懂Squid的帮个忙,请问Squid支持HTTPs的squid正向代理配置吗

来源:蜘蛛抓取(WebSpider) 时间:2016-09-03 08:36 标签: squid 正向代理
windows环境下用squid代理https(ssl)的方法
字体:[ ] 类型:转载 时间:
这篇文章主要是为大家介绍下windows环境下用squid代理https(ssl)的方法,需要的朋友可以参考下
这个其实跟配置http代理也差不多,我之前是因为没有使用支持ssl的squid版本,所以反复折腾都不见效!
首先得检查你正在使用的squid版本是否是支持ssl的,主要看squid\sbin\ssleay32.dll文件是否存在,如果没有此文件那就得去换个支持ssl的squid版本了。
我这里就只提供个最简单的例子:
代码如下: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80& # http acl Safe_ports port 21& # ftp acl Safe_ports port 443& # https acl Safe_ports port 70& # gopher acl Safe_ports port 210& # wais acl Safe_ports port &# unregistered ports acl Safe_ports port 280& # http-mgmt acl Safe_ports port 488& # gss-http acl Safe_ports port 591& # filemaker acl Safe_ports port 777& # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow all icp_access allow all https_port 443 accel cert=c:/certs/server.pem key=c:/certs/server.pem vhostcache_peer 192.168.1.13 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER name=kensitecache_peer_domain kensite ken.01h.net
hierarchy_stoplist cgi-bin ? access_log c:/squid/var/logs/access.log squid acl QUERY urlpath_regex cgi-bin \? cache deny QUERY refresh_pattern ^ftp:& 080 refresh_pattern ^gopher:&40 refresh_pattern .& 0&20%&4320 acl apache rep_header Server ^Apache broken_vary_encoding allow apache visible_hostname 01H.NET coredump_dir c:/squid/var/cache
备注:“c:/certs/server.pem”这个文件是可以去提供ssl服务的软件相关目录下找到的,扩展名也有可能是.crt、.key等,我这里的.pem是以VisualSVN为例的。
您可能感兴趣的文章:
大家感兴趣的内容
12345678910
最近更新的内容
常用在线小工具workming 的BLOG
用户名:workming
文章数:126
评论数:236
访问量:1165304
注册日期:
阅读量:5863
阅读量:12276
阅读量:404389
阅读量:1093259
51CTO推荐博文
coredump,logs}coredump,logs}coredump,logs}http_port 内网口IP:8080
cache_effective_user squid
cache_effective_group squid
cache_mem 2048 MB
cache_swap_low 90
cache_swap_high 95
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir aufs /data/squid/cache
coredump_dir /data/squid/coredump
memory_pools_limit 1024 MB
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 32768 KB
maximum_object_size_in_memory 2048 KB
access_log /dev/null
cache_access_log none
cache_log /dev/null
cache_store_log none
cache_swap_log /data/squid/logs/swap.log
logfile_rotate 1
pid_filename /usr/local/squid/var/logs/squid.pid
strip_query_terms off
visible_hostname ProxySrv
error_directory /usr/local/squid/share/errors/zh-cn
request_header_max_size 64 KB
request_body_max_size 0 KB
negative_ttl 5 minutes
read_timeout 1 minutes
client_lifetime 10 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
request_timeout 2 minutes
persistent_request_timeout 1 minute
client_persistent_connections off
server_persistent_connections on
tcp_recv_bufsize 65535 bytes
half_closed_clients off
httpd_suppress_version_string off
ie_refresh off
allow_underscore on
refresh_pattern ^ftp:
refresh_pattern ^gopher:
refresh_pattern -i (/cgi-bin/|\?) 0
refresh_pattern .
dns_nameservers DNS服务器IP
acl OverConnLimit maxconn 300
http_access deny OverConnLimit
acl our_network src 192.168.0.0/16
http_access allow our_network
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
request_header_access Via deny all
request_header_access X-Forwarded-For deny all#!/bin/sh
#squid - this script start and stop the squid daemon
# chkconfig: - 90 25
# description: squid is a pagecache reverse proxy.
# processname: squid
# pidfile: /usr/local/squid/var/logs/squid.pid
# config: /usr/local/squid/etc/squid.conf
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
BINFILE="/usr/local/squid/sbin/squid"
CFGFILE="/usr/local/squid/etc/squid.conf"
PIDFILE="/usr/local/squid/var/logs/squid.pid"
LOCKFILE="/var/lock/squid.lock"
CACHEPATH="/data/squid/cache"
OUTFILE="/data/squid/logs/squid.out"
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
[[ -f $BINFILE ]] && SQUID="${BINFILE}"
CACHE_SWAP=`sed -e 's/#.*//g' ${CFGFILE} | grep cache_dir | awk '{print $3}'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP="${CACHEPATH}"
if [[ ! -f ${CFGFILE} ]]; then
echo "The configuration file: ${CFGFILE} has no found!" 1&&2
SQUID_OPTS="-s -f ${CFGFILE}"
[[ -z "$SQUID" ]] && echo "Insufficient privilege" 1&&2 && exit 4
for adir in $CACHE_SWAP
if [[ ! -d $adir/00 ]]; then
echo -n "init_cache_dir $adir"
$SQUID -z -F -D && ${OUTFILE} 2&&1
echo -n "Starting squid..."
$SQUID $SQUID_OPTS && ${OUTFILE} 2&&1
if [[ $RETVAL -eq 0 ]]; then
timeout=0;
[[ ! -f ${PIDFILE} ]] || break
[[ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]] && RETVAL=1 && break
sleep 1 && echo -n "."
timeout=$((timeout+1))
[[ $RETVAL -eq 0 ]] && touch ${LOCKFILE}
[[ $RETVAL -eq 0 ]] && echo "start squid is ok!"
[[ $RETVAL -ne 0 ]] && echo "start squid is failed!"
return $RETVAL
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
echo -n "Stopping squid..."
$SQUID -k check && ${OUTFILE} 2&&1
if [[ $RETVAL -eq 0 ]]; then
$SQUID -k shutdown &
rm -f ${LOCKFILE}
[[ -f ${PIDFILE} ]] || break
[[ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]] && echo "" && return 1
sleep 2 && echo -n "."
timeout=$((timeout+2))
echo "Stop squid is ok!"
echo "Stop squid is failed!"
[[ ! -e ${LOCKFILE} ]] && RETVAL=0
return $RETVAL
restart() {
case "$1" in
SQUID_OPTS=${SQUID_OPTS:-"-D"}
$SQUID -k reconfigure -f ${CFGFILE}
condrestart)
[[ -e ${LOCKFILE} ]] && restart || :
echo $"Usage: $0 {start|stop|reload|restart|condrestart}"
exit $?#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
PORT='8080'
ETH1_ADDR=`/sbin/ifconfig eth1 | awk -F ':' '/inet addr/{print $2}' | sed 's/[a-zA-Z ]//g'`
if [[ ! -e /usr/local/squid/sbin/squid ]]; then
echo "The squid service has no been installed ^_^"
#服务挂掉的情况
retval=`ps aux | grep 'sbin/squi[d]' | wc -l`
if [[ ${retval} -eq 0 ]]; then
/sbin/service squid restart &/dev/null 2&&1
##服务僵死的情况
retval=`/usr/local/squid/bin/squidclient -s -h ${ETH1_ADDR} -p ${PORT}`
if [[ "${retval}X" != "X" ]]; then
/sbin/service squid restart &/dev/null 2&&1
fi本文出自 “” 博客,请务必保留此出处
了这篇文章
类别:┆阅读(0)┆评论(0)
23:08:16 00:47:24 08:57:50 19:06:58 22:52:40 11:41:25

我要回帖

更多关于 squid 正向代理 的文章

 

随机推荐