yuminstall-ydos2unixopensslhttpdsquidvim#前期关闭防火墙,如果不想关闭防火墙自行配置Squid端口systemctlstopfirewalld.servicetouch/etc/squid/passwdchmod-R777/etc/squid/passwd#youname是认证用户,回车输入账号密码,不超过8个字符[root@localhost~]#htpasswd-c/etc/squid/passwdyounameNewpassword:Re-typenewpassword:Addingpasswordforuseryouname/usr/lib64/squid/basic_ncsa_auth/etc/squid/passwd#查看认证用户younamepasswd#如果用户和密码都出现OK,说明配置文件成功编辑vim/etc/squid/squid.conf##推荐的最低配置:##允许从您的本地网络访问的示例规则。#适应列出您的(内部)IP网络,从那里应该允许浏览#acllocalnetsrc10.0.0.0/8#RFC1918possibleinternalnetworkacllocalnetsrc172.16.0.0/12#RFC1918possibleinternalnetworkacl18rclocalnetsrc18.0rc190.s16#RFC1918possibleinternalnetworkacllocalnetsrcfc00::/7#RFC4193localprivatenetworkrangeacllocalnetsrcfe80::/10#RFC4291链路本地(直接插入)机器aclSSL_ports端口443aclSafe_ports端口80#httpaclSafe_ports端口21#ftpaclSafe_ports端口443#httpsaclSafe_ports端口70#gopheraclSafe_ports端口210#waisaclSafe_ports端口1025-65535#unregisteredportsaclSafe_portsport280#http-mgmtaclSafe_portsport488#gss-httpaclSafe_portsport591#filemakeraclSafe_portsport777#multilinghttpaclCONNECTmethodCONNECT##建议的最低访问权限配置:##拒绝对某些不安全端口的请求http_accessdeny!Safe_ports#DenyCONNECTtootherthansecureSSLportshttp_accessdenyCONNECT!SSL_ports#Onlyallowcachemgraccessfromlocalhosthttp_accessallowlocalhostmanagerhttp_accessdenymanager#我们强烈建议取消注释以下内容以保护在代理服务器上运行的无辜#web应用程序w你认为唯一可以访问“localhost”服务的人是本地用户#http_accessdenyto_localhost##INSERTYOUROWNRULE(S)HERETOALLOWACCESSFROMYOURCLIENTS##Exampleruleallowingaccessfromyourlocalnetworks.#在ACL部分调整localnet以列出您的(内部)IP网络#从哪里应该允许浏览http_accessallowlocalnethttp_accessallowlocalhost#添加认证auth_param基本程序/usr/lib64/squid/basic_ncsa_auth/etc/squid/passwdauth_parambasicchildren5auth_parambasicrealm欢迎使用pycredit的仅代理网络服务器aclsquid_userproxy_authREQUIREDaclSafe_portsport80http_accessdeny!Safe_portshttp_accessallowsquid_user#最后拒绝所有其他对此代理的访问http_accessdenyall#Squid通常监听端口3128配置端口http_port3328#取消注释并调整以下内容以添加adiskcachedirectory.cache_dirufs/var/spool/squid10016256cache_mem0MB#将coredumps留在第一个cac他dircoredump_dir/var/spool/squid##在这些之上添加任何你自己的refresh_pattern条目。#refresh_pattern^ftp:144020%10080refresh_pattern^gopher:14400%1440refresh_pattern-i(/cgi-bin/0|\?)0%0refresh_pattern。020%4320#添加hostnamevisible_hostnameproxy.daoiqi.com使用squid-z#第一次安装需要初始化systemctlstartsquid#启动squidsystemctlstatussquid#查看squid运行状态systemctlstopsquid#停止squidsystemctlrestartsquid#重启squidsquid-kparse#检查配置文件是否有错误netstat-lnapt|grepsquid#查看端口号#运行squid,记录到标准错误这样可以很容易定位到任何错误或问题,并确认squid启动成功。#-N选项让squid在前台运行,#-d1选项在标准错误中显示level1调试信息。squid-N-d1adsl-stop#dialadsl-start#dialpppoe-start#startdialpppoe-status#查看状态pppoe-status|grepinet|awk{'print$2'}#getIPcurl-x
