Centos 7.2 install and configure the user-authenticated squit forward proxy, centossquit

Centos 7.2 install and configure the user-authenticated squit forward proxy, centossquit
Squit introduction? Squid is a software used to cache Internet data. It receives user download requests and automatically processes the downloaded data. When a user wants to download a home page, he/she can send an application to Squid to download the page instead of Squid. Then, Squid connects to the requested website and requests the home page, the home page is sent to the user and a backup is retained. When other users apply for the same page, Squid immediately sends the saved backup to the user.
? Depending on the proxy type, Squid proxy can be divided into forward proxy and reverse proxy. Forward proxy can be divided into common proxy and transparent proxy according to different implementation methods.
Common Proxy: the client needs to specify the address and port of the proxy server in the browser.
Transparent Proxy: Applicable to enterprise gateway hosts (shared access to the Internet). The client does not need to specify the proxy server address, port, and other information, the proxy server needs to set a firewall policy to forward the client's Web access data to the proxy service program for processing.
Reverse Proxy: the proxy server is used to receive connection requests from the Internet and then forward the requests to servers on the internal network, return the result obtained from the server to the Client Requesting connection from the Internet. The proxy server is displayed as a server.
I. Agent Server System Environment
[Root @ ecs-35f2 ~] # Cat/etc/redhat-release?
CentOS Linux release 7.2.1511 (Core )?
[Root @ ecs-35f2 ~] # Ip add
1: lo: Mtu 65536 qdisc noqueue state UNKNOWN?
? ? Link/loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00
? ? Inet 127.0.0.1/8 scope host lo
? ? ? ? Valid_lft forever preferred_lft forever
? ? Inet6 :: 1/128 scope host?
? ? ? ? Valid_lft forever preferred_lft forever
2: eth0: Mtu 1500 qdisc pfifo_fast state UP qlen 1000
? ? Link/ether fa: 16: 3e: 49: 29: b4 brd ff: ff
? ? Inet 192.168.2.181/24 brd 192.168.2.255 scope global dynamic eth0
? ? ? ? Valid_lft 75669sec preferred_lft 75669sec
? ? Inet6 fe80: f816: 3eff: fe49: 29b4/64 scope link?
? ? ? ? Valid_lft forever preferred_lft forever
Ii. yum install squid, here using the htpasswd Password Authentication Based on web Service apache, so also install httpd [root @ ecs-35f2 ~] # Yum install-y squid
[Root @ ecs-35f2 ~] # Yum install-y httpd
3. Create a user and set the password. Note that the password length should not exceed 8 characters [root @ ecs-35f2 squid] # htpasswd-cd/etc/squid/passwords test? # Test is used to obtain the user name.
New password :??? # Enter the same password twice
Re-type new password :?
Adding password for user test
4. Verify the password file [root @ ecs-35f2 squid] #/usr/lib64/squid/basic_ncsa_auth/etc/squid/passwords?
Test qq .. 123
OK?
# Show OK to prove the success (User name: test, password qq .. 123), press ctrl + c terminal to Exit 5. Configure the squid file to open the default installation path/etc/squid. conf [root @ ecs-35f2 squid] # vim/etc/squid. conf
Here, I can only use the proxy's intranet IP segment and port number.
Because the rule is from top to bottom, you need to add authentication user configuration on http_access deny all to deny all the rules. You can also change it by yourself using the default port 3128, and so on. Add Note: # http_access allow localnet
Add: auth_param basic program/usr/lib64/squid/basic_ncsa_auth/etc/squid/passwords
Auth_param basic credentialsttl 5 hours
Acl ncsa_users proxy_auth REQUIRED
Http_access allow ncsa_users
Remove Note: cache_dir ufs/var/spool/squid 100 16 256

Save and exit
6. initialize squid [root @ ecs-35f2 ~] # Squid-z

Press ctrl + c to exit
7. Enable squid and set boot start [root @ ecs-35f2 ~] # Systemctl start squid. service?
[Root @ ecs-35f2 ~] # Systemctl enable? Squid. service?
Created symlink from/etc/systemd/system/multi-user.target.wants/squid. service to/usr/lib/systemd/system/squid. service.
8. Disable the firewall and set SELINUX = disabled [root @ ecs-35f2 ~] # Systemctl stop firewalld
[Root @ ecs-35f2 ~] # Cat/etc/selinux/config?
# This file controls the state of SELinux on the system.
# SELINUX = can take one of these three values:
#? ? ? Enforcing-SELinux security policy is enforced.
#? ? ? Permissive-SELinux prints warnings instead of enforcing.
#? ? ? Disabled-No SELinux policy is loaded.
SELINUX = disabled
# SELINUXTYPE = can take one of three two values:
#? ? ? Targeted-Targeted processes are protected,
#? ? ? Minimum-Modification of targeted policy. Only selected processes are protected .?
#? ? ? Mls-Multi Level Security protection.
SELINUXTYPE = targeted? 9. Client Windows Settings: Open IE browser, Internet Options, connection, LAN Settings, proxy server (set the proxy server's IP address and port, the proxy server's intranet ip address here is 192.168.2.181, the default port is 3128. Proxy servers can be connected to the public network)

If you click to access the Internet, the enter user name and password window will pop up. Enter the user name and password to access the Internet.

View IP
Linux client: [root @ ecs-5c78-0002 ~] # Ip add
1: lo: Mtu 65536 qdisc noqueue state UNKNOWN qlen 1
? ? Link/loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00
? ? Inet 127.0.0.1/8 scope host lo
? ? ? ? Valid_lft forever preferred_lft forever
? ? Inet6 :: 1/128 scope host?
? ? ? ? Valid_lft forever preferred_lft forever
2: eth0: Mtu 1500 qdisc pfifo_fast state UP qlen 1000
? ? Link/ether fa: 16: 3e: 08: 88: 97 brd ff: ff
? ? Inet 192.168.2.34/24 brd 192.168.2.255 scope global dynamic eth0
? ? ? ? Valid_lft 80590sec preferred_lft 80590sec
? ? Inet6 fe80: f816: 3eff: fe08: 8897/64 scope link?
? ? ? ? Valid_lft forever preferred_lft forever
Set

[Root @ ecs-5c78-0002 ~] # Export http_proxy = "test: qq..123@192.168.2.181: 3128"

# Export http_proxy = "proxy Username: password @ Proxy Server IP: Port"

Note: When you stop using the proxy, you must change the modified file to the original one. Especially if you use the export http_proxy = "" proxy Username: password @ Proxy Server IP: Port "command,
Enter unset http_proxy in the command line to remove the environment variable.
Because the export http_proxy = "" proxy Username: password @ Proxy Server IP: Port "command writes the settings after export into the environment setting file.
An exception occurs after deletion.
This is done!