Ubuntu Squid Proxy Server installation configuration

Installation:

Download the installation package Http://pan.baidu.com/s/1mitvwpE

Unzip the tar -xzvf file. tar. gz

Compile:

Go to sbin directory execution

./configure--prefix=/usr/local/squid--sysconfdir=/etc--enable-gnuregex--enable-icmp--ENABLE-SNMP-- Enable-default-err-language= "Simplify_chinese"--enable-kill-parent-hack--enable-cache-digests-- Enable-underscore--enable-poll--enable-async-io=240--enable-arp-acl--enable-delay-pools-- Enable-follow-x-forwarded-for--with-large-files--with-default-user=squid

This process will take some time. then execute make; make install;

Enter/usr/local/squid/sbin/squid

Squid-z   initializing the cache directory

Squid Reload Reload Configuration

Squid Restart  restart

Squid-k Parse   checks the squid.conf configuration file and prompts if there are errors

Squid-n-d1  foreground start, print startup information

Squid-s  background boot, and store boot log

Squid-k Shutdown Stop Service

OK, check local access:

Switch to the Squid/bin directory and perform squidclient www.sina.com to view the return information.

Configuration file:

ACL localnet src 10.0.0.0/8 # RFC1918 possible internal networkacl localnet src 172.16.0.0/12 # RFC1918 possible inte rnal networkacl localnet src 192.168.0.0/16 # RFC1918 possible internal networkacl localnet src FC00::/7 # RFC 4193 Local private network Rangeacl localnet src FE80::/10 # RFC 4291 link-local (directly plugged) machinesacl Cao Src XX          . xx.xx.xx #cao是名字 is allowed after the Ipacl ssl_ports Port 443acl safe_ports Port # httpacl Safe_ports Port 21 # Ftpacl Safe_ports Port 443 # httpsacl safe_ports Port # gopheracl safe_ports Port # W         Aisacl safe_ports Port 1025-65535 # unregistered Portsacl safe_ports Port 280 # http-mgmtacl Safe_ports Port 488 # Gss-httpacl Safe_ports Port 591 # Filemakeracl Safe_ports Port 777 # multiling Httpacl CONNECT m Ethod connecthttp_access deny! Safe_portshttp_access allow Cao #允许上边定义的cao地址 # deny connect to other than secure SSL portshttp_access Deny Connect ! ssl_ports# cachemgr access from localhosthttp_access allow localhost managerhttp_access deny managerhttp_acces s allow Allhttp_port xx.xx.xx.xx:xx #服务器地址和设置一个任意端口号, default 3128cache_dir ufs/usr/local/squid/var/cache/squid 100 16    256coredump_dir/usr/local/squid/var/cache/squiddns_nameservers 114.114.114.114 #dnsrefresh_pattern ^ftp:1440 20% 10080refresh_pattern ^gopher:1440 0% 1440refresh_pattern-i (/cgi-bin/|\?) 0 0% 0refre               Sh_pattern. 0 20% 4320

Finally, attach the configuration details:

#acl all src 0.0.0.0/0.0.0.0 and http_access the Allow all option defines an access control list. For details see and squid Software # carry documentation. The access control list here allows all access to the proxy service because the agent is accelerating the Web server. ACL all src 0.0.0.0/0.0.0.0 #允许所有IP访问acl manager proto HTTP #manager URL protocol is httpacl Localho                 St src 127.0.0.1/255.255.255.255 #允午本机IPacl to_localhost DST 127.0.0.1 #允午目的地址为本机IPacl safe_ports Port 80 # The port that allows security updates is 80acl Connect method connect #请求方法以CONNECThttp_access allow all #允许所有人使用 The agent. Because this is the Agent Acceleration Web server http_reply_access Allow all #允许所有客户端使用该代理acl overconnlimit maxconn #限制每个IP最大允许 16 connections to prevent attack Http_access deny overconnlimiticp_access deny all #禁止从邻居服务器缓冲内发送和接收ICP请求. Miss_access Allo W all #允许直接更新请求ident_lookup_access deny all #禁止lookup检查DNShttp_port 8080 tra Nsparent #指定Squid监听浏览器客户请求的端口号.                Hierarchy_stoplist Cgi-bin? #用来强制某些特定的对象不被缓存, mainly for the purpose of security. ACL QUERY Urlpath_regex cgi-bin \?cache deny Querycache_mem 1 GB #这是一个优化选项, increasing this memory value facilitates caching. It should be noted that: #一般来说如果系统有内存, set this value to (n/) 3M. It's 3G, so here 1gfqdncache_size #FQDN cache size Maximum_object_size_in_memory 2 MB #允许最大的文件载入内存memory_replacemen T_policy Heap Lfuda #动态使用最小的, move out of memory Cachecache_replacement_policy heap Lfuda #动态使用最小的, remove drive Cachecache_dir ufs/home/c Ache #高速缓存目录 UFS type uses the maximum allowable 1000MB space, #32个一级目录, 512 level two directories Max_open_disk_fds 0 #允 Maximum number of open files, 0 unlimited minimum_object_size 1 KB #允午最小文件请求体大小maximum_object_size MB #允午最 Large file request body size Cache_swap_low #最小允许使用swap 90%cache_swap_high #最多允许使用s WAP 95%ipcache_size 2048 # IP Address cache size 2mipcache_low #最小允 Xu Ipcache uses swap 90%ipcache_high #最大允许ipcache使用swap 90%access_log/var/log/squid/access. Log sQuid #定义日志存放记录cache_log/var/log/squid/cache.log Squidcache_store_log None #禁止store日志emulate _httpd_log on #将使Squid仿照Web服务器的格式创建访问记录. If you want to use #Web访问记录分析程序, you need to set this parameter. Refresh_pattern. 0 20% 4320 override-expire override-lastmod reload-into-ims ignore-reload #更新cache规则acl buggy_server url_regex ^http://. http://#只允许http的请求broken_posts allow Buggy_serveracl Apache rep_header Server ^apache #允许apa Che's code broken_vary_encoding allow apacherequest_entities off #禁止非http的标分准请求 to prevent attack head Er_access header allow all #允许所有的http报头relaxed_header_parser on #不严格                        Parses the HTTP header. Client_lifetime minute #最大客户连接时间 120 min cache_mgr [email protected] #指定当缓冲出现问题时向缓冲管理者发送告警信息的地址信息. Cache_effective_user Squid #这里以用户squid的身份Squid服务器cache_effective_group squIdicp_port 0 #指定Squid从邻居服务器缓冲内发送和接收ICP请求的端口号. #这里设置为0是因为这里配置Squid为内部Web服务器的加速器, #所以不需要使用邻居服务器的缓冲. 0 is disabled # Cache_peer setting allows the host to update the cache because it is native so 127.0.0.1cache_peer 127.0.0.1 parent 0 no-query Default Multicast-responder No-netdb-exchangecache_peer_domain 127.0.0.1 hostname_aliases 127.0.0.1error_directory/us R/share/squid/errors/simplify_chinese #定义错误路径always_direct allow all # cache missing or absent is to permit all requests to be forwarded directly to the original server I Gnore_unknown_nameservers on #开反DNS查询, when the domain name address is not the same, access Coredump_dir/var/log/squid is forbidden #定义dump的目录max_fil                                Edesc 2048 #最大打开的文件描述half_closed_clients off #使Squid在当read不再返回数据时立即关闭客户端的连接. #有时read不再返回数据是由于某些客户关闭TCP的发送数据 #而仍然保持接收数据. The squid does not distinguish between TCP semi-shutdown and full shutdown. Buffered_logs on #若打开选项 "buffered_logs" can slightly increase the speed at which some of the log files are written, which is primarily an optimization feature. #防止天涯盗链, passed on to Baidu ACL Tianya referer_regex-i tianyahttp_access deny TiAnyadeny_info tianya# block Baidu Spider ACL Baidu req_header user-agent baiduspiderhttp_access deny baidu# limit the maximum number of connections for the same IP client ACL Overconnlimit maxconn 128http_access deny overconnlimit# prevents people from being exploited as an HTTP proxy, setting the allowed IP address ACL myip DST 222.18.63.37http_access Deny!myip# allows local management of ACL manager Proto Cache_objectacl Localhost src 127.0.0.1 222.18.63.37http_access allow manager localhos TCACHEMGR_PASSWD 53034338 allhttp_access deny manager# only allow 80 port proxy ACL all src 0.0.0.0/0.0.0.0acl safe_ports Port # httph Ttp_access Deny! Safe_portshttp_access allow All#squid information settings visible_hostname happy.swjtu.edu.cncache_mgr [email protected]# Basic setup Cache_effective_user squidcache_effective_group squidtcp_recv_bufsize 65535 bytes#2.6 Reverse proxy acceleration Configuration Cache_peer 127.0.0.1 Parent 0 no-query originserver# Error document error_directory/usr/local/squid/share/errors/simplify_chinese# single use, Do not use this feature Icp_port 0hierarchy_stoplist cgi-bin? ACL QUERY Urlpath_regex cgi-bin \?. php. CGI. avi. wmv. rm. RAM. mpg. mpeg. Zi P. execache deny Queryacl Apache Rep_header ServeR ^apachebroken_vary_encoding allow Apacherefresh_pattern ^ftp:1440 20% 10080refresh_pattern ^gopher:             1440 0% 1440refresh_pattern. 0 20% 4320cache_store_log Nonepid_filename/usr/local/squid/var/logs/squid.pidemulate_httpd_log onlogformat Combine D%>a%ui%un [%tl] "%rm%ru http/%rv"%Hs%<St"%{referer}>h ""%{user-agent}>h "%ss:%shcache_log/usr/local/squid/var/logs/cache.logaccess_log/usr/local/squid/var/ Logs/access.log Combinedcoredump_dir/usr/local/squid/var/cachecache_dir Ufs/usr/local/squid/var/cache 10000 16 256dns_children 32hosts_file/etc/hostscache_mem mbcache_swap_low 90cache_swap_high 95maximum_object_size 32768 Kbmaximum_object_size_in_memory 4096 Kbemulate_httpd_log on# prevent hotlinking ACL picurl url_regex-i \.bmp$ \.png$ \.jpg$ \.gif$ \.jpe G$acl mystie1 referer_regex-i happy.swjtu.edu.cnhttp_access allow mystie1 picurlacl nullref referer_regex-i ^ $http _acce SS Allow Nullrefacl hasref referer_regex-i. +http_access deny Hasref Picurl

Ubuntu Squid Proxy Server installation configuration