Kann mir bitte jemand helfen? Ich habe 2 Wochen damit verbracht, das Proxy-Skript, das immer auf einem anderen Server mit 128 IPs verwendet wurde, auf dem neuen Server mit 253 IPs zum Laufen zu bringen.
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
# http_access deny !Safe_ports
# http_access deny CONNECT !SSL_ports
# http_access deny all
http_access allow localnet
http_access allow localhost
# hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 300 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
auth_param basic program /usr/lib/squid3/basic_ncsa_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ncsa_auth proxy_auth REQUIRED
http_access allow ncsa_auth
# http_port 3000
http_port 164.163.XXX.2:3000 intercept name=3000
http_port 164.163.XXX.3:3000 intercept name=3001
acl ip1 myportname 3000
acl ip2 myportname 3001
tcp_outgoing_address 164.163.XXX.2 ip1
tcp_outgoing_address 164.163.XXX.3 ip2
forwarded_for off
#request_header_access Allow allow all
#request_header_access Authorization allow all
#request_header_access WWW-Authenticate allow all
#request_header_access Proxy-Authorization allow all
#request_header_access Proxy-Authenticate allow all
#request_header_access Cache-Control allow all
#request_header_access Content-Encoding allow all
#request_header_access Content-Length allow all
#request_header_access Content-Type allow all
#request_header_access Date allow all
#request_header_access Expires allow all
#request_header_access Host allow all
#request_header_access If-Modified-Since allow all
#request_header_access Last-Modified allow all
#request_header_access Location allow all
#request_header_access Pragma allow all
#request_header_access Accept allow all
#request_header_access Accept-Charset allow all
#request_header_access Accept-Encoding allow all
#request_header_access Accept-Language allow all
#request_header_access Content-Language allow all
#request_header_access Mime-Version allow all
#request_header_access Retry-After allow all
#request_header_access Title allow all
#request_header_access Connection allow all
#request_header_access Proxy-Connection allow all
#request_header_access User-Agent allow all
#request_header_access Cookie allow all
#request_header_access All deny all
Nach einer Woche funktionierten bei mir 128 Proxys unter Squid 3.1, aber mir wurde gesagt, ich solle eine Kompilierung von Squid 3.5 mit den folgenden Konfigurationsoptionen durchführen, damit 253 Proxys auf demselben Server funktionieren:
Konfigurationsoptionen: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--verbose' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=Datei,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl-crtd' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' '--without-nettle' 'Build_Alias=x86_64-redhat-linux-gnu' 'Host_Alias=x86_64-redhat-linux-gnu' 'Ziel_Alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' --enable-ltdl-convenience' CXXFLAGS=-DMAXTCPLISTENPORTS=256'
Kann mir bitte jemand helfen, denn ich weiß nicht, was das Proxy-Skript eigentlich macht mit:
http_port 164.163.XXX.2:3000 Abfangname=3000 http_port 164.163.XXX.3:3000 Abfangname=3001
acl ip1 meinPortname 3000 acl ip2 meinPortname 3001
TCP-Ausgangsadresse 164.163.XXX.2 ip1 TCP-Ausgangsadresse 164.163.XXX.3 ip2
Momentan gelingt es mir unter Squid 3.5 nicht, eines davon zum Laufen zu bringen.
Antwort1
Hinzufügen
acl localnet src 164.163.0.0/16
Mit den anderen ACL-Localnet-Zeilen. Sie haben diesen IPs nicht erlaubt, Squid zu verwenden.
Wenn ich die folgende Anleitung lese:https://askubuntu.com/questions/680246/proxy-server-multiple-ips
Ich verstehe:
http_port xx.xxx.xxx.111:3128 name=3128
http_port xx.xxx.xxx.112:3129 name=3129
...
und dann für jeden Port:
acl tasty3128 myportname 3128 src yy.yyy.yyy.0/24
http_access allow tasty3128
tcp_outgoing_address xx.xxx.xxx.111 tasty3128
acl tasty3129 myportname 3129 src yy.yyy.yyy.0/24
http_access allow tasty3129
tcp_outgoing_address xx.xxx.xxx.112 tasty3129
In Ihrer Konfiguration sehe ich „http_access allow …“ nicht.