Guide to setting up proxy servers for http and https using squid
- 2020-12-21 18:18:06
- OfStack
We have used nginx as a positive proxy when introducing nginx, but if you want to support https, it is more difficult to use nginx directly, while it is much easier to use squid, which is specialized in this area. This article documents the steps to install and configure squid 3.5 on centos7 to implement http and https.
The machine configuration
[root@liumiaocn ~]# uname -a
Linux mail.163.com 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@liumiaocn ~]#
[root@liumiaocn ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@liumiaocn ~]#
Install squid
[Installation command: yum install squid
]Confirm the version
[Version confirmation: rpm-qa |grep squid
]
[root@liumiaocn ~]# rpm -qa |grep squid
squid-migration-script-3.5.20-12.el7.x86_64
squid-3.5.20-12.el7.x86_64
[root@liumiaocn ~]#
Confirm ip_forward
ip_forward needs to be set to 1, default centos has been set, details are as follows:
[root@liumiaocn ~]# sysctl -a |grep -w ip_forward
net.ipv4.ip_forward = 1
[root@liumiaocn ~]#
Modify configuration file
Before the change
[root@liumiaocn ~]# grep -n 'http_access deny all' /etc/squid/squid.conf
56:http_access deny all
[root@liumiaocn ~]#
The modified
[root@liumiaocn ~]# grep -n http /etc/squid/squid.conf |grep -w all
56:http_access allow all
[root@liumiaocn ~]#
Start the squid
[systemctl start squid
]Question 1: libssl error
The following error appears when squid is started
squid: relocation error: squid: symbol SSL_set_alpn_protos, version libssl.so.10 not defined in file libssl.so.10 with link time reference
Reason: openssl was not installed
[Corresponding method: yum install openssl
After installation, start squid:
]
[root@liumiaocn ~]# systemctl start squid
[root@liumiaocn ~]# systemctl status squid
low squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2018-06-05 20:07:56 CST; 8s ago
Process: 28548 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
Process: 28540 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
Main PID: 28551 (squid)
Memory: 14.3M
CGroup: /system.slice/squid.service
├ ─ 28551 /usr/sbin/squid -f /etc/squid/squid.conf
├ ─ 28553 (squid-1) -f /etc/squid/squid.conf
└ ─ 28557 (logfile-daemon) /var/log/squid/access.log
Jun 05 20:07:56 liumiaocn systemd[1]: Starting Squid caching proxy...
Jun 05 20:07:56 liumiaocn squid[28551]: Squid Parent: will start 1 kids
Jun 05 20:07:56 liumiaocn squid[28551]: Squid Parent: (squid-1) process 28553 started
Jun 05 20:07:56 liumiaocn systemd[1]: Started Squid caching proxy.
[root@liumiaocn ~]#
Problem 2: Cannot resolve domain name
It was found that the domain name could not be used and could only be accessed using ip
[Reason: dns is not configured. Add 8.8.8.8 and 8.8.4.4 to squid's configuration file
]
[root@liumiaocn ~]# grep nameserver /etc/squid/squid.conf
dns_nameservers 8.8.8.8 8.8.4.4
[root@liumiaocn ~]#
[root@liumiaocn ~]# systemctl restart squid
[root@liumiaocn ~]#
Client access
The default port of squid is 3128, which has not been changed here. It can be accessed on the client using the following method:
http way
[
export http_proxy=http://192.168.163.117:3128
curl http://www.baidu.com
https way
[
export https_proxy=http://192.168.163.117:3128
curl https://www.baidu.com
conclusion