Otu esi emepụta proxy HTTP site na iji Squid na CentOS 7/8
Proxies webụ adịla kemgbe ọtụtụ nde ndị ọrụ gburugburu ụwa ejirila ya. Ha nwere ọtụtụ ebumnuche, nke kachasị ewu ewu bụ enweghị aha n'ịntanetị, mana enwere ụzọ ndị ọzọ ị nwere ike isi jiri proxies webụ mee ihe. Nke a bụ ụfọdụ echiche:
- Amaghị aha n'ịntanetị
- Melite nchekwa n'ịntanetị
- Melite oge nbudata
- gbochie okporo ụzọ ọjọọ
- Banye ihe omume gị n'ịntanetị
- Iji gafee mmachi mpaghara
- N'ọnọdụ ụfọdụ nwere ike ibelata ojiji bandwit
Ihe nkesa proxy bụ kọmpụta a na-eji dị ka onye na-emekọrịta ihe n'etiti onye ahịa na sava ndị ọzọ nke onye ahịa nwere ike ịrịọ ihe onwunwe. Otu ihe atụ dị mfe nke a bụ mgbe onye ahịa na-arịọ arịrịọ n'ịntanetị (dịka ọmụmaatụ chọrọ imepe ibe weebụ), ọ na-ebu ụzọ jikọọ na ihe nkesa proxy.
Ihe nkesa proxy wee lelee cache diski mpaghara ya ma ọ bụrụ na enwere ike ịchọta data ahụ n'ebe ahụ, ọ ga-eweghachi onye ahịa ahụ data ahụ, ọ bụrụ na echekwaghị ya, ọ ga-eme arịrịọ ahụ n'aha onye ahịa site na iji adreesị IP proxy (dị iche na nke ahụ). ndị ahịa) wee weghachi data ahụ na onye ahịa. Ihe nkesa proxy ga-anwa ịchekwa data ọhụrụ ahụ ma ga-eji ya maka arịrịọ ga-eme n'ọdịnihu na otu ihe nkesa ahụ.
Squid bụ onye nnọchi anya webụ nke jiri ọtụtụ ọgbakọ m. A na-ejikarị ya dị ka onye nnọchi anya caching na ịkwalite oge nzaghachi yana ibelata ojiji bandwit.
Maka ebumnuche nke isiokwu a, m ga-etinye Squid na Linode CentOS 7 VPS ma jiri ya dị ka ihe nkesa proxy HTTP.
Otu esi etinye Squid na CentOS 7/8
Tupu anyị amalite, ị kwesịrị ịma na Squid, enweghị ihe ọ bụla chọrọ kacha nta, mana ọnụọgụ RAM nwere ike ịdị iche dabere na ndị ahịa na-eme nchọgharị na ịntanetị site na ihe nkesa proxy.
A na-etinye squid n'ime ebe a na-edebe ebe a na-edebe ihe, yabụ nrụnye dị mfe ma kwụ ọtọ. Tupu ịwụnye ya, Otú ọ dị, jide n'aka na ngwugwu gị dị ọhụrụ site na ịgba ọsọ.
# yum -y update
Gaa n'ihu site na ịwụnye squid, bido wee mee ya na mmalite sistemụ site na iji iwu ndị a.
# yum -y install squid # systemctl start squid # systemctl enable squid
N'oge a, proxy webụ Squid gị kwesịrị ịdị na-agba ọsọ ma ị nwere ike iji nyochaa ọkwa nke ọrụ ahụ.
# systemctl status squid
● squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2018-09-20 10:07:23 UTC; 5min ago
Main PID: 2005 (squid)
CGroup: /system.slice/squid.service
├─2005 /usr/sbin/squid -f /etc/squid/squid.conf
├─2007 (squid-1) -f /etc/squid/squid.conf
└─2008 (logfile-daemon) /var/log/squid/access.log
Sep 20 10:07:23 tecmint systemd[1]: Starting Squid caching proxy...
Sep 20 10:07:23 tecmint squid[2005]: Squid Parent: will start 1 kids
Sep 20 10:07:23 tecmint squid[2005]: Squid Parent: (squid-1) process 2007 started
Sep 20 10:07:23 tecmint systemd[1]: Started Squid caching proxy.
Nke a bụ ụfọdụ ebe faịlụ dị mkpa ị kwesịrị ịma:
- faịlụ nhazi squid: /etc/squid/squid.conf
- Akwụkwọ nnweta squid: /var/log/squid/access.log
- Ndekọ cache squid: /var/log/squid/cache.log
Faịlụ nhazi kacha nta squid.conf dị ka nke a:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all http_port 3128 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320
Na-ahazi Squid ka ọ bụrụ proxy HTTP
N'ebe a, anyị ga-egosi gị otu esi ahazi squid ka ọ bụrụ proxy HTTP site na iji naanị adreesị IP onye ahịa maka nyocha.
Ọ bụrụ na-ịchọrọ ikwe ka adreesị IP nweta webụ site na sava proxy ọhụrụ gị, ị ga-achọ ịgbakwunye ahịrị ACL ọhụrụ (ndepụta njikwa ohere) na faịlụ nhazi.
# vim /etc/squid/squid.conf
Ahịrị ị ga-agbakwunye bụ:
acl localnet src XX.XX.XX.XX
Ebe XX.XX.XX.XX bụ adreesị IP onye ahịa nke ịchọrọ ịgbakwunye. Ekwesịrị ịgbakwunye ahịrị ahụ na mmalite nke faịlụ ebe akọwapụtara ACL. Ọ bụ omume dị mma ịgbakwunye okwu na-esote ACL nke ga-akọwa onye na-eji adreesị IP a.
Ọ dị mkpa ịmara na ọ bụrụ na Squid dị na mpụga netwọkụ mpaghara gị, ị ga-agbakwunye adreesị IP ọha nke onye ahịa.
Ị ga-achọ ịmalitegharị Squid ka mgbanwe ọhụrụ ahụ nwee ike ịmalite.
# systemctl restart squid
Dịka ị nwere ike ịhụ na faịlụ nhazi, ọ bụ naanị ụfọdụ ọdụ ụgbọ mmiri ka a na-ahapụ maka ijikọ. Ị nwere ike tinyekwuo site na dezie faịlụ nhazi.
acl Safe_ports port XXX
Ebe XXX bụ ọdụ ụgbọ mmiri ịchọrọ ibu. Ọzọ ọ dị mma ịhapụ okwu n'akụkụ nke ahụ ga-akọwa ihe a ga-eji ọdụ ụgbọ mmiri mee ihe.
Ka mgbanwe ndị ahụ wee dị irè, ị ga-achọ ịmalitegharị squid ọzọ.
# systemctl restart squid
O yikarịrị ka ị ga-achọ ka ndị ọrụ gị nyochaa tupu i jiri proxy. Maka ebumnuche ahụ, ị nwere ike mee ka nyocha HTTP bụ isi. Ọ dị mfe na ngwa ngwa ịhazi.
Nke mbụ, ị ga-achọ arụnyere httpd-tools.
# yum -y install httpd-tools
Ugbu a, ka anyị mepụta faịlụ nke ga-emecha chekwaa aha njirimara maka njirimara. Squid na-eji onye ọrụ na-agba ọsọ squid yabụ faịlụ a kwesịrị ịbụ nke onye ọrụ ahụ nwe ya.
# touch /etc/squid/passwd # chown squid: /etc/squid/passwd
Ugbu a, anyị ga-emepụta onye ọrụ ọhụrụ a na-akpọ \proxyclient wee hazie paswọọdụ ya.
# htpasswd /etc/squid/passwd proxyclient New password: Re-type new password: Adding password for user proxyclient
Ugbu a iji hazie njirimara mepee faịlụ nhazi.
# vim /etc/squid/squid.conf
Mgbe ọdụ ụgbọ mmiri ACL gbakwunyere ahịrị ndị a:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid Basic Authentication auth_param basic credentialsttl 2 hours acl auth_users proxy_auth REQUIRED http_access allow auth_users
Chekwaa faịlụ ma malitegharịa squid ka mgbanwe ọhụrụ ahụ nwee ike ịmalite:
# systemctl restart squid
N'ikpeazụ, anyị ga-emepụta ACL ikpeazụ nke ga-enyere anyị aka igbochi ebe nrụọrụ weebụ na-achọghị. Nke mbụ, mepụta faịlụ nke ga-echekwa saịtị ndị edochiri anya.
# touch /etc/squid/blacklisted_sites.acl
Ị nwere ike itinye ụfọdụ ngalaba ịchọrọ igbochi. Ọmụmaatụ:
.badsite1.com .badsite2.com
Ntụpọ na-aga n'ihu na-agwa squid ka ọ gbochie ntụnyere aka na saịtị ahụ gụnyere www.badsite1, subsite.badsite1.com, wdg.
Ugbu a mepee faịlụ nhazi Squid.
# vim /etc/squid/squid.conf
Naanị mgbe ọdụ ụgbọ mmiri ACL gbakwunyere ahịrị abụọ ndị a:
acl bad_urls dstdomain "/etc/squid/blacklisted_sites.acl" http_access deny bad_urls
Ugbu a chekwaa faịlụ ma malitegharịa squid:
# systemctl restart squid
Ozugbo ahaziri ihe niile nke ọma, ugbu a ị nwere ike hazie ihe nchọgharị onye ahịa mpaghara gị ma ọ bụ ntọala netwọkụ sistemu ọrụ iji jiri proxy HTTP squid gị.
N'ime nkuzi a, ị mụtara ka esi etinye, chekwaa na hazie sava Squid HTTP Proxy n'onwe gị. Site na ozi ị nwetara ugbu a, ị nwere ike tinye ụfọdụ nzacha maka okporo ụzọ na-abata na nke na-apụ apụ site na Squid.
Ọ bụrụ n’ịchọrọ ịgafe maịl ọzọ, ị nwere ike hazie squid ka ọ gbochie ụfọdụ webụsaịtị n'oge awa ọrụ iji gbochie ndọpụ uche. Ọ bụrụ na ị nwere ajụjụ ọ bụla ma ọ bụ kwuo, biko biputere ha na ngalaba nkọwa n'okpuru.