1 概述
Squid是一个高性能的代理缓存服务器,主要用于缓冲Internet数据。它支持多种协议,包括FTP、gopher、HTTPS和HTTP。Squid通过一个单独的、非模块化的、I/O驱动的进程来处理所有的客户端请求,这使得它在处理请求时具有较高的效率。简单地说,不能上网的服务器可以通过squid服务器来进行http上网冲浪。
- 应用场景
1)缓存加速:Squid通过缓存机制减少对原始服务器的访问,从而降低带宽使用和访问时间。这对于ISP(互联网服务提供商)和网站来说非常有用,可以显著提升用户体验并减轻服务器负载。
2)访问控制和日志记录:Squid提供了丰富的访问控制、认证和日志环境,适用于开发web代理和内容服务网站应用。
3)内容分发:Squid支持内容分发网络(CDN)的部署,使得内容提供商可以高效地在全球范围内分发内容。 - 工作机制
当客户机通过代理请求Web页面时,Squid首先检查自己的缓存。如果缓存中已经有客户机需要的页面,则直接将缓存中的页面内容反馈给客户机;如果没有,Squid会连接到远程服务器获取页面内容,并将其存储在本地缓存中,以便下次使用。
2 环境
wget服务器:华为云上海,centos 7.9,192.168.12.220,无公网地址。
squid服务器:华为云广州,centos 7.9,10.0.14.179,有公网地址,可以访问github.com网站。
云连接:通过华为云云连接打通wget服务器和squid服务器。
3 部署squid
通过yum部署即可。
yum install squid -y
systemctl start squid
squid配置文件/etc/squid/squid.conf,监听在3128端口,允许内网客户端(10.0.0.0/8、172.16.0.0/12、192.168.0.0/16)访问,而wget服务器属于内网网段。
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 3128
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
4 wget服务器下载文件测试
wget服务器没有上网能力,因此无法下载文件:
wget https://github.com/prometheus/node_exporter/releases/download/v1.8.2/node_exporter-1.8.2.linux-amd64.tar.gz
wget工具连接squid服务器后,开始下载文件:
wget -e "https_proxy=http://10.0.14.179:3128" \
https://github.com/prometheus/node_exporter/releases/download/v1.8.2/node_exporter-1.8.2.linux-amd64.tar.gz
5 小结
对于不能上网的服务器,可以通过squid服务器来进行网上冲浪。