Squid Proxy Server 安裝設定

使用 docker compose 方式

  • 採用 elestio/squid 版本

    vi docker-compose.yml

    version: '3'
    services:
      squid:
        image: elestio/squid:latest
        hostname: squid
        container_name: squid
        environment: 
          - SQUID_CONFIG_FILE=/etc/squid/squid.conf
        #extra_hosts:
        #  - "www.ichiayi.com:192.168.11.133" 
        ports:
          - 3128:3128
        # volumes:
        #   - './conf/squid.conf:/etc/squid/squid.conf:ro'
        #   - './conf/passwords:/etc/squid/passwords:ro'
        restart: always
    docker compose up -d
  1. 將 squid.conf 掛出來進行後續設定編輯

    mkdir -p conf
    docker cp squid:/etc/squid/squid.conf ./conf/

  2. 修改 docker-compose.yml
    version: '3'
    services:
      squid:
        image: elestio/squid:latest
        hostname: squid
        container_name: squid
        environment:
          - SQUID_CONFIG_FILE=/etc/squid/squid.conf
        #extra_hosts:
        #  - "www.ichiayi.com:192.168.11.133" 
        ports:
          - 3128:3128
        volumes:
          - './conf/squid.conf:/etc/squid/squid.conf:ro'
        #   - './conf/passwords:/etc/squid/passwords:ro'
        restart: always
  3. 修改 squid.conf

    vi ./conf/squid.conf

    :
    acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines
    
    acl SSL_ports port 443 8006
    acl Safe_ports port 8006        # PVE manager
    acl Safe_ports port 80          # http
    acl Safe_ports port 21          # ftp
    acl Safe_ports port 443         # https
    :
    # For example, to allow access from your local networks, you may uncomment the
    # following rule (and/or add rules that match your definition of "local"):
    http_access allow localnet
    :
  • 重新啟動 docker compose

    docker compose restart

  1. 將 docker-compose.yml 內的 extra_hosts: 前面 # 去除
  2. 加上要指定的 hostname 與 IP 資訊 Exp. “www.ichiayi.com:192.168.11.133” “web.ichiayi.com:192.168.11.134”
  3. 範例如下:
    version: '3'
    services:
      squid:
        image: elestio/squid:latest
        hostname: squid
        container_name: squid
        environment:
          - SQUID_CONFIG_FILE=/etc/squid/squid.conf
        extra_hosts:
          - "www.ichiayi.com:192.168.11.133" 
          - "web.ichiayi.com:192.168.11.134"
        ports:
          - 3128:3128
        volumes:
          - './conf/squid.conf:/etc/squid/squid.conf:ro'
        #   - './conf/passwords:/etc/squid/passwords:ro'
        restart: always
  4. 重啟 docker compose

    docker compose up -d

使用 docker 方式

  • 採用 Ubuntu/squid 版本

    sudo docker run -d --restart=always --name squid-container -e TZ=UTC -p 3128:3128 ubuntu/squid:latest

以下是在 CentOS 7 與 Ubuntu 20.04 底下安裝與設定 Squid Proxy Server

sudo -i
apt install squid
apt list -a squid
root@iiidevops1:~# apt list -a squid
Listing... Done
squid/focal-updates,focal-security,now 4.10-1ubuntu1.2 amd64 [installed]
squid/focal 4.10-1ubuntu1 amd64
su - root
yum install -y squid httpd-tools
[root@ct-squid ~]# rpm -q squid
squid-3.5.20-12.el7.x86_64
  • 允許 ftp 的 Proxy 功能
  • 允許 https 使用 port 7443 的 SSL Proxy 功能
  • 允許 Google Talk 使用 port 5222 的 http Proxy 功能
  • 假設指定只有 來自 61.67.71.0/24 與 220.130.131.238 的 IP 範圍才可以使用
  • 允許接受 SVN 的延伸指令 REPORT MERGE MKACTIVITY CHECKOUT
vi /etc/squid/squid.conf
:
ftp_user [email protected]
:
acl SSL_ports port 443 7443
:
acl Safe_ports port 443		# https
acl Safe_ports port 7443	# https-g2b2c
acl Safe_ports port 5222	# GoogleTalk
:
acl our_networks src 61.67.71.0/24 220.130.131.238/32
http_access allow our_networks
:
  • 如果要讓所有的 IP (公開的 proxy) 都可存取, 可以增加以下的設定
    :
    # all networks
    acl all_networks src all
    :
    # allow all
    http_access allow all_networks
    
    # And finally deny all other access to this proxy
    :
  • 如果需要設定 Proxy 使用者的帳號密碼, 就執行以下這部分

    vi /etc/squid/squid.conf

    :
    auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
    :
    acl password proxy_auth REQUIRED
    http_access allow password
    :
  • 第一次建立帳號

    htpasswd -c /etc/squid/passwd jonathan

  • 之後建立帳號或修改密碼

    htpasswd /etc/squid/passwd tryweb

systemctl restart squid.service
systemctl enable squid.service
  • 要瞭解 Proxy 被存取狀況可以看 /var/log/squid/access.log 內容紀錄
  • 通常無法正常啟動可以依據 systemctl status squid.service 的顯示看到問題與解決方案
  • tech/squid.txt
  • 上一次變更: 2024/04/30 15:26
  • jonathan