摘要:
useradd-s/sbin/nologinerbu&&echo123456|passwd--stdinerbuyum-yinstallsquidvim/etc/squid/squid.confacllanhome1src192.168.0.2/32http_accessallowlanhmoe1systemctlrestartsquid&&ss-tnlp|grep3128&&systemctlenablesquidsystemctlstopfirewalld&&systemctldisablefirewalld建议我们在搭建客户端的时候最好使用自己擅长的操作系统,我比较擅长centos,所以就假设我们的服务端是centos,因为ubuntu不太方便,比如ubuntu默认不允许root直接登录,普通用户默认拥有sudo到root的权限,squid默认的配置文件废话太多,尽管上述几个缺点可以通过修改配置文件改变,但我就是不愿意费这个事,就直接使用centos做为服务端。
前言
关于squid的这种应用详细原理这里不做赘述,推荐大家看了一下马哥教育对squid服务的详解,我们这里更多的关注的squid的使用
我们公司内部使用squid做代理服务,在某天突然坏了,我搞了五天,还没有修复,终于在第五天的凌晨才修复,通过这次故障处理,我也成长了很多;从头到尾把这次过程梳理一下。其实这个问题可以更快的解决,我虽然大概知道了问题所在,但是却犹犹豫豫,没有真正仔细的面对自己的判断,没有仔细看日志,白白浪费了好多天的时间。
拓扑描述:
服务端两个网卡,可以上网的网卡IP为192.168.0.100,连接内网的网卡的IP是192.168.10.10
客户端的IP都位于192.168.10.x网段,上网需要通过设置代理的服务端的IP即:192.168.10.10
服务端
服务的搭建相当简单,就简单的几条命令就搞定了。
## Centos7
# 创建一个不能登录的用户erbu,密码设置为123456,让客户端使用
# 有的的时候客户端在使用代理的时候必须指定代理的用户名和密码,但我们又不能给客户端root密码,让用一个普通用户即可。
useradd -s /sbin/nologin erbu && echo 123456 | passwd --stdin erbu
yum -y install squid
vim /etc/squid/squid.conf
acl lanhome1 src 192.168.0.2/32
http_access allow lanhmoe1
systemctl restart squid && ss -tnlp | grep 3128 && systemctl enable squid
systemctl stop firewalld && systemctl disable firewalld
建议我们在搭建客户端的时候最好使用自己擅长的操作系统,我比较擅长centos,所以就假设我们的服务端是centos,因为ubuntu不太方便,比如ubuntu默认不允许root直接登录,普通用户默认拥有sudo到root的权限,squid默认的配置文件 废话太多,尽管上述几个缺点可以通过修改配置文件改变,但我就是不愿意费这个事,就直接使用centos做为服务端。
客户端
服务端的搭建比较简单,因为方法比较固定,但是客户端使用方法有很多。
windows
widows只要在设置当中开启代理 ,指定服务端的IP+端口即可,早年间我在某个单位出差的时候发现,他们的很多电脑没有设置网关,却能正常的打开百度搜索,我非常惊讶,后来发现原是设置了代理 。
centos7
在centos7当中,我们用代理往往是为了安装软件,比如yum、pip
-------------------------------------------------------------------------------------
# wget
## 第一种方法,在命令行当中直接指代理的IP和端口,如下所示,经测试成功,值得一提的是我的代理服务端应用是squid,套接字是10.100.0.9+3128,客户端直接指定IP+端口就能使用wget,根本不需要指定用户名和密码,但这种方法只能下载http协议的东西,对https的东西是无法下载的;
wget http://www.baidu.com -e use_proxy=yes -e http_proxy=192.168.10.10:3128
## 想要下载https的东西,得这样,如下所示,将http改成https;
wget --no-check-certificate https://mirrors.aliyun.com/repo/Centos-7.repo -e use_proxy=yes -e https_proxy=192.168.10.10:3128
## 第二种方法,在wget的配置文件里面写,~/.wgetrc,新测有效;
http_proxy = http://192.168.10.10:3128
https_proxy = https://192.168.10.10:3128
ftp_proxy = http://192.168.10.10:3128
use_proxy = on
wait = 15
-------------------------------------------------------------------------------------
# yum
vim /etc/yum.conf
proxy=http://192.168.10.10:3128
proxy_username=erbu
proxy_password=123456
-------------------------------------------------------------------------------------
# pip
cd
mkdir .pip
vim .pip/pip.conf
[global]
index-url=http://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host=mirrors.aliyun.com
# 安装测试
pip install t5 --proxy="http://192.168.10.10:3128"
------------------------------------------------------------------------------------
windows可以这样,如下所示:
ubuntu18+
----------------------------------------------------------------------------------------------
# 加环境变量,放到.bashrc和/etc/profile是一样的效果
root@client:~# cat .bashrc | tail -4
export http_proxy='http://192.168.10.10:3128'
export https_proxy='http://192.168.10.10:3128'
export ftp_proxy='http://192.168.10.10:3128'
export no_proxy='localhost,127.0.0.1'
# 重读
root@client:~# source .bashrc
## 测试
apt update && apt install apache2 -y
----------------------------------------------------------------------------------------------
# pip 源设置
pip config list
pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
pip config list
或者
cd
mkdir .pip
vim .pip/pip.conf
[global]
index-url=http://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host=mirrors.aliyun.com
# 安装测试
pip install t5 --proxy="http://192.168.10.10:3128"
--------------------------------------------------------------------------------------------
故障处理
- 可以通过看查看3128端口的连接判断客户端是否已经连接到服务端
# 查看当前有哪些IP正在连接代理
netstat -n | grep 3128 | awk '{print $5}' | awk -F':' '{print $1}' | sort | uniq
- 当然细致的错误还得是看日志
## 排错相关,排错主要看这两个日志
ls /var/log/squid/
access.log cache.log
- MISS/503
cat /var/log/squid/access.log
1467339283.619 60229 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -
1467339292.627 61011 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -
1467339292.627 61014 183.12.65.8 TCP_MISS/503 0 CONNECT [www.google.com.hk:443](http://www.google.com.hk:443/) k19421 DIRECT/2607:f8b0:4007:80b::2003 -
当时出现这个问题,我解决了一个星期,通过对比正常squid服务器的日志发现,日志当中只有IPV6的地址,而正常的服务器解析出来的是IPV4的地址,后来查找了一段时间发现可以通过在配置文件当中的添加:
dns_v4_first on
然后重启squid服务之后,恢复正常。
常用源
ubuntu
Ubuntu 的软件源配置文件是 /etc/apt/sources.list
##################16.04
deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe
##################18.04
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
#################20.04
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
#### 16.04
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted universe multiverse
# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse
########18.4
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
#####20.04
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse
# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-proposed main restricted universe multiverse
######21.04
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-security main restricted universe multiverse
# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ hirsute-proposed main restricted universe multiverse
root@client:~# cat /proc/version
Linux version 5.13.0-19-generic (buildd@lgw01-amd64-013) (gcc (Ubuntu 11.2.0-7ubuntu2) 11.2.0, GNU ld (GNU Binutils for Ubuntu) 2.37) #19-Ubuntu SMP Thu Oct 7 21:58:00 UTC 2021
root@client:~# uname -a
Linux client 5.13.0-19-generic #19-Ubuntu SMP Thu Oct 7 21:58:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
root@client:~# cat /etc/apt/sources.list
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu impish main restricted
# deb-src http://archive.ubuntu.com/ubuntu impish main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu impish-updates main restricted
# deb-src http://archive.ubuntu.com/ubuntu impish-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu impish universe
# deb-src http://archive.ubuntu.com/ubuntu impish universe
deb http://archive.ubuntu.com/ubuntu impish-updates universe
# deb-src http://archive.ubuntu.com/ubuntu impish-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://archive.ubuntu.com/ubuntu impish multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish multiverse
deb http://archive.ubuntu.com/ubuntu impish-updates multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu impish-backports main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish-backports main restricted universe multiverse
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu impish partner
# deb-src http://archive.canonical.com/ubuntu impish partner
deb http://archive.ubuntu.com/ubuntu impish-security main restricted
# deb-src http://archive.ubuntu.com/ubuntu impish-security main restricted
deb http://archive.ubuntu.com/ubuntu impish-security universe
# deb-src http://archive.ubuntu.com/ubuntu impish-security universe
deb http://archive.ubuntu.com/ubuntu impish-security multiverse
# deb-src http://archive.ubuntu.com/ubuntu impish-security multiverse
centos
centos官方镜像:https://www.centos.org/centos-linux/ 里面涵盖cnetos7和centos8,注意下载的时候别下载错了,我们通常要下载x86架构的,而不是arm架构的。
阿里云镜像:https://developer.aliyun.com/mirror/
清华源:https://mirrors.tuna.tsinghua.edu.cn
# centos7
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
或
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
# epel
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
--------------------------------------------------------------------------------
# centos8
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
或
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo