环境:CentOS 6.5
代理主机ip:192.168.3.224,10.0.0.10
内网主机ip:10.0.0.11
1、关闭selinux
[root@php-proxy ~]# setenforce 0
[root@php-proxy ~]# getenforce
permissive
[root@php-proxy ~]# vim /etc/selinux/config
SELINUX=disabled
2、关闭防火墙filter表,设置防火墙端口转发规则
[root@php-proxy ~]# iptables -t filter -F
[root@php-proxy ~]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@php-proxy ~]# service iptables save
3、修改主机路由模式
[root@php-proxy ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
编译安装squid
1、安装squid
http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.3.tar.gz
[root@php-proxy ~]# tar xf squid-3.2.3.tar.gz
[root@php-proxy ~]# cd squid-3.2.3
[root@php-proxy ~]# ./configure --prefix=/usr/local/squid --enable-dlmalloc --enable-gnuregex --disable-carp --enable-async-io=100 --with-aufs-threads=32 --with-pthreads --enable-storeio="ufs,aufs" --enable-removal-policies="heap,lru" --enable-icmp --enable-htcp --enable-delay-pools --enable-useragent-log --enable-referer-log --disable-wccp --disable-wccpv2 --enable-kill-parent-hack --enable-arp-acl --disable-snmp --enable-default-err-language=Simplify_Chinese --enable-err-languages="Simplify_Chinese English" --disable-poll --disable-select --enable-epoll --enable-auth --enable-auth-basic="DB,NCSA,PAM,RADIUS,SASL" --with-aio --disable-ident-lookups --enable-truncate --enable-stacktraces --with-maxfd=65535 --disable-ipv6 --enable-ipf-transparent --enable-linux-netfilter
2、配置squid
[root@php-proxy ~]# mkdir -p /data/squid/{cache,coredump,logs}
[root@php-proxy ~]# /usr/sbin/groupadd squid
[root@php-proxy ~]# /usr/sbin/useradd squid -g squid -s /sbin/nologin
[root@php-proxy ~]# chmod -R 777 /data/squid/{cache,coredump,logs}
[root@php-proxy ~]# chown -R squid.squid /data/squid/{cache,coredump,logs}
3、配置文件内容
[root@php-proxy ~]# vim /usr/local/squid/etc/squid.conf
http_port 10.0.0.10:1080
cache_effective_user squid
cache_effective_group squid
cache_mem 2048 MB
cache_swap_low 90
cache_swap_high 95
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir aufs /data/squid/cache 20480 16 256
coredump_dir /data/squid/coredump
memory_pools_limit 1024 MB
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 32768 KB
maximum_object_size_in_memory 2048 KB
access_log /dev/null
cache_access_log none
cache_log /dev/null
cache_store_log none
cache_swap_log /data/squid/logs/swap.log
logfile_rotate 1
pid_filename /usr/local/squid/var/logs/squid.pid
cache_mgr lovezym5@126.com
strip_query_terms off
visible_hostname ProxySrv
error_directory /usr/local/squid/share/errors/zh-cn
request_header_max_size 64 KB
request_body_max_size 0 KB
negative_ttl 5 minutes
read_timeout 1 minutes
client_lifetime 10 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
request_timeout 2 minutes
persistent_request_timeout 1 minute
client_persistent_connections off
server_persistent_connections on
tcp_recv_bufsize 65535 bytes
half_closed_clients off
httpd_suppress_version_string off
ie_refresh off
allow_underscore on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
dns_nameservers DNS服务器IP
acl OverConnLimit maxconn 300
http_access deny OverConnLimit
acl our_network src 192.168.0.0/16
http_access allow our_network
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
#检查配置是否正确
[root@php-proxy ~]# /usr/local/squid/sbin/squid -k parse
#初始化cache缓存目录
[root@php-proxy ~]# /usr/local/squid/sbin/squid -z
4、配置启动脚本
[root@php-proxy ~]# vim /etc/init.d/squid
#!/bin/sh
#
#squid - this script start and stop the squid daemon
#
# chkconfig: - 90 25
# description: squid is a pagecache reverse proxy.
# processname: squid
# pidfile: /usr/local/squid/var/logs/squid.pid
# config: /usr/local/squid/etc/squid.conf
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
BINFILE="/usr/local/squid/sbin/squid"
CFGFILE="/usr/local/squid/etc/squid.conf"
PIDFILE="/usr/local/squid/var/logs/squid.pid"
LOCKFILE="/var/lock/squid.lock"
CACHEPATH="/data/squid/cache"
OUTFILE="/data/squid/logs/squid.out"
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
[[ -f $BINFILE ]] && SQUID="${BINFILE}"
CACHE_SWAP=`sed -e 's/#.*//g' ${CFGFILE} | grep cache_dir | awk '{print $3}'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP="${CACHEPATH}"
RETVAL=0
start() {
if [[ ! -f ${CFGFILE} ]]; then
echo "The configuration file: ${CFGFILE} has no found!" 1>&2
exit 6
fi
SQUID_OPTS="-s -f ${CFGFILE}"
[[ -z "$SQUID" ]] && echo "Insufficient privilege" 1>&2 && exit 4
for adir in $CACHE_SWAP
do
if [[ ! -d $adir/00 ]]; then
echo -n "init_cache_dir $adir"
$SQUID -z -F -D >> ${OUTFILE} 2>&1
fi
done
echo -n "Starting squid..."
$SQUID $SQUID_OPTS >> ${OUTFILE} 2>&1
RETVAL=$?
if [[ $RETVAL -eq 0 ]]; then
timeout=0;
while :
do
[[ ! -f ${PIDFILE} ]] || break
[[ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]] && RETVAL=1 && break
sleep 1 && echo -n "."
timeout=$((timeout+1))
done
fi
echo ""
[[ $RETVAL -eq 0 ]] && touch ${LOCKFILE}
[[ $RETVAL -eq 0 ]] && echo "start squid is ok!"
[[ $RETVAL -ne 0 ]] && echo "start squid is failed!"
return $RETVAL
}
stop() {
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
echo -n "Stopping squid..."
$SQUID -k check >> ${OUTFILE} 2>&1
RETVAL=$?
if [[ $RETVAL -eq 0 ]]; then
$SQUID -k shutdown &
rm -f ${LOCKFILE}
timeout=0
while :
do
[[ -f ${PIDFILE} ]] || break
[[ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]] && echo "" && return 1
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo ""
echo "Stop squid is ok!"
else
echo ""
echo "Stop squid is failed!"
[[ ! -e ${LOCKFILE} ]] && RETVAL=0
fi
return $RETVAL
}
restart() {
stop
sleep 1
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
SQUID_OPTS=${SQUID_OPTS:-"-D"}
$SQUID -k reconfigure -f ${CFGFILE}
;;
restart)
restart
;;
condrestart)
[[ -e ${LOCKFILE} ]] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|condrestart}"
exit 2
esac
exit $?
[root@php-proxy ~]# chmod +x /etc/init.d/squid #添加执行权限
[root@php-proxy ~]# service squid start #启动服务
3、配置主机ip地址
代理主机内网ip
[root@php-proxy ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0:0
DEVICE=eth0:0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=10.0.0.10
NETMASK=255.0.0.0
[root@php ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=52:54:00:B1:B4:99
TYPE=Ethernet
UUID=4dd9081e-2cf6-4f81-bde4-561d3877267e
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=10.0.0.11
NETMASK=255.0.0.0
GATEWAY=10.0.0.10
DNS1=8.8.8.8
DNS2=8.8.4.4
内网主机测试可行:
[root@php ~]# curl -I www.qq.com
HTTP/1.1 200 OK
Server: squid/3.4.3
Date: Wed, 13 Jul 2016 06:01:36 GMT
Content-Type: text/html; charset=GB2312
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Expires: Wed, 13 Jul 2016 06:02:36 GMT
Cache-Control: max-age=60
Vary: Accept-Encoding
Access-Control-Allow-Origin: http://bz.qq.com
X-Cache: HIT from nanjing.qq.com
亿速云「云服务器」,即开即用、新一代英特尔至强铂金CPU、三副本存储NVMe SSD云盘,价格低至29元/月。点击查看>>
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。