溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章給大家分享的是有關Sun Solaris 9 下如何配置Squid代理服務器的內容。小編覺得挺實用的,因此分享給大家做個參考,一起跟隨小編過來看看吧。
一. squid 的工作是建立在 DNS 的服務之上的, 所以首先要配置好你的DNS服務,方可進行squid
的安裝和配置工作. 否則squid 會報錯而無法運行!
1.DNS服務的安裝和配置.
bash-2.05# pkgadd -d ./bind-9.4.1pl1-sol9-sparc-local---安裝.
named 服務是默認安裝在/usr/local/sbin 的目錄下面的.
a. 編輯主配置
文件
root@xiao.com # vi /etc/named.conf ---寫入以下內容.
options {
directory "/usr/local/sbin/var/named";
forwarders { 210.21.4.130; 202.96.128.86; };----為了能訪問外網的轉發器.
};
// // a caching only name
server config
//
zone "." IN {
type hint;
file "named.ca";
};
zone "xiao.com" IN {
type master;
file "xiao.com.zone"; -指明正向解釋的文件.在這個目錄下/usr/local/sbin/var/named/
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "xiao.com.local";-指明反向解釋的文件.在這個目錄下/usr/local/sbin/var/named/
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "localhost.local";-指明反向解釋的文件.在這個目錄下/usr/local/sbin/var/named/
allow-update { none; };
};
b. rndc.key 和 rndc.conf 文件的配置生成.
root@xiao.com # /usr/local/sbin/rndc-confgen -用這個命令.
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "Sc1rFA4LnK9jNqnU0F7mDA==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf ---------取這一段復制到并保存在 /etc/rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "Sc1rFA4LnK9jNqnU0F7mDA==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# }; ----------取這一段復制到并保存在 /etc/rndc.key
c. 編輯named.pid; 正反向解釋文件.
bash-2.05# mkdir /usr/local/sbin/run
bash-2.05# touch /usr/local/sbin/run/named.pid --建個進程文件.
bash-2.05# mkdir -p /usr/local/sbin/var/named
root@xiao.com # vi /usr/local/sbin/var/named/named.ca --寫入以下內容.域名配置文件.
;This is file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
root@xiao.com # vi /usr/local/sbin/var/named/localhost.local--域名解釋內容
$TTL 86400
@ IN SOA xxx.xiao.com. root.xxx.xiao.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS xxx.xiao.com. -----記得末尾加個點的符號
root@xiao.com # vi /usr/local/sbin/var/named/xiao.com.local --反向解釋內容
$TTL 86400
@ IN SOA ns.xiao.com. root.xiao.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns.xiao.com.
213 IN PTR xxx.xiao.com. -----記得末尾加個點的符號
213 IN PTR mail.xiao.com. -----記得末尾加個點的符號
bash-2.05 # vi /usr/local/sbin/var/named/xiao.com.zone -- 正向解釋內容
$TTL 86400
@ IN SOA ns.xiao.com. root.xiao.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS xxx.xiao.com. -----記得末尾加個點的符號
www IN A 192.168.0.213
ns IN A 192.168.0.213
ftp IN A 192.168.0.213
c. 運行
bash-2.05 # /usr/local/sbin/named 運行這兩個命令.
bash-2.05 # /usr/sbin/in.named
d. 測試:
bash-2.05 # /usr/local/bin/host 192.168.0.213 ---反向解釋成功.這樣DNS的配置就算完成了
213.0.168.192.in-addr.arpa domain name pointer xxx.xiao.com.
root@xiao.com # /usr/local/bin/nslookup ---以下正反向解釋都是成功的.
> xxx.xiao.com ----輸入你的域名
Server: 192.168.0.213
Address: 192.168.0.213#53
Name: xxx.xiao.com -----返回的結果
Address: 192.168.0.213 -----返回的結果
> 192.168.0.213 ----輸入主機的IP地址
Server: 192.168.0.213
Address: 192.168.0.213#53
213.0.168.192.in-addr.arpa name = xxx.xiao.com. ------返回的結果.
213.0.168.192.in-addr.arpa name = mail.xiao.com. -----返回的結果.
二. squid 的安裝.
1. 在安裝之前, 請檢查 DNS 服務是否起用了;輸入以下的命令,看到有下面的結果返回說明DNS服務正常.
bash-2.05# netstat -anv |grep 53
127.0.0.1.53 Idle
192.168.0.213.53 Idle
*.* 0 00000000 00000000 49152 00000000 00000000 3375 536 LISTEN
*.* 0 00000000 00000000 49152 00000000 00000000 3375 536 IDLE
*.* 0 00000000 00000000 49152 00000000 00000000 3375 536 LISTEN
*.* 0 00000000 00000000 49152 00000000 00000000 3375 536 LISTEN
*.* 0 00000000 00000000 49152 00000000 00000000 3375 536 LISTEN
2. 安裝的
軟件包. 下載地址:
http://www.sunfreeware.com/indexsparc9.html
a. 需要的軟件包列表(包含DNS軟件):
bind-9.4.1pl1-sol9-sparc-local
libgcc-3.3-sol9-sparc-local
sasl-2.1.21-sol9-sparc-local
db-4.2.52.NC-sol9-sparc-local
libiconv-1.11-sol9-sparc-local
squid-2.6.STABLE16-sol9-sparc-local
expat-1.95.5-sol9-sparc-local
openldap-2.3.35-sol9-sparc-local
gcc-3.4.6-sol9-sparc-local
openssl-0.9.8f-sol9-sparc-local
b. 把上面有依賴關系的軟件包逐一都安裝好,squid默認是安裝在/usr/local/squid目錄下.
bash-2.05# pkgadd -d ./squid-2.6.STABLE16-sol9-sparc-local
The following packages are available:
1 SMCsquid squid
(sparc) 2.6.STABLE16
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all
bash-2.05# cd /usr/local/squid/ ---安裝好squid,目錄下面的文件.
bash-2.05# ls
bin doc etc libexec sbin share var
c. 設置squid的運行環境,添加squid用戶和它的組.---squid 是以squid 自己的身份去運行的.
bash-2.05# useradd squid
bash-2.05# groupadd squid
d. 為了讓squid能運行起來,需要手動添加及改動其配置文件.(也不是一定要手動生成.
如果在第一次運行squid時,根據運行腳本的提示,報錯信息來決定)
并把他們加入到squid組和為squid所有. 文件的權限設為644.
bash_2.05# mkdir /usr/local/squid/var/cache
bash-2.05# touch /usr/local/squid/var/logs/squid.pid
bash-2.05# touch /usr/local/squid/var/logs/access.log
bash-2.05# touch /usr/local/squid/var/logs/store.log
bash-2.05# touch /usr/local/squid/var/logs/cache.log
bash-2.05# chown squid:squid /usr/local/squid/var/logs/*
bash-2.05# chomd 644 var/logs/*
bash-2.05# ls -l var/logs/
total 116
-rw-r--r-- 1 squid squid 0 Nov 20 14:26 access.log
-rw-r--r-- 1 squid squid 58062 Nov 21 15:39 cache.log
-rw-r--r-- 1 root squid 4 Nov 21 15:39 squid.pid
-rw-r--r-- 1 squid squid 0 Nov 20 15:11 store.log
編輯配置文件:
bash-2.05# vi /usr/local/squid/etc/squid.conf
第936行:去掉注釋并插入( 本主機的IP和端口,默認是3128 )
http_port 192.168.0.213:3128
在第632(寫入你允許訪問的網段)和633行去掉注釋,
并特別注意636行是否有這個聲明--允許的條件寫在它的前面(所有的字符區分大小寫):
631 # be allowed
632 acl our_networks src 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24
633 http_access allow our_networks
634
635 # And finally deny all other access to this proxy
636 http_access deny all
在第2969行,更改它的默認用戶(默認沒有設置),去掉注釋:
# supplementary group list from the from groups membership of
2966 # cache_effective_user.
2967 #
2968 #Default:
2969 cache_effective_user squid ---(這里設為squid,這個比較重要,否則會啟動不了.報有關無法寫入cache, cache.log的錯誤)
在第2981行,更改它的默認組(默認沒有設置),去掉注釋:
2977 # If Squid is not started as root the user starting Squid must be member of the specified
2978 # group.
2979 #
2980 #Default:
2981 cache_effective_group squid ---(這里設為squid)
在第2997行,更改它的錯誤報告發送主機名(默認沒有設置),去掉注釋:
2993 # get errors about IP-forwarding you must set them to have individual
2994 # names with this setting.
2995 #
2996 #Default:
2997 visible_hostname 192.168.0.213 ---(這里指定IP地址)
e. 運行squid.
(1.)運行前檢查DNS服務要正常啟用:
bash-2.05# netstat -avn |grep 53
127.0.0.1.53 Idle
192.168.0.213.53 Idle
*.* 0 00000000 00000000 49152 00000000 00000000 3375 536 LISTEN
*.* 0 00000000 00000000 49152 00000000 00000000 3375 536 IDLE
*.* 0 00000000 00000000 49152 00000000 00000000 3375 536 LISTEN
(2.)第一次運行squid前先建立cache_swap的目錄文件.
bash-2.05# /usr/local/squid/sbin/squid -z ---運行此命令,返回下面結果,表示cache建立成功.
2007/11/21 15:39:16| Starting Squid Cache version 2.6.STABLE16 for sparc-sun-solaris2.9...
2007/11/21 15:39:16| Process ID 363
2007/11/21 15:39:16| With 32768 file descriptors available
2007/11/21 15:39:16| Using poll for the IO loop
2007/11/21 15:39:16| Performing DNS Tests...
2007/11/21 15:39:16| Successful DNS name lookup tests...
2007/11/21 15:39:16| DNS Socket created at 0.0.0.0, port 32815, FD 5
2007/11/21 15:39:16| Adding nameserver 192.168.0.213 from /etc/resolv.conf
2007/11/21 15:39:16| Unlinkd pipe opened on FD 10
2007/11/21 15:39:16| Swap maxSize 102400 KB, estimated 7876 objects
2007/11/21 15:39:16| Target number of buckets: 393
2007/11/21 15:39:16| Using 8192 Store buckets
2007/11/21 15:39:16| Max Mem size: 8192 KB
2007/11/21 15:39:16| Max Swap size: 102400 KB
2007/11/21 15:39:16| Rebuilding storage in /usr/local/squid/var/cache (DIRTY)
2007/11/21 15:39:16| Using Least Load store dir selection
2007/11/21 15:39:16| Set Current Directory to /usr/local/squid/var/cache
2007/11/21 15:39:16| Loaded Icons.
2007/11/21 15:39:16| Accepting proxy HTTP connections at 192.168.0.213, port 3128, FD 12
bash-2.05# /usr/local/squid/sbin/squid ---用此命令啟動服務
2007/11/21 16:21:49| Squid is already running! Process ID 363
bash-2.05# netstat -avn |grep 3128 ---表示squid已經正常起用了.
192.168.0.213.3128
(3.)編輯squid服務自動起用的腳本.
bash-2.05# vi /etc/rc3.d/S50squid
#!/sbin/sh
#
#
#ident "@(#)squid"
case "$1" in
start)
[ -f /usr/local/squid/etc/squid.conf ] || exit 0
/usr/local/squid/sbin/squid
;;
stop)
pkill squid
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
exit 0
bash-2.05# ls -l /etc/rc3.d/S50squid --此文件設定為744, sys組, 所有者為root:
-rwxr--r-- 1 root sys 301 Nov 21 10:59 /etc/rc3.d/S50squid
bash-2.05# chgrp sys /etc/rc3.d/S50squid
bash-2.05# chown root /etc/rc3.d/S50squid
bash-2.05# chmod 744 /etc/rc3.d/S50squid
3.測試:
設置:
windows 用戶端: 瀏覽器---工具---Internet選項---連接---局域網設置---代理服務器--
輸入: IP 192.168.0.213 ; 端口: 3128 ;確定,退出; 然后在IE地址攔輸入你要訪問的
網絡地址.
linux 或 Unix 用戶: bash-2.05# route add default gateway 192.168.0.213 ;
或 bash-2.05# vi /etc/defaultrouter 加入代理服務器的地址: 192.168.0.213
如果覺得起用squid訪問的速度慢, 你可以設置第1601行, cache_mem 把默認的8MB 改成32MB或者更大,
看機器的情況. 我這里是默認(注意: 有關default 項原配置文件是有# 號的, 改好后,記得把注釋去掉, 如果沒有修改,就不要去掉注釋,切記!!)
bash-2.05# pwd
/usr/local/squid
bash-2.05# tail -30 var/logs/access.log ---查看訪問日志文件,留下了用戶訪問的記錄.
1195638014.409 66 192.168.0.131 TCP_MISS/304 249
http://bbs.chinaunix.net/icon/- DIRECT/60.28.166.83 -
1195638014.411 64 192.168.0.131 TCP_MISS
http://bbs.chinaunix.net/icon/DIRECT/60.28.166.83 -
1195638014.418 69 192.168.0.131 TCP_MISS/http://bbs.chinaunix.net/icon/book- DIRECT/60.28.166.83 -
1195638014.430 77 192.168.0.131 TCP_MISS/304 249
http://bbs.chinaunix.net/icon/ - DIRECT/60.28.166.83 -
1195638014.449 170 192.168.0.131 TCP_MISS/http://www.chinaunix.net/top100_ - DIRECT/60.28.166.84 -
1195638014.467 163 192.168.0.131 TCP_MISS/http://www.chinaunix.net/job_banner160 - DIRECT/60.28.166.84 -
1195638014.478 170 192.168.0.131 TCP_MISS
http://www.chinaunix.net/download- DIRECT/60.28.166.84
4. 結束.
有關squid的配置文件多達4500行,有很多高級的配置
應用.功能很強大.如 acl 訪問控制列表; cache_mem;
也可以配置成防火墻,監控用戶訪問,監控你的
企業網絡等等
下面是這里過濾了注釋的配置文件(但不包含默認的,注釋了的部分)
bash-2.05# cat etc/squid.conf |grep -v "#"|grep " "
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
http_access deny all
icp_access allow all
http_port 192.168.0.213:3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl
apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_effective_user squid
cache_effective_group squid
visible_hostname 192.168.0.213
coredump_dir /usr/local/squid/var/cache
5. 一點心得.
此次配置是參考RHEL4下的配置完成的. 是一步一步根據運行的錯誤信息來排除解決問題的,需要說明
值得注意的是; cache_effective_user 和 cache_effective_group 必需指明正確;這里都是squid;
還有cache_mem 這個
數據,默認是8MB , 為了加快訪問速度把這個設得盡可能的大,128MB;256MB,一般
是你機器
內存的一半.
感謝各位的閱讀!關于“Sun Solaris 9 下如何配置Squid代理服務器”這篇文章就分享到這里了,希望以上內容可以對大家有一定的幫助,讓大家可以學到更多知識,如果覺得文章不錯,可以把它分享出去讓更多的人看到吧!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
