标签:ttf icon obj 拒绝 报错 css tcp var cal
一、web代理的工作机制三、使用代理的好处
四、实操演示传统代理
web端IP:192.168.247.160
squid端IP:192.168.247.206
win10客户端IP:192.168.247.200
1.修改主机名,便于识别
[root@lamp ~]# hostnamectl set-hostname squid
[root@lamp ~]# su
[root@squid ~]#
[root@nginx ~]# hostnamectl set-hostname web
[root@nginx ~]# su
[root@web ~]#
squid为了缓存页面对象,需要设置缓存空间,后面会设置
2.编译安装squid
首先解压squid,安装编译工具
[root@squid ~]# mkdir /abc
mkdir: cannot create directory ‘/abc’: File exists
[root@squid ~]# mount.cifs //192.168.254.10/linuxs /abc
Password for root@//192.168.254.10/linuxs:
[root@squid ~]# cd /abc
[root@squid abc]# tar zxvf squid-3.4.6.tar.gz -C /opt
[root@squid abc]# cd /opt
[root@squid opt]# ls
mysql-5.7.17 rh squid-3.4.6
[root@squid opt]# cd squid-3.4.6/
[root@squid squid-3.4.6]# ls
acinclude configure CREDITS INSTALL QUICKSTART src
aclocal.m4 configure.ac doc lib README test-suite
bootstrap.sh contrib errors libltdl RELEASENOTES.html tools
cfgaux CONTRIBUTORS helpers Makefile.am scripts
ChangeLog COPYING icons Makefile.in snmplib
compat COPYRIGHT include po4a.conf SPONSORS
[root@squid squid-3.4.6]# yum install gcc gcc-c++ make pcre* perl* -y
configure 配置,make安装
acl 防控制列表,可在acl中设置通过mac地址进行管理,防止IP七篇
[root@squid squid-3.4.6]# ./configure
--prefix=/usr/local/squid --sysconfdir=/etc --enable-arp-acl --enable-linux-netfilter --enable-linux-tproxy --enable-async-io=100 --enable-err-language="Simplify_Chinese" --enable-underscore --enable-poll --enable-gnuregex
[root@squid squid-3.4.6]# make && make install
[root@squid squid-3.4.6]# ln -s /usr/local/squid/sbin/* /usr/local/sbin/ //优化命令路径
[root@squid squid-3.4.6]# useradd -M -s /sbin/nologin squid //创建squid程序用户
[root@squid squid-3.4.6]# chown -R squid.squid /usr/local/squid/var/ //给程序用户squid的程序目录的权限
[root@squid squid-3.4.6]# vim /etc/squid.conf //编辑配置文件
55 # And finally deny all other access to this proxy
56 http_access allow all
#允许所有,关闭拒绝所有,若是拒绝所有,需要放到配置文件的最下方,否则会自deny生效起,后面的参数都不会生效
57 #http_access deny all
58
59 # Squid normally listens to port 3128
60 http_port 3128
61 cache_effective_user squid
#增加用户和组
62 cache_effective_group squid
[root@squid squid-3.4.6]# squid -k parse
//验证语法
[root@squid squid-3.4.6]# squid -z
//初始化缓存,然后squid启用
[root@squid squid-3.4.6]# squid //启动
[root@squid squid-3.4.6]# netstat -natp | grep 3128
tcp6 0 0 :::3128 :::* LISTEN 71471/(squid-1)
3.创建systemctl 启动脚本
[root@squid squid-3.4.6]# cd /etc/init.d/
[root@squid init.d]# vim squid
#!/bin/bash
#chkconfig: 2345 90 25
PID="/usr/local/squid/var/run/squid.pid"
CONF="/etc/squid.conf"
CMD="/usr/local/squid/sbin/squid"
case "$1" in
start)
netstat -natp | grep squid &> /dev/null
if [ $? -eq 0 ]
then
echo "squid is running"
else
echo "正在启动 squid..."
$CMD
fi
;;
stop)
$CMD -k kill &> /dev/null
rm -rf $PID &> /dev/null
;;
status)
[ -f $PID ] &> /dev/null
if [ $? -eq 0 ]
then
netstat -natp | grep squid
else
echo "squid is not running"
fi
;;
restart)
$0 stop &> /dev/null
echo "正在关闭 squid..."
$0 start &> /dev/null
echo "正在启动 squid..."
;;
reload)
$CMD -k reconfigure
;;
check)
$CMD -k parse
;;
*)
echo "用法: $0(start|stop|status|reload|check|restart)"
;;
esac
4.给脚本执行权限,加入到chkconfig中
[root@squid init.d]# chmod +x squid
[root@squid init.d]# chkconfig --add squid
[root@squid init.d]# chkconfig --level 35 squid on
[root@squid init.d]# netstat -natp | grep 3128
[root@squid init.d]# service squid start
正在启动 squid...
[root@squid init.d]# netstat -natp | grep 3128
tcp6 0 0 :::3128 :::* LISTEN 102925/(squid-1)
[root@squid init.d]# service squid stop
[root@squid init.d]# netstat -natp | grep 3128
[root@squid init.d]# setenforce 0
5.设置缓存参数
[root@squid init.d]# vim /etc/squid.conf
http_port 3128
cache_effective_user squid
cache_effective_group squid
//增加下面三行
cache_mem 64 MB //缓存64M的内容
reply_body_max_size 10 MB //禁止下载的超过10MB的文件
maximum_object_size 4096 KB //超过4MB的文件不进行缓存
增加的参数放在http_access deny all 前面才会生效
6.设置iptables规则
[root@squid init.d]# iptables -F
//清空规则
[root@squid init.d]# iptables -L
//查看规则
[root@squid init.d]# iptables -t nat -F
[root@squid init.d]# iptables -I INPUT -p tcp --dport 3128 -j ACCEPT
[root@squid init.d]# service squid reload
[root@squid init.d]# netstat -natp | grep 3128
tcp6 0 0 :::3128 :::* LISTEN 17863/(squid-1)
7.配置web端和客户端
[root@web ~]# systemctl stop firewalld
[root@web ~]# setenforce 0
[root@web ~]# yum install httpd -y
[root@web ~]# netstat -natp | grep 80
[root@web ~]# systemctl start httpd
[root@web ~]# netstat -natp | grep 80
tcp6 0 0 :::80 :::* LISTEN 128136/httpd
打开一台虚拟机win10,去访问web
查看web端httpd的访问日志
[root@web httpd]# cd /var/log/httpd/
[root@web httpd]# cat access_log
192.168.247.200 - - [02/Feb/2020:10:58:32 +0800] "GET /noindex/css/fonts/Semibold/OpenSans-Semibold.ttf HTTP/1.1" 404 246 "http://192.168.247.160/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240"
开始配置代理
输入代理服务器ip和端口号,点击保存,然后关闭,关闭浏览器
重新打开浏览器,再次访问web
再次查看httpd日志
此时可以发现访问ip变成了192.168.247.206
[root@web httpd]# cat access_log
192.168.247.206 - - [02/Feb/2020:11:10:47 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1"
标签:ttf icon obj 拒绝 报错 css tcp var cal
原文地址:https://blog.51cto.com/14557905/2481920