Squid部署文档一

janneyabc

　　Squid部署文档一
　　一． 网络环境

　　1． 设备条件：squid代理服务器一台（内网，Eth0：218.29.30.31/24,Eth1:192.168.1.1/24），客户机至少一台（内网,IP:192.168.1.100），web服务器（放在互联网上,IP:218.29.30.29/24）
　　2． 安装软件包squid-3.1.10-1.el6.i686
　　配置好yum，实现yum自动安装，在前面没有用的文件首行加#注释，命令为:%s/^/#/g
　　[root@kingmacro ~]#vim /etc/yum.repos.d/rhel-source.repo
　　#[rhel-source]
　　#name=Red Hat Enterprise Linux $releasever - $basearch - Source
　　#baseurl=ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/SRPMS/
　　#enabled=0
　　#gpgcheck=1
　　#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
　　#
　　#[rhel-source-beta]
　　#name=Red Hat Enterprise Linux $releasever Beta - $basearch - Source
　　#baseurl=ftp://ftp.redhat.com/pub/redhat/linux/beta/$releasever/en/os/SRPMS/
　　#enabled=0
　　#gpgcheck=1
　　#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta,file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
　　[wanghong]
　　Name=999
　　baseurl=file:///mnt/Server
　　enabled=1
　　gpgcheck=0
　　[root@kingmacro ~]#yum –y install squid
　　3.配置squid.conf文件
　　[root@kingmacro ~]#vim /etc/squid/squid.conf
　　http_access allow manager localhost
　　http_access deny manager
　　# Deny requests to certain unsafe ports
　　http_access deny !Safe_ports
　　# Deny CONNECT to other than secure SSL ports
　　http_access deny CONNECT !SSL_ports
　　# We strongly recommend the following be uncommented to protect innocent
　　# web applications running on the proxy server who think the only
　　# one who can access services on "localhost" is a local user
　　#http_access deny to_localhost
　　#
　　# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
　　#
　　# Example rule allowing access from your local networks.
　　# Adapt localnet in the ACL section to list your (internal) IP networks
　　# from where browsing should be allowed
　　http_access allow localnet
　　http_access allow localhost
　　# And finally deny all other access to this proxy
　　http_access allow all
　　# Squid normally listens to port 3128
　　http_port 3128
　　# We recommend you to use at least the following line.
　　hierarchy_stoplist cgi-bin ?
　　# Uncomment and adjust the following to add a disk cache directory.
　　#cache_dir ufs /var/spool/squid 100 16 256
　　# Leave coredumps in the first cache dir
　　coredump_dir /var/spool/squid
　　# Add any of your own refresh_pattern entries above these.
　　refresh_pattern ^ftp: 1440 20% 10080
　　refresh_pattern ^gopher: 1440 0% 1440
　　refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
　　4.启动squid服务
　　[root@kingmacro ~]#squid –D 或者使用命令 service squid start
　　注意:如果发现服务起动失败,请清理缓存目录,依然无法启动的话,杀死进程,再重新启squid服务
　　5.开始web服务器上httpd服务
　　[root@kingmacro ~]#service httpd start
　　[root@kingmacro ~]#service iptables stop
　　6.配置内网客户端代理

　　7.测试squid代理
　　直接开起客户端192.168.1.100浏览器输入http://218.29.30.29,看能否正常访问web服务