Categories
學習筆記

CentOS下安裝squid做匿名代理用途

squid
1)什麼是squid?
Squid Cache(簡稱為Squid)是一款HTTP代理服務器(HTTP proxy)軟件,可作为缓存服务器,可过滤流量帮助网络安全(屏蔽不安全的站點),也可作为代理服务器(純粹中轉或是匿名都可)。比較進階的用途也可做作為網站的前端緩存,加強服務器的負載能力或是過濾危險流量(當然這樣的話就得前端和後端就得分開部署)。

2)如果是做匿名代理用途,squid和一般的proxy方式有何不同,有什麼優勢?
squid可以定義緩存文件夾,做適當的緩存,而非單純中轉,減少一般proxy雙重流量使用的問題。當然在某種程度上,緩存也會帶來一些類似更新不及時的問題,就得看你怎麼去設定緩存的時間了。

3)squid匿名代理部署方法如下:

yum -y update
yum -y install squid
chkconfig on squid
iptables -I INPUT -p tcp --dport 3128 -j ACCEPT
service iptables save
service iptables restart

squid_conf_file=/etc/squid/squid.conf
hostname=proxy.gidcs.net
[email protected]

cp ${squid_conf_file} ${squid_conf_file}.backup
echo 'visible_hostname '$hostname > ${squid_conf_file}
echo 'cache_mgr '$email >> ${squid_conf_file}
echo 'forwarded_for off' >> ${squid_conf_file}
echo 'request_header_access Allow allow all' >> ${squid_conf_file}
echo 'request_header_access Authorization allow all' >> ${squid_conf_file}
echo 'request_header_access WWW-Authenticate allow all' >> ${squid_conf_file}
echo 'request_header_access Proxy-Authorization allow all' >> ${squid_conf_file}
echo 'request_header_access Proxy-Authenticate allow all' >> ${squid_conf_file}
echo 'request_header_access Cache-Control allow all' >> ${squid_conf_file}
echo 'request_header_access Content-Encoding allow all' >> ${squid_conf_file}
echo 'request_header_access Content-Length allow all' >> ${squid_conf_file}
echo 'request_header_access Content-Type allow all' >> ${squid_conf_file}
echo 'request_header_access Date allow all' >> ${squid_conf_file}
echo 'request_header_access Expires allow all' >> ${squid_conf_file}
echo 'request_header_access Host allow all' >> ${squid_conf_file}
echo 'request_header_access If-Modified-Since allow all' >> ${squid_conf_file}
echo 'request_header_access Last-Modified allow all' >> ${squid_conf_file}
echo 'request_header_access Location allow all' >> ${squid_conf_file}
echo 'request_header_access Pragma allow all' >> ${squid_conf_file}
echo 'request_header_access Accept allow all' >> ${squid_conf_file}
echo 'request_header_access Accept-Charset allow all' >> ${squid_conf_file}
echo 'request_header_access Accept-Encoding allow all' >> ${squid_conf_file}
echo 'request_header_access Accept-Language allow all' >> ${squid_conf_file}
echo 'request_header_access Content-Language allow all' >> ${squid_conf_file}
echo 'request_header_access Mime-Version allow all' >> ${squid_conf_file}
echo 'request_header_access Retry-After allow all' >> ${squid_conf_file}
echo 'request_header_access Title allow all' >> ${squid_conf_file}
echo 'request_header_access Connection allow all' >> ${squid_conf_file}
echo 'request_header_access Proxy-Connection allow all' >> ${squid_conf_file}
echo 'request_header_access User-Agent allow all' >> ${squid_conf_file}
echo 'request_header_access Cookie allow all' >> ${squid_conf_file}
echo 'request_header_access All deny all' >> ${squid_conf_file}
echo 'http_access allow all' >> ${squid_conf_file}
cat ${squid_conf_file}.backup >> ${squid_conf_file}
service squid restart

備註:關於hostname和email的部份可自行修改。

4)大陸的vps(比如騰訊云)無法連接到某些國外的ip 可否用此proxy方法做中轉?
當然是可以的。據了解,騰訊云上是無法安裝virtualmin的,原因是騰訊云無法到達virtualmin的服務器,利用http_proxy的方法即可達到中轉效果,成功安裝virtualmin。
只需在執行下面命令后重啟vps即可。

proxy_server_ip=XXX.XXX.XXX.XXX
echo 'http_proxy=http://'${proxy_server_ip}':3128/' >> /etc/environment
echo 'no_proxy=mirrors.tencentyun.com' >> /etc/environment

no_proxy的設定是設定不中轉的白名單,因為騰訊的源是內網源,所以需要設定中轉來避免異常。

5)設定好proxy后 如何確定已經使用proxy_server訪問?
若是linux的vps,可以直接wget任何網址進行測試,你會發現連接的ip是proxy_server的ip;若是windows的一般電腦,你可以在firefox等瀏覽器設定好後,在谷歌搜索ip字樣,即可看到您當前的ip。

One reply on “CentOS下安裝squid做匿名代理用途”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.