반응형
우분투에서 Squid 및 Webmin을 설치하는 방법
테스트 환경
$ lsb_release -d
Description: Ubuntu 22.04.2 LTS
Squid 설치
sudo apt-get update
sudo apt-get install -y squid
vim /etc/squid/squid.conf
$ cat /etc/squid/squid.conf | egrep -v '^$|^#'
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*.conf
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern . 0 20% 4320
squid.conf 설정 파일
vim squid.conf
https://raw.githubusercontent.com/anti1346/linux_configure/main/ubuntu/jammy/squid/squid.conf
systemctl squid start
Webmin 설치
Webmin은 Squid를 관리하기 위한 웹 기반 인터페이스입니다. Webmin을 설치하기 위해 아래 명령을 실행합니다.
sudo vim /etc/apt/sources.list
편집기에서 sources.list 파일을 열고 다음 줄을 파일의 맨 아래에 추가합니다
deb http://download.webmin.com/download/repository sarge contrib
저장하고 에디터를 닫은 후 아래 명령을 실행하여 Webmin의 GPG 키를 추가합니다
wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
패키지 목록을 업데이트하고 Webmin을 설치합니다
sudo apt-get update
sudo apt-get install -y webmin
Webmin 액세스
- 계정 패스워드 정보
- 계정 : root
- 패스워드 : root 패스워드
https://your_server_ip:10000
728x90
Dashboard
Squid Proxy Server
squid 구성 파일 설정
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl allowed_clients src 192.168.0.14
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl allowed_sites dstdomain .naver.com
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
#http_access allow allowed_clients
#http_access allow allowed_sites
http_access allow allowed_clients allowed_sites
http_access deny all
include /etc/squid/conf.d/*.conf
http_port 3128
cache_dir ufs /var/spool/squid 100 16 256
access_log daemon:/var/log/squid/access.log squid
logfile_rotate 7
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern . 0 20% 4320
cache_effective_user proxy
cache_effective_group proxy
squid 구성 파일 검사
- /etc/squid/squid.conf
sudo squid -k parse
참고URL
- 리눅스에 프록시를 지정하는 방법 : https://scbyun.com/1648
acl localnet src 100.64.0.0/10 # RFC 6598 공유 주소 공간(CGN)
728x90
반응형
'리눅스' 카테고리의 다른 글
우분투에 MySQL 5.7을 바이너리 파일로 설치하는 방법 (0) | 2023.05.20 |
---|---|
우분투에서 Chrony를 설치하고 설정하는 방법 (0) | 2023.05.15 |
Squid를 Docker 컨테이너로 실행하는 방법 (0) | 2023.05.12 |
리눅스에서 프록시를 지정하는 방법 (0) | 2023.05.12 |
docker proxy 설정하는 방법(환경 변수 구성) (0) | 2023.05.11 |