|
|
@@ -0,0 +1,80 @@
|
|
|
+# squid代理服务器搭建
|
|
|
+
|
|
|
+### 需求背景
|
|
|
+
|
|
|
+服务器规划中,只有堡垒机服务器具有公网访问权限,其他处于同一内网的服务器都不具备公网访问能力。所以需要在堡垒机服务器上搭建squid代理服务,让其他电脑能通过该代理服务访问公网。
|
|
|
+
|
|
|
+### 堡垒机安装squid代理服务(172.16.0.99)
|
|
|
+
|
|
|
+1. 安装squid
|
|
|
+
|
|
|
+ ```shell
|
|
|
+ apt-get update
|
|
|
+ apt-get install squid
|
|
|
+ ```
|
|
|
+
|
|
|
+2. 修改配置文件squid.conf
|
|
|
+
|
|
|
+ ```shell
|
|
|
+ vi /etc/squid/squid.conf
|
|
|
+ ```
|
|
|
+
|
|
|
+ 1. 代理服务器监听的端口配置
|
|
|
+
|
|
|
+ ```
|
|
|
+ http_port 3128
|
|
|
+ ```
|
|
|
+
|
|
|
+ 2. 设置允许访问的IP地址
|
|
|
+
|
|
|
+ 在 acl CONNECT method CONNECT 后面换行添加,定义要授权的IP或者IP段
|
|
|
+
|
|
|
+ ```shell
|
|
|
+ acl safe_ips src 172.16.0.159
|
|
|
+ 或者
|
|
|
+ acl safe_ips src 172.16.0.0/24
|
|
|
+ ```
|
|
|
+
|
|
|
+ 然后在 http_access allow localhost manager 后面换行添加,配置上面已定义的授权的IP或者IP段
|
|
|
+
|
|
|
+ ```shell
|
|
|
+ http_access allow safe_ips
|
|
|
+ ```
|
|
|
+
|
|
|
+3. 重启squid服务
|
|
|
+
|
|
|
+ ```shell
|
|
|
+ service squid restart
|
|
|
+ ```
|
|
|
+
|
|
|
+### 其他服务器配置代理,通过代理服务器上网(172.16.0.159)
|
|
|
+
|
|
|
+1. 方式一:
|
|
|
+
|
|
|
+ ```shell
|
|
|
+ export http_proxy="172.16.0.99:3128"
|
|
|
+ ```
|
|
|
+
|
|
|
+2. 方式二(推荐):
|
|
|
+
|
|
|
+ ```shell
|
|
|
+ vi ~/.bashrc
|
|
|
+ ```
|
|
|
+
|
|
|
+ 在末尾添加以下内容
|
|
|
+
|
|
|
+ ```shell
|
|
|
+ set proxy
|
|
|
+ export http_proxy="http://172.16.0.99:3128"
|
|
|
+ export https_proxy="https://172.16.0.99:3128"
|
|
|
+ export ftp_proxy="ftp://172.16.0.99:3128"
|
|
|
+ ```
|
|
|
+
|
|
|
+ 保存。使配置生效
|
|
|
+
|
|
|
+ ```shell
|
|
|
+ source ~/.bashrc
|
|
|
+ ```
|
|
|
+
|
|
|
+
|
|
|
+
|
hatim