CentOS 7中使用Squid提供HTTP代理详解
<p>本文主要记录了一下设置CentOS服务器使用Squid作为HTTP代理,及客户端的代理配置的方法,下面来看看详细的介绍吧。</p>
<p>
<span><strong>使用Squid提供HTTP代理</strong></span></p>
<p>
<strong>主机上安装和设置Squid</strong></p>
<p>
作为网关的n147机器,公网IP是2.2.2.147。安装Squid,然后修改配置,启用服务。</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_381426">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">yum </code><code class="bash functions">install</code> <code class="bash plain">-y squid</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash comments"># squid的配置文件在 /etc/squid/squid.conf,修改内容可参考下面的Dockerfile</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash comments"># 修改配置后,初始化squid的工作目录</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain">squid -z</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash comments"># 启动服务</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash plain">systemctl </code><code class="bash functions">enable</code> <code class="bash plain">squid</code>
</div>
<div class="line number7 index6 alt2">
<code class="bash plain">systemctl start squid</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<strong>以Docker容器的方式运行Squid</strong></p>
<p>
Dockerfile内容如下:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_392057">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
<div class="line number19 index18 alt2">
19</div>
<div class="line number20 index19 alt1">
20</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">FROM alpine:latest</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">RUN apk update --no-cache; \</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash spaces"> </code><code class="bash plain">apk add squid --no-cache</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash comments"># 可以在squid.conf中限制允许访问此代理的IP范围,否则只有内网IP可以访问</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash plain">RUN </code><code class="bash functions">sed</code> <code class="bash plain">-i </code><code class="bash string">"/RFC 4291/a acl ics src 2.2.2.0/24"</code> <code class="bash plain">squid.conf; \</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash spaces"> </code><code class="bash functions">sed</code> <code class="bash plain">-i </code><code class="bash string">"/RFC 4291/a acl ics src 2.2.3.3/32"</code> <code class="bash plain">squid.conf</code>
</div>
<div class="line number7 index6 alt2">
<code class="bash comments"># 可以修改默认的端口号,如果修改了默认端口,需要修改下面的 EXPOSE 部分</code>
</div>
<div class="line number8 index7 alt1">
<code class="bash plain">RUN </code><code class="bash functions">sed</code> <code class="bash plain">-i </code><code class="bash string">"/http_port/c http_port 8888"</code> <code class="bash plain">squid.conf</code>
</div>
<div class="line number9 index8 alt2">
<code class="bash comments"># 开启cache</code>
</div>
<div class="line number10 index9 alt1">
<code class="bash plain">RUN </code><code class="bash functions">sed</code> <code class="bash plain">-i </code><code class="bash string">'/cache_dir/s/#//g'</code> <code class="bash plain">/etc/squid/squid</code><code class="bash plain">.conf</code>
</div>
<div class="line number11 index10 alt2">
<code class="bash comments"># 或者直接使用修改过的配置文件</code>
</div>
<div class="line number12 index11 alt1">
<code class="bash comments"># ADD squid.conf /etc/squid/squid.conf</code>
</div>
<div class="line number13 index12 alt2">
<code class="bash comments"># squid -z用于初始化,创建cache目录,但直接在Dockerfile中</code>
</div>
<div class="line number14 index13 alt1">
<code class="bash comments"># RUN squid -z</code>
</div>
<div class="line number15 index14 alt2">
<code class="bash comments"># 却无法创建cache目录,导致squid无法启动</code>
</div>
<div class="line number16 index15 alt1">
<code class="bash comments"># 故将初始化和启动命令写入脚本中</code>
</div>
<div class="line number17 index16 alt2">
<code class="bash plain">RUN </code><code class="bash functions">echo</code> <code class="bash plain">-e </code><code class="bash string">'#!/bin/sh\n[ -d /var/cache/squid/00 ] || squid -z\nsquid -N'</code> <code class="bash plain">></code><code class="bash plain">/squid</code><code class="bash plain">.sh; \</code>
</div>
<div class="line number18 index17 alt1">
<code class="bash spaces"> </code><code class="bash functions">chmod</code> <code class="bash plain">+x </code><code class="bash plain">/squid</code><code class="bash plain">.sh</code>
</div>
<div class="line number19 index18 alt2">
<code class="bash plain">EXPOSE 3128</code>
</div>
<div class="line number20 index19 alt1">
<code class="bash plain">CMD [</code><code class="bash string">"/squid.sh"</code><code class="bash plain">]</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
构造镜像:<code>docker build ./ -t squid:latest</code></p>
<p>
启动容器:<code>docker run -d -p 3128:3128 --name squid squid:latest</code></p>
<p>
<span><strong>使用HTTP代理</strong></span></p>
<p>
内网其它不能直接访问外网的机器可以设置使用n147提供的代理服务。</p>
<p>
<span><strong>全局的环境变量</strong></span></p>
<p>
在/etc/environment(不需要export),/etc/profile或/etc/profile.d/http_proxy.sh导出http_proxy和https_proxy</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_597040">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash functions">export</code> <code class="bash plain">http_proxy=http:</code><code class="bash plain">//2</code><code class="bash plain">.2.2.147:3128</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash functions">export</code> <code class="bash plain">https_proxy=http:</code><code class="bash plain">//2</code><code class="bash plain">.2.2.147:3128</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
squid可以作为https代理,只要设置 <code>https_proxy=http://2.2.2.147:3128</code>, 即这个环境变量以http://开头。</p>
<p>
<span><strong>Docker</strong></span></p>
<p>
Docker需要单独设置代理,新建文件/etc/systemd/system/docker.service.d/http-proxy.conf,内容如下(注意多项环境变量之间要有空格,还设置了对私有镜像仓库不使用代理):</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_343410">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"></code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">Environment=</code><code class="bash string">"HTTP_PROXY=http://2.2.2.147:3128"</code> <code class="bash string">"HTTPS_PROXY=http://2.2.2.147:3128"</code> <code class="bash string">"NO_PROXY=localhost,10.0.0.147"</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
重启<code>docker daemon: systemctl restart docker</code>,执行<code>docker info</code>查看是否生效。</p>
<p>
<span><strong>yum</strong></span></p>
<p>
yum 会使用全局代理设置,也可以单独设置代理,在/etc/yum.conf中增加:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_328515">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">proxy=http:</code><code class="bash plain">//2</code><code class="bash plain">.2.2.147:3128</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<span><strong>apt</strong></span></p>
<p>
在文件/etc/apt/apt.conf中增加:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_330416">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">Acquire::http::proxy </code><code class="bash string">"http://2.2.2.147:3128"</code><code class="bash plain">;</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">Acquire::https::proxy <a rel=</code><code class="bash string">"external nofollow"</code> <code class="bash plain">href=</code><code class="bash string">"http://2.2.2.147:3128"</code><code class="bash plain">>http:</code><code class="bash plain">//2</code><code class="bash plain">.2.2.147:3128<</code><code class="bash plain">/a</code><code class="bash plain">>;</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<span><strong>总结</strong></span></p>
<p>
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作能带来一定的帮助,如果有疑问大家可以留言交流,谢谢大家对服务器之家的支持。</p>
<p>
原文链接:https://ying-zhang.github.io/misc/2017-04-setup-squid-proxy/</p>
頁:
[1]