Installation and configuration of Squid Proxy server under CentOS 6.4
First, Introduction
Proxy Server English full name is proxy server, its function is proxy network users to obtain network information.
Squid is a software that caches Internet data, receives a user's download request, and automatically processes the downloaded data. When a user wants to download a homepage, they can send a request to squid to download it instead, then squid connects to the requested website and requests the homepage, and then passes the page to the user while keeping a backup, and when other users apply for the same page, squid The saved backups are immediately passed on to the user, making the user feel quite fast. Squid can proxy http, FTP, GOPHER, SSL and WAIS protocols and squid can be processed automatically, you can set the squid according to their own needs, so that they filter out the unwanted things.
1.1 Work Flow
When there is data required by the client in the proxy server:
A. The client sends data requests to the proxy server;
B. The proxy server checks its own data cache;
C. The proxy server finds the user's desired data in the cache and extracts the data;
D. The proxy server returns the data obtained from the cache to the client.
When there is no data required by the client in the proxy server:
1. The client sends data requests to the proxy server;
2. The proxy server checks its own data cache;
3. The proxy server does not find the data that the user wants in the cache;
4. The proxy server sends data requests to remote servers on the Internet;
5. Remote server response, return the corresponding data;
6. The proxy server obtains data from the remote server, returns it to the client, and retains a copy of the data in its own cache.
650) this.width=650; "src=" http://image.mamicode.com/info/201603/20181019234047144184.jpg "/>
Squid Proxy Server works in the application layer of TCP/IP.
650) this.width=650; "title=" Squid "src=" http://image.mamicode.com/info/201603/20181019234047265283.jpg "alt=" Squid "height=" "border=" 0 "width="/>
1.2 Squid Category
According to the different types of agents, squid agent can be divided into a forward proxy and reverse proxy, the forward proxy, according to the implementation of different ways, but also can be divided into ordinary agents and transparent agents.
Normal Proxy: Requires the client to specify the address and port of the proxy server in the browser;
Transparent proxy: The gateway host for the enterprise (shared access to the Internet), the client does not need to specify the proxy server address, port and other information, the proxy server needs to set a firewall policy to transfer the client's Web Access data to the agent service process;
Reverse proxy: Refers to the proxy server to accept the connection request on the Internet, and then forward the request to the server on the internal network, and the results obtained from the server to the Internet to request the connection of the client, when the proxy server appears as a server.
Official address: http://www.squid-cache.org/
Reference Document: http://www.squid-cache.org/Doc/config/
Second, the system environment
Operating system: CentOS release 6.4 (Final)
Squid version: squid-3.1.10-20.el6_5.3.x86_64
Selinux=disabled
HTTP service:stoped
Third, the installation of Squid service
3.1 Check if squid software is installed
# Rpm-qa|grep Squid
3.2 If it is not installed, install it using the Yum method
# yum-y Install Squid
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px; "title=" 2 "src=" Http://image.mamicode.com/info/201603/20181019234047359036.jpg "alt=" 2 "height=" 402 "border=" 0 "width=" 722 "/>
3.3 Setting up boot from
# chkconfig--level squid on//automatic squid service on 3 and 5 levels
Four, Squid server configuration file description
Squid's main configuration file is/etc/squid/squid.conf, all squid settings are configured in this file, let us explain the configuration options for this file.
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "/>
Http_port MB mb/var/spool/squid%>a%ui%un [%tl]%Hs%<st%ss:%sh/var/log/squid /access.log combined./
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "/>
on the ACL knowledge, you can self-check Baidu, other more advanced options, please refer to the Official document:http://www.squid-cache.org/Doc/config/.
Note:squid2.0 and squid3.0 difference is still very large, if the configuration is complete, start squid is not correct, please refer to the official documentation of the corresponding version of the instructions.
V. General Agency Services
The standard, traditional proxy service requires the client to specify the address and port of the proxy server in the browser.
The experimental topology diagram is as follows:
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px; "title=" Squid-normal "src=" http://image.mamicode.com/info/201603/20181019234047613929.jpg "alt=" "Squid-normal" height= "395" border= "0" width= "634"/>
5.1 Configuring the Squid Proxy server IP address
Modify the IP address of the eth1 to 200.168.10.1
# ifconfig eth1 200.168.10.1
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px; "title=" 3 "src=" Http://image.mamicode.com/info/201603/20181019234047698893.jpg "alt=" 3 "height=" 393 "border=" 0 "width=" 616 "/>
5.2 Editing Squid Master profile/etc/squid/squid.conf
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "/>
Http_port 3128 cache_mem mb maximum_object_size 4 MB Cache_dir ufs/var/spool/squid D/access.log ACL localnet src 192.168.1.0/24 http_access allow localnet http_access deny all Visible_hostname squid.david. Dev cache_mgr [email protected]
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "/>
5.3 Initialization
# squid–z
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px; "title=" 4 "src=" Http://image.mamicode.com/info/201603/20181019234047804366.jpg "alt=" 4 "height=" 525 "border=" 0 "width=" 526 "/>
5.4 Starting Squid
#/etc/init.d/squid Start
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px; "title=" 5 "src=" Http://image.mamicode.com/info/201603/20181019234047909839.jpg "alt=" 5 "height=" "border=" 0 "width=" 552 "/>
5.5 Configuring the Web server
A. Installing Apache
# Rpm-qa|grep HTTPD
# yum-y Install httpd
B. Launch Apache and join boot boot
#/ETC/INIT.D/HTTPD Start
# Chkconfig httpd on
C. Create index.html
# echo "
D. Modifying the Web server IP address
Modify the IP address of the Web server to 200.168.10.2
# ifconfig Eth0 200.168.10.2
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px; "title=" 6 "src=" Http://image.mamicode.com/info/201603/20181019234047975271.jpg "alt=" 6 "height=" 322 "border=" 0 "width=" 724 "/>
5.6 Configuring the Client IP address
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;margin:0px;padding-right:0px ; border-width:0px; "title=" 7 "src=" Http://image.mamicode.com/info/201603/20181019234048374700.jpg "alt=" 7 "height= "429" border= "0" width= "413"/>
5.7 Configuring the browser agent
Open the browser (for example in IE, other similar), the Internet Options----LAN settings---proxy server, and so on, menu bar, tools, and so on, in the following format.
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px; "title=" 8 "src=" Http://image.mamicode.com/info/201603/20181019234048478220.jpg "alt=" 8 "height=" 310 "border=" 0 "width=" 413 "/>
5.8 Testing
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px; "title=" 9 "src=" Http://image.mamicode.com/info/201603/20181019234048673540.jpg "alt=" 9 "height=" 601 "border=" 0 "width=" 798 "/>
The test was successful.
5.9 Test Error page
In Oracle VM VirtualBox, because the IP address is manually set above, the extranet is inaccessible, just to test the page where the error is accessed.
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px, "title=", "src=", "http://image.mamicode.com/info/201603/20181019234048770223.jpg" alt= "ten" height = "683" border= "0" width= "816"/>
You can see the parameters set in the Squid configuration file displayed on the error page.
Vi. Transparent Proxy Services
The gateway host for the enterprise, the client does not need to specify the proxy server address, port and other information, through Iptables the client's Web Access data to the agent service program processing.
The experimental topology diagram is as follows:
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" Squid-transparent "src=" http://image.mamicode.com/info/201603/20181019234049011444.jpg "alt=" Squid-transparent "height=" 395 "border=" 0 "width=" 634 "/>
6.1 Modifying Squid Master profile/etc/squid/squid.conf
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "/>
Http_port 3128 transparent Cache_mem (MB) maximum_object_size 4 MB Cache_dir ufs/var/spool/squid-access_log/ Var/log/squid/access.log ACL localnet src 192.168.1.0/24 http_access allow localnet http_access deny all Visible_hostname Squid.david.dev cache_mgr [email protected]
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "/>
Add the transparent keyword after http_port 3128.
6.2 Reload
Reload let the above configuration take effect.
#/etc/init.d/squid Reload
6.3 Add Iptables rule to redirect internal HTTP requests to Port 3128
A. Starting the Iptables service
#/etc/init.d/iptables Start
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px; "title=" one "src=" http://image.mamicode.com/info/201603/20181019234049149144.jpg "alt=" one "height = "Border=" "0" width= "564"/>
B. Clearing existing iptables filter table rules
# iptables-f
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px, "title=", "src=" http://image.mamicode.com/info/201603/20181019234049222389.jpg "alt=" "Height" = "369" border= "0" width= "764"/>
C. Save Iptables settings
#/etc/init.d/iptables Save
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px , "title=" "src=" http://image.mamicode.com/info/201603/20181019234049339581.jpg "alt=" "height=" 251 "border=" 0 " Width= "564"/>
D. View NAT Table settings
# iptables-t Nat-l-N
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px, "title=" "src=" http://image.mamicode.com/info/201603/20181019234049451890.jpg "alt=" height = "131" border= "0" width= "446"/>
E. Adding a rule to the NAT table
# iptables-t Nat-i prerouting-i eth0-s 192.168.1.0/24-p tcp--dport 80-j REDIRECT--to-port 3128
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px, "title=" src= "http://image.mamicode.com/info/201603/20181019234049527088.jpg" alt= "height" = "131" border= "0" width= "" "/>
F. Saving
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px , "title=" "src=" http://image.mamicode.com/info/201603/20181019234049920658.jpg "alt=" "height=" 265 "border=" 0 " Width= "732"/>
G. Setting up Iptables boot
# chkconfig Iptables on
6.4 Modifying the client IP address
Set the default gateway to the intranet IP address of the squid server.
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px, "title=" src= "http://image.mamicode.com/info/201603/20181019234050038827.jpg" alt= "height" = "429" border= "0" width= "414"/>
6.5 In the browser, cancel the proxy settings
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px; border-width:0px, "title=" "src=" http://image.mamicode.com/info/201603/20181019234050258562.jpg "alt=" height = "310" border= "0" width= "413"/>
6.6 Testing
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://image.mamicode.com/info/201603/20181019234050749792.jpg" alt= "height=" 683 "border=" 0 " Width= "816"/>
Transparent proxy test succeeded.
Seven, reverse proxy services
Provides cache acceleration for Internet users to access enterprise Web sites.
The experimental topology diagram is as follows:
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" Squid-reverse "src=" http://image.mamicode.com/info/201603/20181019234050826943.jpg "alt=" Squid-reverse " height= "389" border= "0" width= "580"/>
7.1 Shutting down the firewall
#/etc/init.d/iptables Stop
7.2 Modifying the Web Server home page
WEB1:
# echo "
WEB2:
# echo "
7.3 Configuring Squid
Http_port Accel Vhost http_access allow all Cache_peer 192.168.1.18 parent 0 originserver round-robin weight=1 cache _peer 192.168.1.19 Parent 0 originserver round-robin weight=1 visible_hostname squid.david.dev cache_mgr [email protect Ed
7.4 Start Squid Service
650) this.width=650; "title=" src= "http://image.mamicode.com/info/201603/20181019234050883586.jpg" alt= "24" height= "239" border= "0" width= "780"/>
Squid boot failed, because the above set squid listening port is 80, and the system HTTP service conflict, so the HTTP service to stop.
7.5 Squid failed to start, the system boot from the Apache service shutdown.
650) this.width=650; "title=" src= "http://image.mamicode.com/info/201603/20181019234050944135.jpg" alt= "25" height= "border=" 0 "width=" 571 "/>
7.6 Testing
Squid uses Round-robin, so client access will poll two Web servers with "Ctrl + F5" to refresh the test in depth.
WEB1:
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "Title=" "src=" http://image.mamicode.com/info/201603/20181019234051003708.jpg "alt=" "height=" 352 "border=" 0 " Width= "816"/>
WEB2:
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px , "title=" "src=" http://image.mamicode.com/info/201603/20181019234051078906.jpg "alt=" "height=" "352" border= "0" Width= "816"/>
View squid's access logs.
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "Title=" "src=" http://image.mamicode.com/info/201603/20181019234051211723.jpg "alt=" "" height= "134" border= "0" Width= "/>"
Viii. Practical Application
The following experiment will simulate the use of different domain names to access different machines, simple to achieve load balancing in enterprise applications. The client enters Www.squid.dev in the browser address bar, will access 192.168.1.18 this machine, Access Bbs.squid.dev, will access 192.168.1.19 this machine.
The experimental topology diagram is as follows:
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" Squid-reverse-domain "src=" http://image.mamicode.com/info/201603/20181019234051279109.jpg "alt=" Squid-reverse-domain "height=" 389 "border=" 0 "width=" 598 "/>
8.1 Modifying the Web Server home page
WEB1:
# echo "
WEB2:
# echo "
8.2 Configuring Squid
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "/>
Http_port Accel Vhost http_access allow all Cache_peer 192.168.1.18 parent 0 originserver name=www Cache_peer 192.16 8.1.19 Parent 0 originserver Name=bbs cache_peer_domain www www.squid.dev cache_peer_domain bbs bbs.squid.dev visible_h Ostname Squid.david.dev cache_mgr [email protected]
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "/>
8.3 Configuring the Client
Here can use the DNS service to resolve, here we for convenience, is directly specified in the Hosts file.
Modify the C:\Windows\System32\drivers\etc\hosts file
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px , "title=" "src=" http://image.mamicode.com/info/201603/20181019234051376769.jpg "alt=" + "height=" 213 "border=" 0 " Width= "816"/>
8.4 Testing Network conditions
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px "Title=" "src=" http://image.mamicode.com/info/201603/20181019234051457827.jpg "alt=" "height=" "683" border= "0" Width= "816"/>
8.5 Test Www.squid.dev
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px , "title=" src= "http://image.mamicode.com/info/201603/20181019234051546697.jpg" alt= "height=" "327" "border=" 0 " Width= "816"/>
8.6 Test Bbs.squid.dev
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px ; "title=" src= "http://image.mamicode.com/info/201603/20181019234051619942.jpg" alt= "height=" 327 "border=" 0 " Width= "816"/>
8.7 Viewing Squid access logs
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px , "title=" "src=" http://image.mamicode.com/info/201603/20181019234051700023.jpg "alt=" "height=" "133" border= "0" Width= "/>"
8.8 Viewing Apache access logs for two servers
# Tailf/var/log/httpd/access.log
650) this.width=650; "Style=" background-image:none;padding-top:0px;padding-left:0px;padding-right:0px;border:0px , "title=" src= "http://image.mamicode.com/info/201603/20181019234051766432.jpg" alt= "" "height=" 483 "border=" 0 " Width= "731"/>
The test was successful.
Installation and configuration of Squid Proxy server