 p; X" i- d9 H# v4 t7 d9 P& r# T
2021-12-02 19:26:05 (112 MB/s) - 已保存 “index.html” [2443/2443])
# p# n+ @9 A' V. z# K& h
l- y1 D- N) o# z6 R全局代理配置
, D1 U1 u! h# \
{* C& Z' V. C; ]vim /etc/profile
0 X |) y, U/ K8 L& p9 X5 A! V X8 B3 ?1 u1 i
#在最后加入(有认证的情况). L0 \, l) L, _
+ b" D0 ]" X* \% Y$ K4 Z" r' T( Mexport http_proxy=”http://squid:123456@192.168.0.200:3128"
* G+ Z/ s/ v$ J4 n
( d2 Q9 G; \( Z' Oexport https_proxy=”http://squid:123456@192.168.0.200:3128"
0 O: s9 S5 g- p' z. g# i$ Y5 A% J+ L: y! N' E7 P& [- J: y
如果没有开启认证$ B& m" g$ q$ i7 G( |3 y( Z
i6 U; S4 _5 U8 y1 T( b* N
export http_proxy=http://192.168.0.200:31281 S2 F x9 `' \. g! a/ u4 T
# [3 i7 I- D3 Z1 N" [0 s" S
export https_proxy=http://192.168.0.200:3128( g: g1 k0 c2 h6 B$ I$ z9 F
# R0 h/ b; T" ], p' j6 V! _; ysource /etc/profile( F2 m; f/ c% |
# n ?, N$ P5 I
增加安全验证
5 K. ~/ p( N0 t8 K& G2 |直接裸奔不太安全,首先把默认的端口改了,改成一个自己喜欢的端口(记得同步放行策略)。
/ x; L0 q( | Y& w: N3 w
% ~# D4 c+ f, y# b vim /etc/squid/squid.conf
& J% e5 d8 V! M$ F2 ahttp_port 3129! Y4 ]. ?( z5 P8 _
然后可以使用httpd-tools工具添加密码验证
6 C, |; a( J( D4 b
0 w+ `0 A9 j; K" n' p 没有就先安装
0 e6 `9 @% y" }; Tyum install httpd-tools -yLoaded plugins: fastestmirror
3 u3 v6 K+ k) t! [Loading mirror speeds from cached hostfile
& z* F9 q6 X8 q7 A% t, V9 { * base: mirrors.huaweicloud.com
" w. z( d. g1 O% q/ C2 w1 P6 b * extras: mirrors.bupt.edu.cn
# K# s6 c3 ^0 o, d( I; ? * updates: mirrors.huaweicloud.com/ Q, `1 K# }7 O5 H) d6 S' y
Resolving Dependencies
, ^8 }' L% @2 V/ A--> Running transaction check
5 j% {- c. b; n---> Package httpd-tools.x86_64 0:2.4.6-98.el7.centos.6 will be installed
8 M$ J3 a) b6 K1 x. K--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-tools-2.4.6-98.el7.centos.6.x86_64
* W9 a* f, L! f--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-tools-2.4.6-98.el7.centos.6.x86_64
$ |+ g6 G4 G( B ^0 w--> Running transaction check
& E7 D- [7 j; D0 m$ ?---> Package apr.x86_64 0:1.4.8-7.el7 will be installed
; [9 U# E' u" z' \% P3 I$ q, l---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
( q) t' M$ K; i. }. M--> Finished Dependency Resolution" U4 U4 l2 m4 `" Y8 U
9 W$ j' P5 b7 b5 g* ODependencies Resolved+ |, z H8 b# n3 e* s! p: _
0 g7 a1 V4 D: f6 b) J==================================================================================================================================
) ~& i' T/ j) i8 P) y2 c$ w Package Arch Version Repository Size, S0 n" j, V* j8 w7 p2 ?
==================================================================================================================================1 _" A0 X% B+ N' E+ m8 h9 H
Installing:
s% R! V8 k: L6 {7 e6 k httpd-tools x86_64 2.4.6-98.el7.centos.6 updates 94 k# d$ |8 [' d1 M- Y
Installing for dependencies:
. W6 R1 t" ^8 g8 r apr x86_64 1.4.8-7.el7 base 104 k3 u" |' ^2 l# r* P
apr-util x86_64 1.5.2-6.el7 base 92 k
- w" U9 N' ^2 S/ e3 s# `4 Z# R% `$ O/ p7 V; z: L
Transaction Summary
& X1 G, s: F* ?==================================================================================================================================4 k8 f* o D) u! N7 [8 z J) g
Install 1 Package (+2 Dependent packages); z2 T8 R( q) O- R, ~5 X5 D
8 a5 c2 ]1 u& A( l5 S0 n. y0 eTotal download size: 290 k0 n; N' l% E6 a0 {1 u
Installed size: 584 k
3 s- W U* b: e+ J4 sDownloading packages:4 o* R2 V* q! U3 p1 }$ A
(1/3): apr-1.4.8-7.el7.x86_64.rpm | 104 kB 00:00:00 ; F' p0 N% ^2 e9 U( d" a
(2/3): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00:00 3 M) I9 y# |9 u2 L" |
(3/3): httpd-tools-2.4.6-98.el7.centos.6.x86_64.rpm | 94 kB 00:00:00
2 _2 L1 u. ]6 H/ D/ p----------------------------------------------------------------------------------------------------------------------------------
: y- W, l$ A* N" [, M+ CTotal 2.0 MB/s | 290 kB 00:00:00
( L; q/ Y$ s0 mRunning transaction check U4 `% X) L$ b
Running transaction test
$ Y5 p+ S' o- K! ]Transaction test succeeded
. ?$ Y2 @+ a9 P# W. o5 s* CRunning transaction" x: |8 t1 e% X- A$ q
Installing : apr-1.4.8-7.el7.x86_64 1/3 4 Y o! X% l/ f9 A" b% h
Installing : apr-util-1.5.2-6.el7.x86_64 2/3 6 a- H7 }9 }" ?! L6 B. `
Installing : httpd-tools-2.4.6-98.el7.centos.6.x86_64 3/3 $ e+ ~6 s* z O A7 r( K4 r
Verifying : httpd-tools-2.4.6-98.el7.centos.6.x86_64 1/3
5 S, K# U& s# `6 b; o3 o. j% j Verifying : apr-1.4.8-7.el7.x86_64 2/3
! T, S3 F z3 z* a" [: D Verifying : apr-util-1.5.2-6.el7.x86_64 3/3
% d& o* r5 h, \
3 i0 w% ?; C7 ZInstalled:1 f! G5 l4 G: l# Z
httpd-tools.x86_64 0:2.4.6-98.el7.centos.6
, f e! w! t. Y7 _$ p1 `% V: E2 p- M" w
Dependency Installed:
L; G! ^1 K# F& | apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7
; H; d4 E2 H9 z* ?2 y6 O7 ?# b- H) h6 H, f# ?
Complete!
: o, [7 s9 I8 i2 i0 _0 O4 q& m( y& h4 ^6 K
0 ?% Q$ D, x, e+ _5 U; J0 u8 V 生成密码文件,指定文件路径,其中squid是用户名,密码不能超过8个字符% v5 V( f$ p- W5 W/ W8 G9 G
htpasswd -cd /etc/squid/passwords squid
2 L+ `& k5 N: z1 v6 E" W) O; F5 P: a测试生成的密码文件6 n* H% R% b: f5 ~0 Q: p* @4 ~9 `
0 b# h8 O' h' k9 j5 W: k6 w% M8 \
/usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
, i/ u3 Q1 N* C ?8 k6 o& U5 Y4 Ksquid 1234564 g+ c7 v( `5 R! {
ok
4 {" n! s0 v, M+ i( v) D
9 i$ {( E9 o: _6 ^! P/usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords
1 A# e) s& H j* r$ z, esquid cuscqaws% X0 {/ q. A/ X3 U8 Z
OK
3 G$ J, |7 h3 ?3 p' ?. \
/ s& p; l! X0 j! P8 b 测试完成,crtl + c 打断' W. G7 Z. m% G8 o
$ v( G5 u K% O- P8 e
$ O+ X z. h6 a y+ ?
配置Squid文件% N, ^, r' {; e/ a1 f
) B2 l8 w/ P- B/ T9 v* y
vim /etc/squid/squid.conf
' k- Y: g+ K6 \) z) \" Z% U
~; P) _! K0 f. s6 g+ n3 K' w#And finally deny all other access to this proxy6 e1 j4 T, a, T5 ~
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwords #账户密码文件
; \; P, F( Y! L8 A5 m: Uauth_param basic realm proxy
& C% ~# M% B" jauth_param basic children 50 #最多 50 个账户同时运行! R! @2 H0 c9 x
auth_param basic realm CoolTube Proxy Server #密码框描述
& r, K$ C0 f" Z8 @5 Xauth_param basic credentialsttl 8 hours #认证持续时间! Y3 X1 ?& _9 r8 `
acl authenticated proxy_auth REQUIRED #对 authenticated 进行外部认证5 d/ ?0 s3 {4 R% F! T$ f0 ]( c
http_access allow authenticated #允许 authenticated 中的成员访问0 n; N" u1 D f! A
http_access deny all #拒绝所有其他访问
. ~. j- Y* o! pvisible_hostname squid.CoolTube #代理机名字- ?+ a6 a; j6 Y7 ?
; v0 k; b7 C f8 D重启服务1 J f9 X0 k# d( b5 k# }4 t
systemctl restart squid.service9 _6 y5 o4 U) P. i U* j
- h0 o( O4 j4 {1 g1 S# squid -z
[( P9 R: [5 n- S( `2023/02/22 14:19:42| Squid is already running! Process ID 3793
% d8 g: S- B. j& i+ Y: c8 c7 Y8 _ P2 }1 r: |
( a5 M' t/ ?5 P, w* f3 H" ? systemctl restart squid.service: j# G% z; j. K* g
) Y5 r/ _& {/ G# I! _
- z) s. e% N5 K systemctl status squid.service . {) i5 p' H& x$ F; k3 ~
● squid.service - Squid caching proxy
5 }+ z; b! q& l! R% O! \ Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
( Q7 p7 M# S, Q. Q! T' P Active: active (running) since Wed 2023-02-22 14:18:18 CST; 1min 56s ago
& S# {9 w n$ n5 C. X Process: 3749 ExecStop=/usr/sbin/squid -k shutdown -f $SQUID_CONF (code=exited, status=1/FAILURE)
1 x0 q- n7 G& d( D, |# i3 ^& T* l Process: 3789 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
6 Y$ c6 C7 s9 E- Z& x Process: 3783 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
( d! j8 @' z% L! A* t Main PID: 3791 (squid)
/ v+ A# d7 H8 { CGroup: /system.slice/squid.service
( `, l5 R2 K7 L9 t- H0 U ├─3791 /usr/sbin/squid -f /etc/squid/squid.conf3 `3 s _- M$ F) C5 ^( {1 |% \ f
├─3793 (squid-1) -f /etc/squid/squid.conf
; J I _0 F5 _, J └─3798 (logfile-daemon) /var/log/squid/access.log
% r- i& q% i" T, G- ^1 t& n4 r V5 }9 Z; |
Feb 22 14:18:18 squid-ntp systemd[1]: Starting Squid caching proxy...
s, {7 d2 w0 e! x- }' xFeb 22 14:18:18 squid-ntp squid[3791]: Squid Parent: will start 1 kids* H0 K6 ]0 @2 M i! {3 _
Feb 22 14:18:18 squid-ntp squid[3791]: Squid Parent: (squid-1) process 3793 started
7 X4 T6 V+ V8 g; ~- }Feb 22 14:18:18 squid-ntp systemd[1]: Started Squid caching proxy.9 T9 z7 m" \+ F! Q, ]: t
8 Z' j9 V4 K9 b# W( m% n% v5 [
8 f; q# G) F4 s( S6 M* y) y7 B连接测试,弹出需要账号密码/ |7 S* R3 Q( Z6 G! r, w- {
4 X; h& n2 z4 x5 G2 s3 B. e
/ L5 u, D; g1 }/ g
* I. Z5 O4 a5 h' a9 r1 Z+ yimage-20211202210858694
- }. M/ v8 j6 q* C
; w9 ]' \- O0 Y在SwitchyOmega中配置账号密码2 C) w n2 W, A+ m% C0 v) W8 N
0 Q N9 l% I6 ^2 ]8 R$ R3 v4 ^/ H( e
image-20211202211038469+ Z( R! j' L7 C5 a% Z2 m6 A
# ?' H) F# ~& ~: j0 ^0 ?
连接成功
& ^- `3 M/ }+ r) ?
: p1 y2 ]) }- r, [2 |( |- T ?image-20211202211115489
. |4 p, Q1 o7 G
1 Z7 _5 h {& e2 w! e* x查看日志
) E- b8 E# a- K* Y. W$ g查看运行日志
4 X) v* y' T# _" ]9 j
; `6 C2 P; s' E3 S- [3 ?# tail -f /var/log/squid/cache.log 2 s# f! T& v: w# V8 d/ T# F
tail默认显示最后10行。-f参数代表实时更新! D* t, Q/ y! G; L9 }
2 C) l/ ~9 \8 Q查看连接日志
, W- R7 F4 z. m6 f) D6 v# T# m% ^, w( @" [
# tail -f /var/log/squid/access.log
6 q( M. { G" d5 m! y c$ \% n增强流量匿名性
( [* b+ U' Q. G# E; d6 L, A普通的代理会把原来的client信息放在X-Forwarded-For:这个header当中,这样子,我们请求的服务器就会知道我们的请求是从哪里来的了,这样子,我们显然没有做到匿名。所以我们通过forwarded_for off把这个信息去掉达到匿名的效果。9 T% |7 G% B, ]- v( T
7 |; a( i! W: G; l) }/ E ANONYMOUS PROXY
- ^7 x) b' Y5 j- F( hforwarded_for off, ?! ^" r. L; i+ c
request_header_access Allow allow all
9 {, d, [+ |; x5 L/ i; y& jrequest_header_access Authorization allow all7 T) x* \& R0 N2 {; O
request_header_access WWW-Authenticate allow all4 u% @+ g) l. u/ f/ |6 B
request_header_access Proxy-Authorization allow all
) ^( [# t7 J7 ^8 r. c$ W" ^7 lrequest_header_access Proxy-Authenticate allow all
5 M9 g5 ~/ x. srequest_header_access Cache-Control allow all5 m) v/ g v( [7 d3 h
request_header_access Content-Encoding allow all4 { y1 _/ J! T* N0 S. G% z8 G5 L
request_header_access Content-Length allow all3 i' O; Z0 W: s6 J t
request_header_access Content-Type allow all
4 m0 ~1 X, Q; M) Z1 v8 Qrequest_header_access Date allow all
$ [0 K! ?6 i2 _) U. prequest_header_access Expires allow all7 D2 ~: y2 ~" [8 G2 P
request_header_access Host allow all
/ o; u( s5 v# ^& orequest_header_access If-Modified-Since allow all
2 ~0 Q2 v, B- A0 e$ jrequest_header_access Last-Modified allow all
/ J! a, L7 z" u; g" }) [0 Orequest_header_access Location allow all
% ~- \6 K- \& `9 [3 [6 irequest_header_access Pragma allow all9 q" c( f7 f3 F( U7 A7 f
request_header_access Accept allow all
$ W5 N( a1 m! Urequest_header_access Accept-Charset allow all& ]0 T8 C( _5 ]+ [% ]" X
request_header_access Accept-Encoding allow all' F9 P. j2 j& t' F. ]8 {
request_header_access Accept-Language allow all
9 E8 m- ^/ q" \1 |& r. l. Xrequest_header_access Content-Language allow all
$ ^; J: E7 r6 B; i$ D! ~& v' Urequest_header_access Mime-Version allow all; o; F+ @7 k E& ^8 ^; H
request_header_access Retry-After allow all
( h$ q% _! ~$ ]/ b; D% A5 `- irequest_header_access Title allow all0 V6 |5 H- ~( M* E
request_header_access Connection allow all% o% t' M; m$ |/ g' g' E, c
request_header_access Proxy-Connection allow all3 H# `3 A. s" b
request_header_access User-Agent allow all; _. j( f! J6 W3 }' [2 y# @
request_header_access Cookie allow all3 P5 u1 K& p" r7 R4 {: z3 Y
request_header_access All deny all7 J+ U8 N* g; P$ o/ }# e+ O
" b+ G' D% ]7 j, f7 @# M9 `1 F
request_header_access Via deny all: ?( f; u( c+ p% R
request_header_access Forwarded-For deny all& [9 a6 F% G" p; R% Y8 }% s
request_header_access X-Forwarded-For deny all! G+ J, C3 P; |7 Y7 |8 D M7 ?
request_header_access中的allow all是指squid保留我们client请求的header信息,如果使用deny则squid会把我们对应的header也一起隐藏掉。我们最好是保留header,因为我们用到了不同的useragent。. K9 p! N. S* r! K% R$ ?
3 t) s! f5 T9 ^; C- g" t重启服务$ R" W" z6 Q4 F; j# y. b$ p
$ K+ b: A1 d( ]' \ p3 x[root@Q1nghuan ~]# squid -z
) e% Z1 I+ m9 @5 ^8 V" k2 N[root@Q1nghuan ~]# systemctl restart squid.service7 N, s K7 f k2 C1 Q
[root@Q1nghuan ~]# systemctl status squid
* r. X2 n ?. l也可以在配置中增加一条关闭缓存服务0 P1 o0 a7 U V0 C+ W U; k5 k8 r
+ f7 T2 `% R0 a" F* jvim /etc/squid/squid.conf
9 ]$ e2 j3 J# X! u( o! j% r) r4 Jcache deny all: Z7 B$ Z- I {7 W- a( E7 k
, c% b: V/ ^+ V7 N1 o
! @/ T4 p* l8 Q. M7 {" K6 h: Z. R, V$ ~4 }# k4 E% |
! U+ O' J6 O* I, |( ` |
|
发表于 2023-2-22 13:36:54