安装squid做透明代理缓存服务器

安装Squid:

[php]

opkg update
opkg install squid
cd /etc/squid
mv squid.conf squid.conf.back
vim squid.conf

[/php]

配置文件:

[php]

visible_hostname proxy.www.xxx.me #主机名
cache_mgr onovps@www.xxx.me #管理员邮箱
http_port 3128 transparent #监听端口3128,透明代理
icp_port 0 #单机模式
dns_nameservers 192.168.1.1 #DNS
#cache_effective_user squid #运行用户
#cache_effective_group squid #运行用户组
pid_filename /tmp/squid.pid #pid文件
error_directory /usr/share/squid/errors/Simplify_Chinese #错误提示文件
emulate_httpd_log on #开启httpd日记格式
#logformat log %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh #自定义日记模式
cache_access_log /mnt/log/access.log #日记路径
cache_log none #无cache日记
cache_store_log none #无store日记
cache_dir ufs /mnt/cache/ 2048 16 256 #硬盘缓存2G,一级目录16,二级目录256
cache_mem 16 MB #内存缓存16M
cache_swap_low 90
cache_swap_high 95
minimum_object_size 0 KB #最小缓存不限制
maximum_object_size 4096 KB #最大缓存4M
cache_vary on #开启vary缓存
connect_timeout 1 minute #连接超时1分
request_timeout 1 minutes #请求超时1分

acl QUERY urlpath_regex -i cgi-bin \?
cache deny QUERY #不缓存cgin-bin

acl bt url_regex -i ^http://.*\.torrent$
http_access deny bt #禁止下载torrent
acl files urlpath_regex -i "/etc/squid/files.txt" #过滤下载文件后缀
acl sites dstdom_regex "/etc/squid/sites.txt" #过滤特定网址
acl keys url_regex -i "/etc/squid/keys.txt" #过滤特定关键词
acl nocache_sites dstdom_regex "/etc/squid/nocache_sites.txt" #指定不缓存网址
acl nocache_files urlpath_regex -i "/etc/squid/nocache_files.txt" #指定不缓存文件后缀
http_access deny files
http_access deny sites
http_access deny keys
cache deny nocache_sites
cache deny nocache_files

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.1.0/255.255.255.0
acl SSL_ports port 443 563 10000
acl Safe_ports port 80 21 443 56370 210 1025-65535 280 488 591

http_access allow manager localhost
http_access deny manager
http_access allow localnet
http_access deny all

#acl apache rep_header Server ^Apache
broken_vary_encoding allow all #开启压缩
header_access X-Forwarded-For deny all #禁止 X-Forwarded头
header_access HTTP_VIA deny all #禁止HTTP_VIA
header_access Via deny all #禁止Via头
refresh_pattern -i \.css$ 1440 50% 129600 reload-into-ims
refresh_pattern -i \.xml$ 1440 50% 129600 reload-into-ims
refresh_pattern -i \.htm$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.html$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.shtml$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpeg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.gif$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.js$ 1440 90% 129600 reload-into-ims

refresh_pattern -i \.mp3$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wmv$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rm$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.swf$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.mpeg$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wma$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.exe$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rar$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.zip$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.gz$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.bz2$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.7z$ 1440 50% 2880 ignore-reload

[/php]

squid相关指令:

[php]

squid -k reconfigure #重置
squid -k parse #检测配置文件
squid -k shutdown #关闭
squid -k rotate #分割日记

[/php]

iptables配置:

[php]

opkg install iptables-utils iptables-mod-nat-extra
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j REDIRECT --to-ports 3128

[/php]

还没有评论,快来抢沙发!

发表评论

  • 😉
  • 😐
  • 😡
  • 😈
  • 🙂
  • 😯
  • 🙁
  • 🙄
  • 😛
  • 😳
  • 😮
  • emoji-mrgree
  • 😆
  • 💡
  • 😀
  • 👿
  • 😥
  • 😎
  • ➡
  • 😕
  • ❓
  • ❗
  • 65 queries in 0.381 seconds