「Squid」:修訂間差異
跳至導覽
跳至搜尋
| 第7行: | 第7行: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo apt install -y squid | sudo apt install -y squid | ||
</syntaxhighlight> | |||
如果是要編[[OpenSSL]]版本的Squid,在Ubuntu 20.04下可以這樣編: | |||
<syntaxhighlight lang="bash"> | |||
sudo apt install -y ed libltdl-dev pkg-config build-essential cdbs debhelper dpkg-dev lsb-release dh-apparmor libcppunit-dev libcap2-dev libdb-dev libecap3-dev libexpat1-dev libgnutls28-dev libkrb5-dev comerr-dev libldap2-dev libnetfilter-conntrack-dev libpam0g-dev libsasl2-dev libxml2-dev nettle-dev libssl-dev | |||
apt-get source squid | |||
cd squid/squid-4.10 | |||
sed -i -e 's/--with-gnutls/--with-openssl/' debian/rules | |||
dpkg-buildpackage -rfakeroot -uc -b | |||
</syntaxhighlight> | </syntaxhighlight> | ||
於 2021年5月8日 (六) 03:21 的修訂
Squid是一套Proxy軟體。
安裝
在Ubuntu上可以直接透過系統的套件裝Squid:
sudo apt install -y squid
如果是要編OpenSSL版本的Squid,在Ubuntu 20.04下可以這樣編:
sudo apt install -y ed libltdl-dev pkg-config build-essential cdbs debhelper dpkg-dev lsb-release dh-apparmor libcppunit-dev libcap2-dev libdb-dev libecap3-dev libexpat1-dev libgnutls28-dev libkrb5-dev comerr-dev libldap2-dev libnetfilter-conntrack-dev libpam0g-dev libsasl2-dev libxml2-dev nettle-dev libssl-dev
apt-get source squid
cd squid/squid-4.10
sed -i -e 's/--with-gnutls/--with-openssl/' debian/rules
dpkg-buildpackage -rfakeroot -uc -b
範例
Forward Proxy
在/etc/squid/squid.conf裡:
#
acl whitelist dstdom_regex "/etc/squid/whitelist.txt"
http_access allow whitelist
http_access deny all
#
access_log none
cache deny all
cache_dir null /tmp
cache_log /dev/null
cache_mem 8 MB
forwarded_for off
http_port 3128
其中有些欄位可以調整:
acl whitelist src 1.2.3.4/32
access_log daemon:/var/log/squid/access.log logformat=squid rotate=7
在/etc/squid/whitelist.txt裡:
(^|.)archive\.ubuntu\.com$
如果有設定log的話,記得放一個/etc/cron.d/squid-log並且設定為0755:
#!/bin/bash
/usr/sbin/squid -k rotate
Reverse Proxy
在/etc/squid/squid.conf裡:
#
acl all src 0.0.0.0/0
acl PURGE method PURGE
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 10.0.0.0/255.0.0.0
#
http_access allow manager localhost
http_access deny manager
http_access allow PURGE localhost
http_access allow PURGE localnet
http_access deny PURGE
http_access deny all
#
access_log daemon:/home/logs/squid/access.log squid
cache_dir aufs /big/cache 358400 32 256 # FIXME
cache_effective_group nogroup
cache_effective_user nobody
cache_log /home/logs/squid/cache.log
cache_mem 1024 MB
cache_peer 10.1.2.3 parent 80 0 no-query round-robin originserver monitorurl=http://host/robots.txt # FIXME
cache_peer 10.1.2.4 parent 80 0 no-query round-robin originserver monitorurl=http://host/robots.txt # FIXME
cache_replacement_policy heap LFUDA # FIXME
cache_store_log daemon:/home/logs/squid/store.log
cache_swap_high 95
cache_swap_low 80
client_db off
coredump_dir /home/logs
follow_x_forwarded_for allow localnet
forwarded_for on
half_closed_clients off
http_port 80 accel defaultsite=default.domain.tld # FIXME
logfile_daemon /usr/local/squid/libexec/logfile-daemon
logfile_rotate 3
maximum_object_size 307200 KB # FIXME
maximum_object_size_in_memory 102400 KB # FIXME
memory_pools_limit 1331 MB # FIXME
minimum_expiry_time 604800 seconds
minimum_object_size 1 KB # FIXME
refresh_pattern . 60 90% 604800 override-expire ignore-reload ignore-no-cache ignore-no-store
store_avg_object_size 10 MB # FIXME
外部連結
- 官方網站 (英文)