Sanibonani nonke, ningangibiza ngoBrody. Nginguchwepheshe endaweni yesikhungo sedatha, futhi ngingumuntu othanda umhlaba we-linux ngeqiniso elilula lokuthi lenza impilo yami nokusebenza kube lula. Cabanga ngakho!
Kusukela ngalesi sikhathi kuqhubeke, ngizokuphatha "wena" ngendlela engenabuntu, ngokuzethemba okukhulu. Ama-tutorials ami ngeke abe kuphela ngokufaka insiza futhi manje, ngizokunikeza lonke ulwazi namathuluzi adingekayo ukuze usebenzise kakhulu amandla esici ngasinye sohlelo lokusebenza, noma imiphi imibuzo ithumela umyalezo ku-inbox
I-squid akuyona nje insizakalo yommeleli ne-cache kuphela, ingenza okuningi: ukuphatha i-acl (uhlu lokufinyelela), ukuhlunga okuqukethwe, ingenza nokuhlunga kwe-ssl ngisho nakwimodi esobala (indlela yommeleli - ngaphandle kokumisa kuzilungiselelo zommeleli kuziphequluli zazo , kufana nendoda phakathi, akekho owaziyo ukuthi ikhona). Ngakho-ke ngivame ukubona ukuthi amandla agcwele walolu hlelo achithwa kanjani ngokungazi ukuthi ungazilungisa kanjani izingxenye zayo.
Kepha izinto zokuqala kuqala, ake sibheke isici se- ummeleli.
Faka:
ukufaneleka ukufaka i-squid3
Hlela ifayela lokumisa:
vi /etc/squid3/squid.conf
- http_port ip: itheku
Isibonelo kungaba http_port 172.16.128.50: 3128 Isevisi izonikezwa i-IP echwebayo echaziwe, ikakhulukazi angincomi ukushiya itheku 3128 ngokuzenzakalela endaweni yokukhiqiza.
- I-acl yendawo yenethiwekhi src ip / mask
Isibonelo kungaba kuhlanganisa imvu src 172.168.128.0/24 uhlu lokufinyelela okujwayelekile (njenge-macro ngangokunokwenzeka) oluzokwazi ukufinyelela kuleyo sevisi. i-localnet yilokho okubizwa nge-acl, kepha ungabeka noma yiliphi igama olifunayo lapho.
- http_access vumela i-localnet
USenenlo http_access vumela imvu igama elifanayo olifakile entweni edlule, lapha sivumela le nethiwekhi ukuthi izule futhi isebenzise izinsizakalo ze-squid
- okusheshayo_abort_min 0KB
- okusheshayo_abort_max 0KB
Isikhathi lapho sikhipha isicelo. Ngizoyichaza ngokuningiliziwe: lapho umsebenzisi ephequlula nge-proxy yakho futhi ekhansela isicelo noma ukulanda, unezinketho ezi-3, uma ukulanda kungaphansi iminithi_esheshayo_ I-80KB i-squid izoyilanda, uma ukulanda kulahlekile ngaphezu kwe- esisheshis_max I-150 KB izokhanselwa ngokushesha, uma zombili zisethwe ku-0KB njengoba kunjalo, ukulanda kuyaphela ngokushesha lapho umsebenzisi ekhansela.
- funda_kuphuma imizuzu engu-5
Lesi yisikhathi lapho iseshini yeseva izovulwa inqobo nje uma kungekho ukufundwa okusha, ngokwesibonelo ekhasini elimile, inani eliphakeme kakhulu alidingeki kepha kumakhasi ashukumisayo afana ne-facebook leli inani elamukelekayo
- isicelo_kuphuma imizuzu engu-3
Leli nani lingaba liphansi kakhulu, kuya ngekhwalithi yokuxhumeka kwe-wan kwiseva yakho kanye nenani lamakhasimende onawo. Le pharamitha ibhekisa esikhathini esiphezulu sokulinda izihloko ze-http zesicelo, ngemuva kokuthola ukuxhumana.
- amaklayenti avaliwe_valiwe
Ivimbela uhhafu wokuxhuma okuvaliwe ngenxa yamaphutha wokuxhumana. Awufuni ukuchitha izinsiza zakho zeseva nganoma yiziphi izimo.
- shutdown_lifetime imizuzwana engu-15
Le thegi ivumela ukunciphisa isikhathi sokulinda ukuvala izinqubo ze-squid lapho kwenziwa i-SIGTERM noma i-SIGHUP
- log_icp_queries ivaliwe
Lokhu ngikushiya ngokubona kwakho, kuvela ngokuzenzakalela, futhi kungena ngemvume ku-log umbuzo ngamunye owenziwe kwisilondolozi se-proxy.
- dns_nameservers 8.8.4.4 8 8.8.8.8
Imibuzo ye-DNS izokwenziwa kulawa ma-ip ahlukaniswe isikhala, uma kungekho okuchaziwe, i-DNS yesistimu yakho isetshenziswa ngokuzenzakalela
- dns_v4_first ku
Kulungile kuncike ezweni noma kumasethingi emvelo yakho, kepha kimi anginayo i-IPv6 DNS, ngakho-ke kusetha ngokwakhona ukuthi konke kuboniswane kuqala ku-ipv4
- ipcache_size 2048
Inombolo enkulu yokufakiwe kusilondolozi se-squid dns
- ipcache_low 90
Usayizi omncane kakhulu wokufakiwe kwe-dns cache.
- fqdncache_size 4096
Inombolo enkulu yokufakiwe kwe-FQDN kunqolobane
- imemori_amachibi avaliwe
Senza ingasebenzi leyomemori ye-RAM igcinelwe izinqubo zeskid squid ezizayo, uma kungumthombo oyindlala kakhulu kuseva yakho
- kudluliselwe_kususiwe
Uma ufuna ukubavimbela ukuthi babone i-ip yakho yangasese kusuka ku-wan, izicelo zizofika nokungaziwa, noma kuleso simo ru ip wan
siqala isilondolozi
ingwane3 -z
Siqala kabusha insiza
ukuqala kabusha kwensiza squid3
Ukuze uqedele kufanele ufake kwisiphequluli sakho, kuzinketho zommeleli i-ip kanye nechweba, okulungele kumele ubhekabheke
Lokhu kwenzelwa lo mcimbi nje, uyazi ukuthi ngalokhu uzoba ne-squid enamandla kakhulu, kokuthunyelwe okuzayo sizokhipha isilondolozi nge-squid
Kuhle kakhulu, isifundo ngesinyathelo ngesinyathelo. engikuthandile kakhulu kwakuyincazelo yokukhethwa kukho kokukhetha kokuhlelwa kokuhlelwa.
Engikuthandile kakhulu inketho yoku:
okusheshayo_abort_min 0KB
okusheshayo_abort_max 0KB
Ngicabanga ukuthi lokhu kubaluleke kakhulu ngoba izikhathi eziningi umsebenzisi angalahlekelwa (ukukhansela) ngenxa yesimo se-X, ukulanda osekuzophela futhi le pharamitha elinganiselwa kahle ngokwezinsizakusebenza zekhompyutha yethu ingasivumela ukuthi siqhubeke nokulanda okushiwo, ngoba kungenzeka kakhulu njengoba umsebenzisi ofanayo noma omunye angazama ngesikhathi esifushane ukuzama kabusha ukulanda kwento efanayo, kulondolozwa ithrafikhi ku-inthanethi.
Ngilungise uma nginephutha, BrodyDalle?
Yebo no cha, ngizochaza.
Ngempela ukulanda kuzophela ngempumelelo noma ngabe umsebenzisi ukukhansele, kulapho kuphela lapho umsebenzisi ofanayo noma omunye ezama ukulanda uhlelo lokusebenza noma ikhasi lewebhu, i-squid izoletha ikhophi esivele inayo kunqolobane futhi ngeke iye kwi-Intanethi landa idatha futhi. Manje qaphela lapha umphumela wokuqalisa kabusha kuphela umphathi wokulanda ogcina idatha kunqolobane yomshini wakho isikhathi esinqunyelwe futhi ikuvumela ukuthi uqalise kabusha ukulanda okukhanseliwe noma okuphazanyisiwe, akuyona i-squid.
Kuma-tutorials esikhathi esizayo ngizonikeza isikwidi njenge-cache ngokuphelele, ukuze ungamoshi imithombo ye-WAN (Internet) yenethiwekhi yakho
i-athikili enhle kakhulu engiyifunda nge-squid nokuqaliswa kwayo ngiyabonga kakhulu ukuthi iyasiza
Ngiyabonga, qaphela ukuthi kuma-tutorials esikhathi esizayo ngizonikeza isikwidi njenge-cache ngokuphelele, ukuze ungamoshi izinsiza ze-WAN (Internet) zenethiwekhi yakho
isifundo esihle ngaso sonke isikhathi kuhle ukukhulisa ulwazi. Jabulela
Sawubona, okokuqala ngiyabonga ngesihloko, izincazelo nolwazi olunikeziwe. Nginokuningi engizokuphawula, umbuzo. Ngiletha etafuleni inkinga engingene ngqo nge-squid3 ku-Debian, kuvela ukuthi usuku olulodwa oluhle, ezinyangeni ezedlule, ngivuselele uhlelo futhi ngalokhu kuthuthukiswa kwafika inguqulo entsha ye-squid, 3.5, ukusuka lapho ummeleli kwesobunxele ukudlulisa konke ukuxhumana kwe-HTTPS, okusho ukuthi, angisavulanga ngaso leso sikhathi https://www.google.com.cu, https://www.facebook.com nanoma yini esebenzisa umthetho olandelwayo ophephile we-HTTPS. Ngiphenya kancane, ngithole ukuthi inkinga yayikukusingathwa kwe-SSL, okuthile uDebian wayeka ukupakisha nge-squid3 ngezizathu zomthetho nezefilosofi. ANGIKHO ukuthi kufanele ngikhulume ngokungakhululeki obekukhona ebhizinisini izinsuku engizame ngazo ukuxazulula le "nkinga" ebengingakwazi ukuyilungisa ekugcineni, kepha ngabuyela kunguqulo yangaphambilini yeSquid3 ngagcina iphakethe ngokufanelekile kuvimbele ukuthi ingabuyekezwa futhi. Esizeni lapho kubikwa khona izimbungulu ze-squid, ukhulume ngesiphazamisi esibizwa nge- "squid-in-the-middle", futhi waxwayisa ngokuthi wonke ama-squid kusuka ku-3.4.8 kuye phambili asengozini, ngakho-ke batusa ukuvuselelwa kunguqulo yakamuva futhi bahlanganise squid ne-SSL + isethwe ukukhiqiza izitifiketi ngesandla… NGIYACELA! Uma othile ehlangabezane nalesi simo wasixazulula, ngithanda ukuba nomusa kakhulu futhi anginike ukukhanya kulolu daba futhi uma kungenjalo, okungenani ngiphawule ukuthi kwenzeke into efanayo ... nokuthi isisombululo besisetshenziswa kanjani. Ngiyabonga.
Njengamanje eDebian uJessie utholakala kuphela kuze kube yinguqulo 3.4.8-6 + deb8u1… Kodwa-ke ngiyakutshela ukuthi ungasebenzisa i-ssl bump uma usebenzisa i-squid kwimodi esobala. http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit…. Angikungabazi ukunikela kwakho, ngakho-ke kungekudala ngizofaka inguqulo entsha kusuka kuwebhusayithi yayo esemthethweni
Kuhle,
Ngokuya ngokusebenza, kungakuhle ukukufaka ku-Raspberry Pi 2?
Ngibonga kusengaphambili, imikhonzo.
Sawubona,
Isifundo esihle, kepha nginombuzo: maqondana nokusebenza, kungakufanelekela yini ukufaka i-Raspberry Pi 2?
Ukubingelela
Impendulo emfushane ithi Cha ... ungakwenza kepha izici ezithile ezinjenge-interface yenethiwekhi, iprosesa, idiski ziningi zezingqinamba zakho. Manje uma usadinga ukwenza njengommeleli, ngicabanga ukuthi i-tinyproxy ingcono
Siyabonga ngokuhlanganyela kwakho
Ingabe unolwazi nge-squid ngaphakathi kwe-pfSense?
yebo, yini okudingeka uyazi? ubone ukuthi ngingakusiza yini.
Isifundo esihle, isikhathi esivele sihle kakhulu. Angazi okuningi ngakho.Ngamanje ngifaka ummeleli enkampanini yami ne squid.conf kusuka enguqulweni edlule futhi kunezinto eziguqule i-syntax. Kungikhonze kakhulu. Ngizoqhubeka ngilinde ingxenye 2.
Ngibona kakhulu
Ngiyabonga ngamazwana akho, kusalindwe ukuthi ingxenye yesibili ye-squid yokuthi ingalondolozwa kanjani izotholakala maduzane.
Kuhle kakhulu, kudala ngasebenzisa i-ubuntu server nge-squid futhi yahamba kahle impela manje nginqanyuliwe ku-linux isikhathi esithile futhi ngithanda ukubuyela enkingeni yamaseva alondoloziwe ukuze inikeze ukusebenza okungcono ezindabeni ze-wisp, ngiyabonga umnikelo wakho Brody!
Sawubona, usizo lwakho luhle kakhulu, ngisanda kufaka udaba lwe-IPV6 nge-DNS futhi nginezinkinga lapho. Uma ingekho iwebhusayithi evela ne-IPV6 izongisebenzela, ngakho-ke ngidinga ukwazi ukuthi ngabe i-dns_v4_first ekucushweni idinga ukwenziwa isebenze ngaphambi kokuthi kuhlanganiswe i-squid, ngoba ngo-3.3.8 ibingazukusebenza.
Kuhle ekuseni
Okokuqala, lokhu kufundisa kube wusizo olukhulu. Manje ngethula udaba lwami, ngoba angazi noma nge-squid ngingaxazulula isidingo sami noma kufanele ngibheke enye indlela.
Nginohlelo lokusebenza olulungiselelwe esimweni se-AWS EC2, okumele senze izicelo kwi-amazon api, inkinga ivela lapho lezi zicelo zinkulu, ngakho-ke i-amazon iyabona i-ip bese iyazenqaba lezi zicelo isikhashana, idala ukuphazamiseka kuhlelo enginalo. Ukuxazulula lokhu, sisebenzisa insiza yeProxymesh, ethatha isicelo bese siyithumela kusuka kolunye lwe-ip's, ngaleyo ndlela sigweme ukuvinjelwa okushiwo, iqiniso ukuthi kulokhu, lapho senza isicelo ku-amazon, sikwenza nge-curl ku-php, inikeza njengenketho yokuxhuma ku-proxymesh. Manje ngifuna ukuthi kungenzeka ukuthi kuvela esimweni esingamiswa ukuthi lapho izicelo zenziwa kwi-amazon api, ziya ngqo kwinsizakalo ye-proxymesh ukuze kube yiyo ephethe ukuthumela isicelo endaweni yokugcina . Kungenzeka ukwenza lokhu kuqondiswa kabusha nge-squid noma ngabe uncoma enye indlela?
Ngibona kakhulu.
Ngabe kukhona umuntu owake wazama izikimu eziningi zokuqinisekisa ku-squid? Ngifake inguqulo engu-3.5.22 ku-debian futhi noma ngike ngazama okwehlukile ayisebenzi, isimo sami ukuthi ngidinga ukuthi bobabili abasebenzisi be-AD yami nabanye abasebenzisi bangaphandle bakwazi ukungena ngemvume, uma basebenzela ngokwehlukana me noma i-ntml yabasebenzisi besizinda abangene ngemvume nabayisisekelo (ncsa) abangaphandle kepha hhayi bobabili ngasikhathi sinye. noma yiluphi usizo luzoba wusizo. Ngiyabonga kusengaphambili
Sawubona, angazi ukuthi kungani, ngangifake i-squid ngaphandle kwezinkinga, kepha lapho ngiyibuyekeza ukuze ibe yinguqulo 3.5 ifayela le-access.log laqala ukuhlala lingenalutho, alisagcini idatha lapho lalihlala khona. Angazi noma kufanele ngibone futhi ngisebenzise i-WPAD ukuze ngingabe ngisasebenzisa ukucushwa okusobala, futhi ngisuse ukuqondiswa kabusha kusuka ethekwini 80 kuye ku-3128 njengoba kuvame ukwenziwa, ngoba nge-wpad lowo mthetho awusadingeki.
yingakho i-access.log manje ingasakwazi ukurekhoda umsebenzi?
Halala !!
Umhlahlandlela omuhle kakhulu!
Kade ngisebenzisa i-squid okwesikhashana njengommeleli wewebhu, kepha muva nje ngiyabona ukuthi kungithatha isikhathi eside ukusesha noma ukuvula amakhasi ... kungenzeka ngidinge ukuhlanza i-cache?
Othile ulungiselele i-squid nge-mkt, isebenza kanjani kubo?
Phendula ngokucaphuna
Ulwazi oluhle kakhulu, ngiyaxolisa ukuthi ngingajoyina kanjani i-squid ngomkhombandlela osebenzayo ukuze kuthi lapho ngifaka ikhasi elivinjiwe lingibuze igama lomsebenzisi nephasiwedi ye-akhawunti yomqondisi osebenzayo futhi uma kuthiwa umsebenzisi unemvume yokungena ekhasini ngizokunikeza ukufinyelela.
Sawubona,
umhlahlandlela omuhle kakhulu, noma kunjalo futhi ungangihola ngoba anginikezi nje, ngine-internet engu-20MB fiber kanye ne-squid 3.1 efakwe kuma-centos 6.9 futhi ngikhonza cishe abasebenzisi abangama-300 ngaphambi kokuba ngibe nesixhumanisi se-4MB kanye ne-squid 3.1 ngokufanayo inani labasebenzisi futhi kusobala ukuthi yonke into ihamba kancane futhi ishiwo kumlawuli (ng) ngisole isixhumanisi, ekugcineni ngithole ukuthi basishintshe futhi i-intanethi ihamba kancane, ngibuyisele i-OS, ngilungiselela i-squid 3.1 futhi akukho okunye okungakusheshisi ngenza ijubane lokulinganisa kusuka kwiklayenti le-squid futhi linginika i-18 kuye ku-20 MB kepha ngilokhu ngikhulunywa ngoba insizakalo ihamba kancane
Uma wena noma umuntu oke waba nenkinga efanayo anganginika ukukhanya, ngizozibonga ngokungapheli.
Kwenzekani ngamakheli, ashintshelwa ekhelini lakho lenethiwekhi noma lawo owasebenzisayo ayasetshenziswa.
Ngifunda nge-squid debian nokuqaliswa kwayo, ngiyabonga kakhulu, kuyasiza. kepha kunginikeza izinkinga ngokuxhuma futhi ngiyabheka ukuthi kunika yini iphutha futhi ngokusobala konke kuhamba kahle.