天天看點
傳回

Squid Proxy

目錄

  • ​​前言​​
  • ​​服務端​​
  • ​用戶端​
  • ​​windows​​
  • ​​centos7​​
  • ​​ubuntu18+​​
  • ​​故障處理​​
  • ​常用源​
  • ​​ubuntu​​
  • ​​centos​​

前言

關于squid的這種應用詳細原理這裡不做贅述,推薦大家看了一下馬哥教育對squid服務的詳解,我們這裡更多的關注的squid的使用。

我們公司内部使用squid做代理服務,在某天突然壞了,我搞了五天,還沒有修複,終于在第五天的淩晨才修複,通過這次故障處理,我也成長了很多;從頭到尾把這次過程梳理一下。其實這個問題可以更快的解決,我雖然大概知道了問題所在,但是卻猶猶豫豫,沒有真正仔細的面對自己的判斷,沒有仔細看日志,白白浪費了好多天的時間。

拓撲描述:

服務端兩個網卡,可以上網的網卡IP為192.168.0.100,連接配接内網的網卡的IP是192.168.10.10

用戶端的IP都位于192.168.10.x網段,上網需要通過設定代理的服務端的IP即:192.168.10.10

服務端

服務的搭建相當簡單,就簡單的幾條指令就搞定了。

## Centos7
# 建立一個不能登入的使用者erbu,密碼設定為123456,讓用戶端使用
# 有的的時候用戶端在使用代理的時候必須指定代理的使用者名和密碼,但我們又不能給用戶端root密碼,讓用一個普通使用者即可。

useradd -s /sbin/nologin erbu && echo 123456 | passwd --stdin erbu

yum -y install squid
vim /etc/squid/squid.conf
acl lanhome1 src 192.168.0.2/32
http_access allow lanhmoe1
systemctl restart squid && ss -tnlp | grep 3128 && systemctl enable squid
systemctl stop firewalld && systemctl disable firewalld

建議我們在搭建用戶端的時候最好使用自己擅長的作業系統,我比較擅長centos,是以就假設我們的服務端是centos,因為ubuntu不太友善,比如ubuntu預設不允許root直接登入,普通使用者預設擁有sudo到root的權限,squid預設的配置檔案 廢話太多,盡管上述幾個缺點可以通過修改配置檔案改變,但我就是不願意費這個事,就直接使用centos做為服務端。

用戶端

服務端的搭建比較簡單,因為方法比較固定,但是用戶端使用方法有很多。

windows

widows隻要在設定當中開啟代理 ,指定服務端的IP+端口即可,早年間我在某個機關出差的時候發現,他們的很多電腦沒有設定網關,卻能正常的打開百度搜尋,我非常驚訝,後來發現原是設定了代理 。

centos7

在centos7當中,我們用代理往往是為了安裝軟體,比如yum、pip

-------------------------------------------------------------------------------------
# wget
## 第一種方法,在指令行當中直接指代理的IP和端口,如下所示,經測試成功,值得一提的是我的代理服務端應用是squid,套接字是10.100.0.9+3128,用戶端直接指定IP+端口就能使用wget,根本不需要指定使用者名和密碼,但這種方法隻能下載下傳http協定的東西,對https的東西是無法下載下傳的;
wget http://www.baidu.com -e use_proxy=yes -e http_proxy=192.168.10.10:3128

## 想要下載下傳https的東西,得這樣,如下所示,将http改成https;
wget --no-check-certificate https://mirrors.aliyun.com/repo/Centos-7.repo -e use_proxy=yes -e https_proxy=192.168.10.10:3128

## 第二種方法,在wget的配置檔案裡面寫,~/.wgetrc,新測有效;
http_proxy = http://192.168.10.10:3128
https_proxy = https://192.168.10.10:3128
ftp_proxy = http://192.168.10.10:3128
use_proxy = on
wait = 15
-------------------------------------------------------------------------------------
# yum
vim /etc/yum.conf
proxy=http://192.168.10.10:3128
proxy_username=erbu
proxy_password=123456
-------------------------------------------------------------------------------------
# pip
cd 
mkdir .pip
vim .pip/pip.conf
  [global]
  index-url=http://mirrors.aliyun.com/pypi/simple/
  [install]
  trusted-host=mirrors.aliyun.com

# 安裝測試
pip install t5 --proxy="http://192.168.10.10:3128"
------------------------------------------------------------------------------------

ubuntu18+ 

----------------------------------------------------------------------------------------------
# 加環境變量,放到.bashrc和/etc/profile是一樣的效果
root@client:~# cat .bashrc | tail -4
export http_proxy='http://192.168.10.10:3128'
export https_proxy='http://192.168.10.10:3128'
export ftp_proxy='http://192.168.10.10:3128'
export no_proxy='localhost,127.0.0.1'

# 重讀
root@client:~# source .bashrc

## 測試
apt update && apt install apache2 -y
----------------------------------------------------------------------------------------------
# pip 源設定
pip config list
pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
pip config list

或者

cd 
mkdir .pip
vim .pip/pip.conf
  [global]
index-url=http://mirrors.aliyun.com/pypi/simple/
  [install]
trusted-host=mirrors.aliyun.com

# 安裝測試
pip install t5 --proxy="http://192.168.10.10:3128"
--------------------------------------------------------------------------------------------

故障處理

  • 可以通過看檢視3128端口的連接配接判斷用戶端是否已經連接配接到服務端 
# 檢視目前有哪些IP正在連接配接代理
netstat -n | grep 3128 | awk '{print $5}' | awk -F':' '{print $1}' | sort | uniq
  • 當然細緻的錯誤還得是看日志 
## 排錯相關,排錯主要看這兩個日志
ls /var/log/squid/
access.log  cache.log
  • MISS/503 
cat /var/log/squid/access.log
1467339283.619  60229 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -
1467339292.627  61011 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -
1467339292.627  61014 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -

當時出現這個問題,我解決了一個星期,通過對比正常squid伺服器的日志發現,日志當中隻有IPV6的位址,而正常的伺服器解析出來的是IPV4的位址,後來查找了一段時間發現可以通過在配置檔案當中的添加:

dns_v4_first on

然後重新開機squid服務之後,恢複正常。

常用源

ubuntu

Ubuntu 的軟體源配置檔案是 /etc/apt/sources.list

##################16.04
deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main

deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main

deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe

deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe

##################18.04
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse

#################20.04
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
      
#### 16.04
# 預設注釋了源碼鏡像以提高 apt update 速度,如有需要可自行取消注釋
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted universe multiverse

# 預釋出軟體源,不建議啟用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse

########18.4
# 預設注釋了源碼鏡像以提高 apt update 速度,如有需要可自行取消注釋
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse

# 預釋出軟體源,不建議啟用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse

#####20.04
# 預設注釋了源碼鏡像以提高 apt update 速度,如有需要可自行取消注釋
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse

# 預釋出軟體源,不建議啟用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse

######21.04
# 預設注釋了源碼鏡像以提高 apt update 速度,如有需要可自行取消注釋
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-security main restricted universe multiverse

# 預釋出軟體源,不建議啟用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-proposed main restricted universe multiverse
      
root@client:~# cat /proc/version
Linux version 5.13.0-19-generic (buildd@lgw01-amd64-013) (gcc (Ubuntu 11.2.0-7ubuntu2) 11.2.0, GNU ld (GNU Binutils for Ubuntu) 2.37) #19-Ubuntu SMP Thu Oct 7 21:58:00 UTC 2021
root@client:~# uname -a
Linux client 5.13.0-19-generic #19-Ubuntu SMP Thu Oct 7 21:58:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
root@client:~# cat /etc/apt/sources.list
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu impish main restricted
# deb-src http://archive.ubuntu.com/ubuntu impish main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu impish-updates main restricted
# deb-src http://archive.ubuntu.com/ubuntu impish-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu impish universe
# deb-src http://archive.ubuntu.com/ubuntu impish universe
deb http://archive.ubuntu.com/ubuntu impish-updates universe
# deb-src http://archive.ubuntu.com/ubuntu impish-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://archive.ubuntu.com/ubuntu impish multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish multiverse
deb http://archive.ubuntu.com/ubuntu impish-updates multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu impish-backports main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu impish partner
# deb-src http://archive.canonical.com/ubuntu impish partner

deb http://archive.ubuntu.com/ubuntu impish-security main restricted
# deb-src http://archive.ubuntu.com/ubuntu impish-security main restricted
deb http://archive.ubuntu.com/ubuntu impish-security universe
# deb-src http://archive.ubuntu.com/ubuntu impish-security universe
deb http://archive.ubuntu.com/ubuntu impish-security multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish-security multiverse

centos 

centos官方鏡像:https://www.centos.org/centos-linux/ 裡面涵蓋cnetos7和centos8,注意下載下傳的時候别下載下傳錯了,我們通常要下載下傳x86架構的,而不是arm架構的。
阿裡雲鏡像:https://developer.aliyun.com/mirror/
清華源:https://mirrors.tuna.tsinghua.edu.cn
      
# centos7
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
或
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
# epel
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
--------------------------------------------------------------------------------
# centos8
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
或
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
ubuntu centos hive sed 服務端
上一篇: Java實作 LeetCode 99 恢複二叉搜尋樹
下一篇: 阿裡雲分布式容器平台即将全面啟動公測!

繼續閱讀