Squid安装以及设置反向代理

背景介绍

平台:使用CentOS 7
软件:Squid 软件
客户端在通过代理服务器访问后端的web server ,并且使用https协议

拓扑图

1.安装相关依赖软件

[root@localhost ~]# yum install -y gcc openssl openssl-devel

2.安装squid软件

[root@localhost ~]# yum install -y squid

3.进入squil目录,并备份squid.conf

[root@localhost ~]# cd /etc/squid
[root@localhost squid]# cp squid.conf squid.conf.bak

4. 生成证书

[root@localhost squid]# openssl req -new > mybank.csr
[root@localhost squid]# openssl rsa -in privkey.pem -out mybank.key
[root@localhost squid]# openssl x509 -in mybank.csr -out mybank.crt -req -signkey mybank.key -days 3650

5.编辑squid配置文件

[root@localhost squid]# vim squid.conf
http_access allow localnet
http_access allow localhost
http_access allow all

http_port 80
https_port 443 accel vhost cert=/etc/squid/mybank.crt key=/etc/squid/mybank.key

cache_peer 10.1.1.21 parent 8080 0 no-query originserver name=aaa
cache_peer 10.1.1.22 parent 8080 0 no-query originserver name=bbb

cache_peer_domain aaa aaa.51ittech.com
cache_peer_domain bbb bbb.51ittech.com
cache_mem 64 MB
maximum_object_size 4 MB
minimum_object_size 0 KB
emulate_httpd_log off
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Ss/%Hs %<st %Sh "%{Referer}>h" "%{User-Agent}>h"
access_log /var/log/squid/access.log combined
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
visible_hostname squid.sr-cnvproxy
cache_mgr info@51ittech.com
修改squid的配置文件squid.conf
    用文本编辑器打开 /etc/squid/squid.conf,修改前备份一下配置文件,需要修改的地方:
   a、配置squid监听的端口
        找到http_port 3128在后面增加一行
        https_port 443 accel vhost cert=/etc/squid/mybank.crt key=/etc/squid/mybank.key

        注解:
        443 :squid将会监听的端口
        Transparent :透明模式,即不需要客户端做特殊的配置
   b、配置squid代理的服务的ip地址和端口号
        添加cache_peer 192.168.0.137 parent 80 0 no-query originserver

        注解:
            192.168.1.8 : 需要squid代理的服务器的ip
            7001 :需要squid代理的服务器指定服务的端口号

    c、在cache_peer 192.168.0.137 parent 80 0 no-query originserver下面添加visible_hostname volcano(任意命名)

        注解:
   Volcano :可以根据集体情况任意配置
     d、找到http_access deny all在其前面加#将这一行注释掉,然后增加一行
    http_access allow all

        注解:
       http_access allow all :squid访问权限的控制,允许所有人访问

6.启动或重启squid

    a、检查squid.conf是否符合要求
        squid -k parse
    b、重新加载squid.conf
        service squid reload
    c、重启squid
        service squid restart
    d、检查squid状态
        service squid status

Was this article helpful?

Yes No

Related Articles