紅色的部分是手工輸入的命令,綠色的是文件的配置.
1.安裝linux系統,選擇自定義安裝,選擇開發工具包,webSERVER服務,去掉squid,安裝的時候把SELINUX選成DISABLE
你也可以不用做以下的步驟,用我提供的腳本安裝一下的一些配置!!!把setup.tar.bz2拷貝到 /root目錄下,然後用 tar –jxvf setup.tar.bz2 cd ./setup sh ./setup 這三個命令就可以完成下面的配置了.安裝完畢後系統會重新啟動,啟動後進入系統,配置ipmacfile文件(ip與mac地址綁定文件)和初始化你用戶和密碼(具體請看服務器使用說明)
2.下載源代碼並解壓
cd /usr/src wget -c http://www.squid-cache.org/Versi ... 2.5.STABLE14.tar.gz tar -zxvf squid-2.5.STABLE14.tar.gz
3.安裝Squid Proxy Server
cd /usr/src/squid-2.5.STABLE14
./configure --prefix=/usr/local/squid --sysconfdir=/etc/squid --bindir=/usr/bin --sbindir=/usr/sbin --mandir=/usr/share/man --enable-gnuregex --enable-carp --enable-async-io=80 --enable-removal-policies=heap,lru --enable-icmp --enable-delay-pools --enable-useragent-log --enable-referer-log --enable-kill-parent-hack --enable-snmp --enable-arp-acl --enable-htcp --enable-cache-digests --enable-default-err-language=Simplify_Chinese --enable-err-languages="Simplify_Chinese" --enable-poll --enable-linux-netfilter --disable-ident-lookups --enable-underscores --enable-auth="basic" --enable-basic-auth-helpers="NCSA" --enable-external-acl-helpers="ip_user" --enable-x-accelerator-vary
make && make install
4.設置squid.conf
cd mv /etc/squid/squid.conf /etc/squid/squid.conf.bak vi /etc/squid/squid.conf #在按下i鍵 ==============================/etc/squid/squid.conf========================= http_port 100.100.100.1:808 cache_mem 64 MB dns_nameservers 202.98.0.68 202.98.5.68 visible_hostname 100.100.100.1 cache_mgr [email protected] cache_dir aufs /usr/local/squid/var/cache 25000 16 256 error_directory /usr/local/squid/share/errors/Simplify_Chinese emulate_httpd_log on cache_store_log none logfile_rotate 1 hierarchy_stoplist cgi-bin ? hierarchy_stoplist -i ^https:\\ ? acl QUERY urlpath_regex -i cgi-bin \? \.asp \.php \.jsp \.cgi acl denyssl urlpath_regex -i ^https:\\ no_cache deny QUERY no_cache deny denyssl auth_param basic program /usr/local/squid/libexec/ncsa_auth /etc/squid/passwd.sq auth_param basic children 10 auth_param basic realm proxy.linuxserver.com auth_param basic credentialsttl 2 hours auth_param basic casesensitive off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl OverConnLimit maxconn 5 acl auth_user proxy_auth REQUIRED #acl macaddress arp 00:16:36:05:a6:54 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow auth_user http_access deny OverConnLimit #http_access allow macaddress http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all http_reply_access allow all icp_access allow all coredump_dir /usr/local/squid/var/cache ===============================腳本結束================================
5.初始化cache目錄和啟動squid
cd htpasswd -cb /etc/squid/passwd.sq proxy proxy chmod 666 /etc/squid/passwd.sq mkdir -p /usr/local/squid/var/cache cd /usr/local/squid/var chown -R nobody.nobody cache logs squid -z squid start squid -k parse #檢查配置是否有錯誤,沒有任何輸出,證明配置基本是正確的!!! squid -zX #可以加一個X參數,看看初始化具體的項目. 如果因為DNS無法啟動squid,可以用下面的命令啟動squid squid -D
6.安裝squid密碼修改工具
修改/etc/httpd/conf/httpd.conf的內容,把"AddDefaultCharset" 設置成 GB2312,是WEB顯示中文. cd /usr/src vi /var/www/html/index.html
============================/var/www/html/index.html=======================請單擊這裡修改您的用戶密碼 ===================================配置結束============================
wget -c http://jaist.dl.sourceforge.net/ ... passwd-2.2.3.tar.gz wget -c http://sarg.sourceforge.net/htoi.patch tar -zxvf chpasswd-2.2.3.tar.gz cd /usr/src/chpasswd-2.2.3 patch -p0 < ../htoi.patch ./configure --enable-language=Chinese --enable-cgidir=/var/www/cgi-bin make && make install vi /usr/local/etc/chpasswd/chpasswd.conf
=================/usr/local/etc/chpasswd/chpasswd.conf========================= password_file /etc/squid/passwd.sq =================================腳本結束==============================
7.防火牆設置及IP地址與MAC地址綁定
touch /usr /sbin/firewall chmod u+x /usr/sbin/firewall vi /usr/sbin/firewall
===============================/usr/sbin/firewall=========================== #!/bin/sh
UPLINK="eth0" LANLINK="eth1" INTERFACES="lo eth0 eth1"
case "$@" in start) echo -n "Starting firewall..." iptables -F iptables -X iptables -Z iptables -t nat -F iptables -t nat -X iptables -t nat -Z iptables -t mangle -F iptables -t mangle -X iptables -t mangle -Z iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#enable public access to certain services iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT iptables -A INPUT -p tcp --dport 80 -i ! ${UPLINK} -m state --state NEW -j ACCEPT iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with tcp-reset
while read ipaddr macaddr do iptables -A INPUT -s ${ipaddr} -m mac --mac-source ${macaddr} -j ACCEPT done < /etc/ipmacfile
#enable system-log #iptables -A INPUT -j LOG --log-prefix "bad input:" #iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with icmp-port-unreachable
#explicitly disable ECN if [ -e /proc/sys/net/ipv4/tcp_ecn ] then echo 0 > /proc/sys/net/ipv4/tcp_ecn fi
#disable spoofing on all interfaces for x in ${INTERFACES} do echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter done
echo "OK!" exit 0 ;; stop) echo -n "Stopping firewall..." iptables -F iptables -X iptables -Z iptables -t nat -F iptables -t nat -X iptables -t nat -Z iptables -t mangle -F iptables -t mangle -X iptables -t mangle -Z iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT echo "OK!" exit 0 ;; restart) $0 stop $0 start
;; show) clear echo ">------------------------------------------------------" iptables -nvL echo ">------------------------------------------------------" iptables -t nat -nvL exit 0 ;; *) echo "Usage: $0 {start|stop|restart|show}" exit 1 esac =================================腳本結束============================== 注: 建立IP地址與MAC地址對應關系表 touch /etc/ipmacfile vi /etc/ipmacfile ipmacfile文件格式 100.100.100.100 00:16:36:05:a6:54 100.100.100.101 00:16:36:05:a6:53
8.配置系統日志查看 cd mkdir /var/www/html/logs touch /usr/sbin/sqbak chmod u+x /usr/sbin/sqbak vi /etc/squid/index.html
===============================/etc/squid/index.html======================== 客戶端網絡訪問日志 ======================================================================
cp /etc/squid/index.html /var/www/html/logs/index.html
===============================/usr/sbin/sqbak============================
#!/bin/sh
logdir=/usr/local/squid/var/logs/
fl=access.log.0
bakpath=/logbak/
wwwpath=/var/www/html/logs/
sysdate=`date +%F`
day=`date +%d`
#lanip=`ifconfig eth1 | awk '/inet/{print $2}' | awk -F: '{print $2}' | grep -v ^$`
if [ "$day" = "01" ]
then
rm -f /var/www/html/logs/*
cp /etc/squid/index.html ${wwwpath}
fi
if [ -s "${logdir}""${fl}" ]
then
cd ${bakpath}
mv ${logdir}${fl} ${sysdate}.log
cat ${sysdate}.log | awk '{print NR " " substr($4,2) " " $3 " " $1 " " $7 " " $11 "\n"}' | awk '{printf "%-16s %-24s %-16s %-24s %-150s %-s\n",$1,$2,$3,$4,$5,$6}' > ${sysdate}.txt
tar -cvf ${sysdate}.tar ${sysdate}.txt
bzip2 -f ${sysdate}.tar
cp ${sysdate}.txt ${wwwpath}
echo "
[$sysdate]" >> ${wwwpath}index.html
rm -f ${sysdate}.log ${sysdate}.txt
fi
======================================================================
crontab -u root -e ====================================================================== 01 0 * * * /usr/sbin/squid -k rotate 15 0 * * * /usr/sbin/sqbak ======================================================================
9.設置啟動項目
vi /etc/rc.d/rc.local
/usr/sbin/squid start /sbin/firewall start /usr/sbin/httpd start 10.批量生成用戶名密碼腳本
腳本一.
touch /usr/sbin/uuadd chmod u+x /usr/sbin/uuadd vi /usr/sbin/uuadd
=========================/usr/sbin/uuadd================================== #!/bin/sh #uuadd: batch add squid user. #install step. #chmod u+x uuadd #./uuadd userfile if [ $# -lt 1 ] then echo "Usage: Please set user's name file." echo "Exmple: `basename $0` userfile." echo "######userfile######" echo " username1" echo " username2" echo " username3" echo " ." echo " ." echo " ." echo " usernamen" echo "#####################" exit 1 fi userfile=$1 uuadd=/usr/bin/htpasswd while read line do $uuadd -b /etc/squid/passwd.sq $line $line done < $userfile =============================腳本結束================================== 注: userfile文件內容的格式 username1 username2 . . . usernamen 腳本二.
touch /usr/sbin/upadd chmod u+x /usr/sbin/upadd vi /usr/sbin/upadd
===================================/usr/sbin/upadd======================== #!/bin/sh #upadd: batch add squid user. #install step. #chmod u+x upadd #./upadd userfile if [ $# -lt 2 ] then echo "usage: $0 userfile" exit 1 fi userfile=$1 upadd=/usr/bin/htpasswd while read username passwd do $upadd -b /etc/squid/passwd.sq $username $passwd done < $userfile =================================腳本結束============================== 注: userfile文件內容的格式 username1 passwd1 username2 passwd2
請幫用戶名設置為小寫字母,批量生成的密碼與用戶名相同
單獨更改用戶密碼: htpasswd -b /etc/squid/passwd.sq 用戶名 密碼
Squid proxy server 使用FAQ
1.怎樣添加新用戶?
htpasswd -b /etc/squid/passwd.sq username password
說明:用htpasswd工具生成用戶名為username密碼為password的用戶,保存在用戶數據庫/etc/squid/passwd.sq裡.
2.怎樣批量添加新用戶?
1) 生成用戶名和密碼一樣,然後用戶自己更改
uuadd userfile
說明:用uuadd命令批量生成密碼與用戶名一樣的初始用戶,用此命令時請指定userfile文件,userfile文件格式如下,是多行單列的內容,請注意在初始化時,如果用戶名裡包含大寫字母的,初始化時密碼被初始成小寫. 注: userfile文件內容如下 username1 username2 . . Usernamen
最好是所有用戶都用小寫字母的用戶名!!! 注意: 當下次在想批量添加用戶時請指定你新的用戶文件,因為如果你在還用以前的userfile文件的話,那麼原來你的用戶數據將被重新初始化.所以請每次批量添加玩用戶時,把此文件刪除!!!
2)生成用戶自己設的的用戶名和密碼 upadd userfile
說明:用upadd命令批量生成密碼與用戶名,用此命令時請指定userfile文件,userfile文件格式如下,是多行單列的內容,請注意在初始化時,如果用戶名裡包含大寫字母的,初始化時密碼被初始成小寫. 注: userfile文件內容的格式 username1 passwd1 username2 passwd2 3.用戶初始化密碼的更改和當用戶想更換密碼怎麼辦?
IE浏覽器裡輸入http://服務器ip地址 點擊"請單擊這裡修改您的代理服務器密碼",看說明修改你的密碼!!!
4.如果有用戶忘記自己的密碼怎麼辦?
請用第1個問題裡方法給用戶設置密碼.
5.怎樣查看系統日志?
請在IE浏覽器裡輸入http://服務器ip/logs 能夠查看一個月內的用戶上網日志. 如果想查看全部的用戶上網日志請用WINSCP連接上服務器,在目錄/logbak目錄下是以日期命名的日志.請你下載想看的日志到本地機器.然後用WINRAR解壓後,用記事本即可查看日志了!
6.如果客戶端上不去網怎麼辦? 1) 可以重新啟動服務器 用命令 reboot或者shutdown -r now
2) 可能是硬盤空間不足,系統無法寫入日志而導致代理服務器進程無法啟動,請把/logbak目錄下的日志文件拷貝到別的機器上,再把此目錄裡的文件刪除,然後用reboot命令重新啟動系統.
3) 也可能是突然斷電,導致系統文件丟失,這中情況一般是不會發生,應為LINUX有自我修復功能.如果真的啟動不起來,那麼請用一張別的LINUX啟動光盤啟動,把系統裡面的重要數據備份出來.重新安裝系統吧!!! 要備份的文件包括:用戶數據庫文件/etc/squid/passwd.sq 系統日志文件/logbak目錄下的所有文件和/usr/local/squid/var/logs/access.log文件 /etc/ipmacfile ip地址與mac地址綁定文件
4)網絡不通,請檢查網絡狀況
5)硬件系統出現故障,請檢查內存,網卡等
6)ip和MAC的地址綁定問題