squid正向代理http&https

1.1 演示环境

cat /etc/redhat-release

CentOS Linux release 7.4.1708 (Core)

# server端ip及需求

安装squid；可以上外网；{内网+外网ip}

# client 端ip及需求

内网ip和server端内网ip在同一网端

1.2 安装squid

yum install squid -y

1.3 正向代理配置{server}

# 确认版本

rpm -qa |grep squid

squid-migration-script-3.5.20-12.el7.x86_64

squid-3.5.20-12.el7.x86_64

 

# 确认ip_forward转发开启

echo 1 > /proc/sys/net/ipv4/ip_forward

ip_forward需要设定为1

sysctl -a |grep -w ip_forward

net.ipv4.ip_forward = 1

 

# 修改配置文件

修改前

grep -n 'http_access deny all' /etc/squid/squid.conf

56:http_access deny all

修改后

grep -n http /etc/squid/squid.conf |grep -w all

56:http_access allow all

 

# 启动

systemctl start squid

# 添加防火墙规则

firewall-cmd --zone=public --add-port=3128/tcp --permanent

firewall-cmd --reload

1.4 客户端配置

1.4.1 https测试

export https_proxy=http://服务端内网ip:3128

curl -I https://www.baidu.com

#返回结果

    HTTP/1.1 200 OK

    Server: nginx/1.12.2

    Date: Tue, 24 Oct 2017 14:59:44 GMT

    Content-Type: text/html

    Content-Length: 277

    Connection: keep-alive

    Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT

    ETag: "575e1f72-115"

    Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform

    Pragma: no-cache

    Accept-Ranges: bytes

 

1.4.2 http测试

export http_proxy=http://服务端内网ip:3128

curl -I http://www.baidu.com

#返回结果

    HTTP/1.1 200 OK

    Server: nginx/1.12.2

    Date: Tue, 24 Oct 2017 14:59:44 GMT

    Content-Type: text/html

    Content-Length: 277

    Connection: keep-alive

    Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT

    ETag: "575e1f72-115"

    Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform

    Pragma: no-cache

    Accept-Ranges: bytes

 

1.4.3 全局配置

    # cp /etc/skel/.bash_profile /etc/skel/.bash_profile.bk

    # vim /etc/skel/.bash_profile

export http_proxy=http://服务端内网ip:3128

export https_proxy=http://服务端内网ip:3128

 

    # source /etc/skel/.bash_profile

    # env |grep http

http_proxy=http://服务端内网ip:3128

https_proxy=http://服务端内网ip:3128