Wakilin Squid - Sashe na 1

Barka dai jama'a, kuna iya kira na Brody. Ni kwararre ne a yankin cibiyar bayanai, sannan kuma masoyin duniyar linux ne saboda saukakkiyar hujja cewa tana sanya rayuwata da aiki sauki. Yi tunani game da shi!

Daga wannan lokaci zuwa gaba, Zan yi ma'amala da "ku" ta hanyar da ba ta mutum ba, ƙari cikin amincewa. Koyawa na ba zai kasance kawai game da girka sabis ba ne kuma a yanzu, zan ba ku dukkan ilimin da kayan aikin da ake buƙata don ku yi amfani da damar kowane fasalin aikace-aikace., duk wata tambaya saika aika sako ta inbox

Squid ba wakili ne kawai ba da sabis na ɓoye, yana iya yin ƙari da yawa: gudanar da acl (jerin isowa), tace abun ciki, har ma tana iya yin ssl tace ko da a bayyane ne (hanyar wakili - ba tare da an saita saitunan wakili ba) daga masu binciken su, kamar mutum ne a tsakiya, babu wanda ya san akwai shi). Don haka yawanci ina ganin yadda cikakken damar wannan aikace-aikacen ya lalace ta hanyar rashin sanin yadda ake tsara kowane sassan sa.

Amma abubuwan farko da farko, bari mu kalli fasalin wakili.

Shigar:

gwaninta shigar squid3

Shirya fayil ɗin daidaitawa:

vi /etc/squid3/squid.conf

  • http_port ip: tashar jiragen ruwa

Misali zai kasance http_port 172.16.128.50: 3128  Za a bayar da sabis ɗin ta ƙayyadadden IP da tashar jiragen ruwa, musamman ba zan ba da shawarar barin tashar jiragen ruwa 3128 ta hanyar tsoho a cikin yanayin samarwa ba.

  • acl localnet src ip / maski

Misali zai kasance acl cibiyar sadarwa src 172.168.128.0/24 jerin samfu na gaba ɗaya (azaman macro mai yuwuwa) wanda zai sami damar zuwa sabis ɗin da aka faɗi. localnet shine ake kira acl, amma zaka iya sanya duk sunan da kake so acan.

  • http_access bada izinin localnet

Mai sauki http_access ba da izini cibiyar sadarwa suna iri ɗaya da kuka sanya a cikin abin da ya gabata, a nan muna ba da damar wannan hanyar sadarwar ta iya kewaya da amfani da ayyukan squid

  • sauri_abort_min 0KB
  • sauri_abort_max 0KB

Lokaci lokacin da muka zubar da buƙata. Zanyi bayani dalla-dalla dalla-dalla: yayin da mai amfani yake yin bincike ta hanyar wakilinku kuma ya soke buƙata ko zazzagewa, kuna da zaɓi 3, idan zazzagewar bai kai ƙasa ba sauri_abort_min 80KB to Squid zai zazzage shi, idan zazzagewar ta ɓace fiye da sauri_abort_max Sannan za'a soke 150 KB nan take, idan duk an saita su zuwa 0KB kamar yadda lamarin yake, zazzagewar ta kare da zaran mai amfani ya soke.

  • Kashewa_mutsi na mintina 5

Wannan shine lokacin da za a buɗe zaman uwar garke muddin babu sabon karatu, misali akan shafi mai mahimmanci, ƙimar gaske ba lallai ba ce amma a shafuka masu ƙarfi kamar Facebook wannan ƙimar karɓa ce

  • Nemi_mutuwar minti 3

Wannan ƙimar zata iya zama ƙasa da ƙasa, ya dogara da ingancin wan haɗin sabarku da adadin abokan cinikinku. Wannan sigar tana nufin matsakaicin lokacin jira don buga taken kai na http na buƙatar, bayan kafa haɗin.

  • rabin_ rufewa-abokan ciniki kashe

Yana hana haɗin haɗin da aka rufe saboda kuskuren sadarwa. Ba kwa son ɓata albarkatun sabarku ta kowane yanayi.

  • rufewa_ rayuwa sau 15

Wannan alamar tana ba da damar taƙaita lokacin jira don rufe hanyoyin squid yayin yin SIGTERM ko SIGHUP

  • log_icp_queries kashe

Wannan na barshi yadda kake so, ta hanyar tsoho ya zo, kuma shine a shiga log din kowace tambaya da aka yi wa wakilin wakili.

  • DNS_nameservers 8.8.4.4 8 8.8.8.8

Za a yi tambayoyin DNS ga waɗannan ip ta rabu da sarari, idan babu wanda aka ayyana, ana amfani da DNS ɗin tsarin ku ta tsohuwa

  • dns_v4_first a kan

Da kyau ya dogara da ƙasa ko saitunan muhallin ku, amma a wurina ba ni da IPv6 DNS, don haka ya kafa ta tsoho cewa ana neman komai da farko a ipv4

  • Ipcache_size 2048

Matsakaicin adadin shigarwa a cikin squid dns cache

  • ipcache_low 90

Mafi qarancin girman dns cache shigarwar.

  • fqdncache_size 4096

Matsakaicin adadin shigarwar FQDN a cikin akwatin ajiya

  • ƙwaƙwalwar ajiya

Mun kashe cewa an ajiye memorin RAM don aiwatar da ayyukan squid na gaba, idan ya kasance hanya ce mai karanci akan sabar ku

  • an tura gaba

Idan kana son hana su ganin ip na sirri daga wan, buƙatun zasu zo tare da ba a sani ba, ko a wannan yanayin, ru ip wan

mun fara keken

ruwa 3 -z

Mun sake kunna sabis

sabis squid3 sake kunnawa

Don gama kawai zaka sanya a cikin burauzarka, a cikin zaɓin wakili na ip da tashar jiragen ruwa, a shirye dole ne ka kasance kana bincika

Wannan duk wannan ne don wannan biki, ku sani cewa da wannan zaku sami kifin mai ƙarfi sosai, a cikin bayanan da za mu zo nan gaba za mu yi ajiya tare da squid


24 comments, bar naka

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   Ingin Jose Albert m

    Kyakkyawan, mataki-mataki koyawa. Abin da na fi so shi ne bayanin zaɓin zaɓi-zaɓi na sake tsarin sanyi.

    Wanda na fi so shi ne zaɓi na:

    sauri_abort_min 0KB
    sauri_abort_max 0KB

    Ina tsammanin wannan yana da mahimmanci saboda sau da yawa mai amfani zai iya rasa (sokewa) saboda yanayin X, zazzagewa da ke gab da ƙarewa kuma wannan ƙididdigar da aka ƙididdige ta gwargwadon albarkatun kwamfutarmu na iya ba mu damar ci gaba da faɗakarwar da aka faɗi, tunda kusan mai amfani ɗaya ne ko wani na iya gwadawa cikin ƙanƙanin lokaci don sake gwada saukar da abu ɗaya, yana adana zirga-zirga zuwa intanet.

    Gyara min idan nayi kuskure, BrodyDalle?

    1.    Rariya m

      Ee kuma a'a, zanyi bayani.

      Lallai zazzagewar zata kare cikin nasara koda mai amfani ya soke ta, kawai sai idan mai amfani daya ko wani yayi kokarin sauke aikace-aikacen ko shafin yanar gizon, squid zai gabatar da kwafin da yake da shi a cikin ɓoye kuma ba zai shiga Intanet don sake sauke bayanan ba. Yanzu hankali anan sakamakon sake dawowa shine kawai mai sarrafa saukarwa wanda ke adana bayanan a cikin ɓoye na'urarku don ƙayyadadden lokacin kuma ba ku damar ci gaba da sokewa ko katsewa, ba squid bane.

      A cikin karatuttukan na gaba zan baku squid a matsayin matattarar ku sosai, don kar ku ɓata albarkatun WAN (Intanit) na hanyar sadarwar ku

  2.   Javier Espinoza m

    Labari mai kyau Ina koyo game da squid da aiwatarwa na gode sosai yana zuwa da sauki

    1.    Rariya m

      Godiya, yi hattara cewa a cikin koyarwar nan gaba zan bada squid a matsayin matattarar ajiya sosai, saboda kar ku tozartar da hanyoyin WAN (Intanet) na hanyar sadarwar ku

  3.   kaza servita m

    babban koyawa koyaushe yana da kyau don fadada ilimi. Murna

  4.   Miguel Piya m

    Barka dai, da farko dai godiya ga maudu'in, bayani da kuma ilimin da aka bayar. Ina da karin bayani, tambaya. Na kawo tebur wata matsala da ta faru da ni daidai da squid3 akan Debian, ya zama cewa wata rana mai kyau, watanni da suka gabata, Na sabunta tsarin kuma tare da wannan haɓakawa ya zo sabon fasalin squid, 3.5, daga can wakili ya bar - don wuce duk hanyoyin haɗin HTTPS, ma'ana, yanzun nan ban sake buɗe https // www.google.com.cu ba, https://www.facebook.com da duk wani abu da yake amfani da amintaccen yarjejeniya ta HTTPS. Binciken kadan, Na gano cewa matsalar ta kasance cikin kula da SSL, wani abu Debian ya dakatar da kwalliya tare da squid3 don dalilai na doka da falsafa. BA ZAMU faɗi rashin jin daɗin da ke wanzu a mahallin kwanakin da na yi ƙoƙarin magance wannan "matsalar" wanda a ƙarshe ba zan iya gyarawa ba, amma na koma kan sigar da ta gabata ta Squid3 kuma na riƙe kunshin da ƙwarewa don hana shi daga sabuntawa kuma. A shafin da aka ba da rahoton kwari na squid, ya yi magana game da wani kwaro da ake kira "squid-in-the-middle", kuma ya yi gargaɗi cewa duk squid daga sigar 3.4.8 zuwa gaba suna da rauni, don haka sun ba da shawarar sabuntawa zuwa sigar mafi kwanan nan kuma tara squid tare da SSL + saita don samar da takaddun shaida da hannu…. DON ALLAH! Idan wani ya shiga cikin wannan halin kuma ya warware shi, Ina so in zama mai kirki kuma ku ba ni haske game da wannan batun kuma idan ba haka ba, aƙalla faɗi cewa abu ɗaya ya faru ... kuma menene mafita da aka yi amfani da shi. Na gode.

    1.    Rariya m

      A halin yanzu a Debian Jessie ana samunsa har sai na 3.4.8-6 + deb8u1… Duk da haka zan iya gaya muku cewa zaku iya amfani da ssl bump idan kuna amfani da squid a cikin yanayin bayyane. http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit…. Ba na tambayar gudummawar ku, don haka ba da daɗewa ba zan sanya sabon salo daga gidan yanar gizon sa

  5.   Antonio A. m

    Da safe,

    Dangane da aiki, shin zai dace da girke kan Rasberi Pi 2?

    Godiya a gaba, gaisuwa.

  6.   Antonio A. m

    Sannu,

    Kyakkyawan koyawa, amma ina da tambaya: dangane da aikin, shin zai dace a girka kan Rasberi Pi 2?

    Na gode.

    1.    Rariya m

      Amsar a takaice ita ce A'a ... zaku iya yin sa amma wasu fasaloli kamar su hanyar sadarwa, mai sarrafawa, faifai sune matsalolin ku. Yanzu idan har yanzu kuna buƙatar yin aiki a matsayin wakili, ina tsammanin ƙaramar wakilce ta fi kyau

      Godiya ga sa hannun ku

  7.   tabris m

    Shin kuna da kwarewa tare da Squid a cikin pfSense?

    1.    Rariya m

      a, me kuke bukatar sani? duba ko zan iya taimakon ka.

  8.   karin 90 m

    Kyakkyawan koyawa, tuni yayi kyau sosai. Ban san komai game da batun ba.Yanzu ina girke wakili a cikin kamfanina tare da squid.conf daga sigar da ta gabata kuma akwai abubuwan da suka canza tsarin rubutun. Ya yi mini aiki da yawa. Zan ci gaba da jira kashi na 2.
    Godiya sosai

    1.    Rariya m

      Godiya ga bayaninka, har zuwa lokacin da za a samu sashi na biyu na squid kan yadda ake yin ajiya ba da daɗewa ba.

  9.   RaMSeS m

    Madalla, tuntuni na aiwatar da sabar ubuntu tare da squid kuma tana gudu sosai yanzu an cire ni daga lattin zuwa wani lokaci kuma zan so in dawo kan batun sabobin da aka adana don ba da aiki mafi kyau ga al'amuran hikima, godiya don gudummawar ku Brody!

  10.   rodrigoarielpizarro m

    Barka dai, taimakon ku yana da kyau sosai, kawai na shiga batun IPV6 tare da DNS kuma ina fuskantar matsaloli a can. Lokacin da babu rukunin yanar gizo da ya bayyana tare da IPV6 zai iya aiki a wurina, don haka ina bukatar in san idan dns_v4_first akan daidaitawa yana buƙatar kunnawa kafin lokacin da aka tattara squid, saboda a cikin 3.3.8 ba zai yi aiki ba.

  11.   jocampo m

    Da safe.
    Da farko dai, wannan karatun ya taimaka sosai. Yanzu na gabatar da kara na, tunda ban sani ba ko da squid zan iya magance bukatata ko in nemi wata madadin.
    Ina da aikace-aikacen da aka tsara akan misali na AWS EC2, wanda dole ne ya gabatar da buƙatun zuwa amazon api, matsalar tana faruwa ne lokacin da waɗannan buƙatun suke da yawa, don haka amazon ya gane ip kuma ya ƙi waɗannan buƙatun na ɗan lokaci, yana haifar da rashin daidaituwa a cikin aikace-aikace Ina da. Don warware wannan, muna amfani da sabis ɗin Proxymesh, wanda ke karɓar buƙata kuma ya aika daga ɗayan ip ɗin sa, saboda haka guje wa toshewa, gaskiyar ita ce don wannan, lokacin da muke neman buƙatar amazon, muna yin sa ta hanyar curl a cikin php, ba da azaman zaɓi don haɗi zuwa proxymesh. Yanzu ina neman yiwuwar cewa daga misalin ne wanda za'a iya saita shi lokacin da aka gabatar da buƙatun zuwa amazon api, suna zuwa kai tsaye zuwa sabis ɗin proxymesh saboda shine mai kula da aika buƙata zuwa makoma ta ƙarshe. Shin yana yiwuwa a yi wannan juyawa tare da squid ko kuna ba da shawarar wani madadin?
    Na gode sosai.

  12.   janho m

    Shin wani ya gwada makircin tabbatarwa da yawa akan squid? Na shigar da sigar 3.5.22 a cikin debian kuma kodayake na gwada bambance-bambancen daban baya aiki, halin da nake ciki shine ina bukatar duka masu amfani da AD da sauran masu amfani na waje su sami damar shiga, idan sun yi aiki daban domin ni ko ntml ga masu amfani da yankin ya shiga da asali (ncsa) don na waje amma ba duka a lokaci guda ba. duk wani taimako zaiyi amfani. Godiya a gaba

  13.   Za m

    Ya ƙaunataccena, ban san dalilin ba, na sanya squid ba tare da matsala ba, amma lokacin da na sabunta shi zuwa sigar 3.5 fayil ɗin access.log ya fara zama fanko, ba ya adana bayanan lokacin da ya saba. Ban sani ba idan dole ne in gani kuma in aiwatar da WPAD don daina amfani da daidaitaccen tsari, tare da cire sauyawa daga tashar 80 zuwa 3128 kamar yadda aka saba yi, tunda da wpad wannan dokar bata da mahimmanci.

    shin me yasa damar shiga.log din yanzu ya daina rikodin aiki?

    Murna !!

  14.   Cristian m

    Kyakkyawan jagora mai kyau!

    Na jima ina amfani da squid a matsayin wakilin yanar gizo, amma a yan kwanakin nan na lura cewa yana daukar min lokaci mai tsawo don bincika ko bude shafuka ... Shin zan iya tsabtace wurin ajiya?

    Wani ya daidaita squid tare da mkt, yaya yake aiki a gare su?

    gaisuwa

  15.   juan m

    Kyakkyawan bayani, kayi haƙuri yaya zan iya shiga cikin squid tare da kundin adireshi don a lokacin shiga shafin da aka toshe ya tambaye ni sunan mai amfani da kalmar wucewa na asusun ajiyar aiki kuma idan mai amfani ya ce yana da izinin shiga shafin.

  16.   Carlos m

    Sannu,
    kyakkyawan jagora, duk da haka kuma zaku iya jagorantar ni tunda kawai ban bayar ba, Ina da intanet na 20MB da squid 3.1 da aka ɗora akan centos 6.9 kuma ina amfani da kusan masu amfani da 300 kafin in sami hanyar haɗin 4MB da squid 3.1 kuma daidai wannan lambar Masu amfani kuma a fili duk abin da yake da jinkiri kuma aka ambata ga mai gudanarwa (I) ya zargi mahaɗin, a ƙarshe na sa su su canza shi kuma intanet kamar yadda yake a hankali, na sake shigar da OS, saita squid 3.1 kuma babu wani abu da yake sauri da sauri Ina yin ma'aunin sauri daga abokin cinikin squid kuma yana bani 18 zuwa 20 MB amma na ci gaba da ambaton saboda sabis ɗin yana da sauƙi

    Idan ku ko wani wanda ya sami matsala makamancin wannan zai iya ba ni haske, zan gode musu ba iyaka.

  17.   Luis m

    Abin da ya faru da adiresoshin, shin an canza su zuwa adireshin cibiyar sadarwar su ko waɗanda kuke amfani da su ana amfani da su.

  18.   Yin wasa m

    Ina koyo game da debian squid da aiwatarwa, na gode sosai, ya zo da sauki. amma yana ba ni matsala game da haɗin kuma ina bincika idan ya ba da kuskure kuma ga alama komai yana gudana daidai.