红联Linux门户
Linux帮助

服务器squid 2.5 stable快速安装指南

发布时间:2006-06-16 07:31:13来源:红联作者:Myiozzdoc
squid 2.5 stable快速安装指南


阿土/Aborigen Yin

http://www.bsdbase.com



目标:在网关上为内网提供普通代理以及透明代理服务,以ip地址为访问控制条件,不需要其他访问控制。


#安装


#如果是FreeBSD,建议安装如下ports:

cd /usr/ports/devel/autoconf

make clean

make install clean


cd /usr/ports/devel/automake

make clean

make install clean


#首先,配置好你的网络,保证安装squid的主机能正常上网;

ping www.163.com

#用域名是为了测试DNS解析;


#以下以root身份执行。

#获得最新stable源码

http://www.squid-cache.org


mkdir -p /usr/local/src/distfiles

cd /usr/local/src/distfiles

#FreeBSD

fetch http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE1.tar.gz

#Linux

wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE1.tar.gz


tar xfz squid-2.5.STABLE1.tar.gz -C ..


cd ../squid-2.5.STABLE1

./configure --prefix=/usr/local/squid

make

make install


#权限改变是必要的;参考squid.conf

#cache_effective_user nobody

#cache_effective_group nobody

#默认使用

chown -R nobody:nobody /usr/local/squid/var


#按照你的需要配置;

#vi /usr/local/squid/etc/squid.conf

# TAG: http_port

# Usage: port

# hostname:port

# 1.2.3.4:port

#Default:

# http_port 3128

http_port 60080

#逃避讨厌的代理扫描,使用一个自定义的端口;


#设置不代理的url,一些动态网页,比如江湖、聊天室。

# TAG: no_cache

# A list of ACL elements which, if matched, cause the request to

# not be satisfied from the cache and the reply to not be cached.

# In other words, use this to force certain objects to never be cached.

#

# You must use the word 'DENY' to indicate the ACL names which should

# NOT be cached.

#

#We recommend you to use the following two lines.

acl QUERY urlpath_regex cgi-bin \? asp php shtml php3 cgi

no_cache deny QUERY



# ACCESS CONTROLS

# -----------------------------------------------------------------------------


# TAG: acl

# Defining an Access List

#

# acl aclname acltype string1 ...

# acl aclname acltype "file" ...

#

# when using "file", the file should contain one item per line

#定义内网(假设有172.16.0.0/16;192.168.0.0/16;10.0.0.0/8);

acl lan-a src 172.16.0.0/16

acl lan-b src 192.168.0.0/16

acl lan-c src 10.0.0.0/8


#squid的默认配置是拒绝所有连接;

#Default:

# http_access deny all

#

#对上述内网地址开放

http_access allow lan-a

http_access allow lan-b

http_access allow lan-c


#Recommended minimum configuration:

#


#以下设置透明代理,如果你不用透明代理,可以跳过。

#在网关的防火墙上设置重定向,把内网对80的访问请求重定向到squid:

#Ipfilter rules

#rdr $LAN_NIC 0/0 port 80 ->; $SQUID_HOST_ADDR port $SQUID_PROXY_PORT tcp

#Iptables rules

#iptables -t nat -A PREROUTING -i $LAN_NIC -p tcp -m tcp --dport 80 -j DNAT --to $SQUID_HOST_ADDR:$SQUID_PROXY_PORT

#限定对指定来源的请求做重定向;

#iptables -t nat -A PREROUTING -i $LAN_NIC -p tcp -m tcp -s $INTERNAL_NETWORK/$INTERNAL_MASK --dport 80 -j DNAT --to $SQUID_HOST_ADDR:$SQUID_PROXY_PORT

#启用透明代理

httpd_accel_host virtual

httpd_accel_port 80

httpd_accel_with_proxy on

#作透明代理的同时缓存

#注意下面一行,默认是off的.

httpd_accel_uses_host_header on



#初始化缓冲目录

/usr/local/squid/sbin/squid -z


#开机关机管理脚本

#vi /usr/local/sbin/squid.sh


#!/bin/sh

case "$1" in


start)

if [ -x /usr/local/squid/sbin/squid ]; then

/usr/local/squid/sbin/squid && echo . && echo 'Squid proxy server started.'

fi

;;


stop)

killall squid && echo . && echo 'Squid proxy server stopped.'

;;

restart)

echo .

echo "Restart Squid proxy server ......"

$0 stop

sleep 30

$0 start

;;

*)

echo "$0 start | stop | restart"

;;


esac

#end of /usr/local/sbin/squid.sh


chmod 700 /usr/local/sbin/squid.sh


#开机自动执行

#FreeBSD

ln -s /usr/local/sbin/squid.sh /usr/local/etc/rc.d

#Linux

ln -s /usr/local/sbin/squid.sh /etc/rc.d/rc3.d/S99Squid-prxoy
文章评论

共有 2 条评论

  1. jond 于 2008-02-15 15:52:47发表:

    支持,谢谢!

  2. babda 于 2006-08-02 11:44:40发表:

    有点看不懂