Установка Squid 5.5 с поддержкой HTTPS (ssl bump) на Debian 10 Buster: различия между версиями
Материал из support.qbpro.ru
Vix (обсуждение | вклад) (Новая страница: «==Установка прокси-сервера Squid== * Разберем как установить из исходников актуальную (на момент написания статьи) версию кеширующего прокси-сервера Squid 5.5 на Debian 10 Buster. * ИНФОРМАЦИЯ. Хочу сообщить что ниже описанное руководство, так же применимо к установке...») |
Vix (обсуждение | вклад) Нет описания правки |
||
Строка 19: | Строка 19: | ||
make | make | ||
make install | make install | ||
* Создаем необходимые каталоги, для работы Squid и назначаем для них права доступа: | |||
mkdir -p /var/log/squid | |||
mkdir -p /etc/squid/ssl | |||
chown proxy:proxy /var/log/squid | |||
chown proxy:proxy /etc/squid/ssl | |||
chmod 700 /var/log/squid | |||
chmod 700 /etc/squid/ssl | |||
* Создаем стартовый скрипт Squid — /etc/init.d/squid: | |||
#! /bin/sh | |||
# | |||
# squid Startup script for the SQUID HTTP proxy-cache. | |||
# | |||
# Version: @(#)squid.rc 1.0 07-Jul-2006 luigi@debian.org | |||
# | |||
# pidfile: /var/run/squid.pid | |||
# | |||
### BEGIN INIT INFO | |||
# Provides: squid | |||
# Required-Start: $network $remote_fs $syslog | |||
# Required-Stop: $network $remote_fs $syslog | |||
# Should-Start: $named | |||
# Should-Stop: $named | |||
# Default-Start: 2 3 4 5 | |||
# Default-Stop: 0 1 6 | |||
# Short-Description: Squid HTTP Proxy version 4.x | |||
### END INIT INFO | |||
NAME=squid | |||
DESC="Squid HTTP Proxy" | |||
DAEMON=/usr/sbin/squid | |||
PIDFILE=/var/run/$NAME.pid | |||
CONFIG=/etc/squid/squid.conf | |||
SQUID_ARGS="-YC -f $CONFIG" | |||
[ ! -f /etc/default/squid ] || . /etc/default/squid | |||
. /lib/lsb/init-functions | |||
PATH=/bin:/usr/bin:/sbin:/usr/sbin | |||
[ -x $DAEMON ] || exit 0 | |||
ulimit -n 65535 | |||
find_cache_dir () { | |||
w=" " # space tab | |||
res=`$DAEMON -k parse -f $CONFIG 2>&1 | | |||
grep "Processing:" | | |||
sed s/.*Processing:\ // | | |||
sed -ne ' | |||
s/^['"$w"']*'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p; | |||
t end; | |||
d; | |||
:end q'` | |||
[ -n "$res" ] || res=$2 | |||
echo "$res" | |||
} | |||
grepconf () { | |||
w=" " # space tab | |||
res=`$DAEMON -k parse -f $CONFIG 2>&1 | | |||
grep "Processing:" | | |||
sed s/.*Processing:\ // | | |||
sed -ne ' | |||
s/^['"$w"']*'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p; | |||
t end; | |||
d; | |||
:end q'` | |||
[ -n "$res" ] || res=$2 | |||
echo "$res" | |||
} | |||
create_run_dir () { | |||
run_dir=/var/run/squid | |||
usr=`grepconf cache_effective_user proxy` | |||
grp=`grepconf cache_effective_group proxy` | |||
if [ "$(dpkg-statoverride --list $run_dir)" = "" ] && | |||
[ ! -e $run_dir ] ; then | |||
mkdir -p $run_dir | |||
chown $usr:$grp $run_dir | |||
[ -x /sbin/restorecon ] && restorecon $run_dir | |||
fi | |||
} | |||
start () { | |||
cache_dir=`find_cache_dir cache_dir` | |||
cache_type=`grepconf cache_dir` | |||
run_dir=/var/run/squid | |||
# | |||
# Create run dir (needed for several workers on SMP) | |||
# | |||
create_run_dir | |||
# | |||
# Create spool dirs if they don't exist. | |||
# | |||
if test -d "$cache_dir" -a ! -d "$cache_dir/00" | |||
then | |||
log_warning_msg "Creating $DESC cache structure" | |||
$DAEMON -z -f $CONFIG | |||
[ -x /sbin/restorecon ] && restorecon -R $cache_dir | |||
fi | |||
umask 027 | |||
ulimit -n 65535 | |||
cd $run_dir | |||
start-stop-daemon --quiet --start \ | |||
--pidfile $PIDFILE \ | |||
--exec $DAEMON -- $SQUID_ARGS < /dev/null | |||
return $? | |||
} | |||
stop () { | |||
PID=`cat $PIDFILE 2>/dev/null` | |||
start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON | |||
# | |||
# Now we have to wait until squid has _really_ stopped. | |||
# | |||
sleep 2 | |||
if test -n "$PID" && kill -0 $PID 2>/dev/null | |||
then | |||
log_action_begin_msg " Waiting" | |||
cnt=0 | |||
while kill -0 $PID 2>/dev/null | |||
do | |||
cnt=`expr $cnt + 1` | |||
if [ $cnt -gt 24 ] | |||
then | |||
log_action_end_msg 1 | |||
return 1 | |||
fi | |||
sleep 5 | |||
log_action_cont_msg "" | |||
done | |||
log_action_end_msg 0 | |||
return 0 | |||
else | |||
return 0 | |||
fi | |||
} | |||
cfg_pidfile=`grepconf pid_filename` | |||
if test "${cfg_pidfile:-none}" != "none" -a "$cfg_pidfile" != "$PIDFILE" | |||
then | |||
log_warning_msg "squid.conf pid_filename overrides init script" | |||
PIDFILE="$cfg_pidfile" | |||
fi | |||
case "$1" in | |||
start) | |||
res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"` | |||
if test -n "$res"; | |||
then | |||
log_failure_msg "$res" | |||
exit 3 | |||
else | |||
log_daemon_msg "Starting $DESC" "$NAME" | |||
if start ; then | |||
log_end_msg $? | |||
else | |||
log_end_msg $? | |||
fi | |||
fi | |||
;; | |||
stop) | |||
log_daemon_msg "Stopping $DESC" "$NAME" | |||
if stop ; then | |||
log_end_msg $? | |||
else | |||
log_end_msg $? | |||
fi | |||
;; | |||
reload|force-reload) | |||
res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"` | |||
if test -n "$res"; | |||
then | |||
log_failure_msg "$res" | |||
exit 3 | |||
else | |||
log_action_msg "Reloading $DESC configuration files" | |||
start-stop-daemon --stop --signal 1 \ | |||
--pidfile $PIDFILE --quiet --exec $DAEMON | |||
log_action_end_msg 0 | |||
fi | |||
;; | |||
restart) | |||
res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"` | |||
if test -n "$res"; | |||
then | |||
log_failure_msg "$res" | |||
exit 3 | |||
else | |||
log_daemon_msg "Restarting $DESC" "$NAME" | |||
stop | |||
if start ; then | |||
log_end_msg $? | |||
else | |||
log_end_msg $? | |||
fi | |||
fi | |||
;; | |||
status) | |||
status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit 3 | |||
;; | |||
*) | |||
echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart|status}" | |||
exit 3 | |||
;; | |||
esac | |||
exit 0 |
Версия от 17:40, 31 октября 2023
Установка прокси-сервера Squid
- Разберем как установить из исходников актуальную (на момент написания статьи) версию кеширующего прокси-сервера Squid 5.5 на Debian 10 Buster.
- ИНФОРМАЦИЯ. Хочу сообщить что ниже описанное руководство, так же применимо к установке младших версии Squid 4, 5.x
- Устанавливаем необходимые зависимости для сборки и работы Squid:
apt-get update apt-get install build-essential make libssl-dev libkrb5-dev libldap2-dev libk5crypto3 libsasl2-dev libpam0g libcap2-dev
- Скачиваем и распаковываем исходники Squid:
cd /usr/local/src wget http://www.squid-cache.org/Versions/v5/squid-5.9.tar.gz tar -zxvf squid-5.9.tar.gz cd squid-5.9
- Выполняем конфигурирование с поддержкой HTTPS:
./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib/squid --datadir=/usr/share/squid --sysconfdir=/etc/squid --enable-ssl-crtd --with-openssl --enable-translation --enable-cpu-profiling --disable-dependency-tracking -enable-delay-pools --enable-icmp --enable-linux-netfilter --enable-external-acl-helpers --with-large-files --with-default-user=proxy --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid
- Собираем и устанавливаем пакет Squid:
make make install
- Создаем необходимые каталоги, для работы Squid и назначаем для них права доступа:
mkdir -p /var/log/squid mkdir -p /etc/squid/ssl chown proxy:proxy /var/log/squid chown proxy:proxy /etc/squid/ssl chmod 700 /var/log/squid chmod 700 /etc/squid/ssl
- Создаем стартовый скрипт Squid — /etc/init.d/squid:
#! /bin/sh # # squid Startup script for the SQUID HTTP proxy-cache. # # Version: @(#)squid.rc 1.0 07-Jul-2006 luigi@debian.org # # pidfile: /var/run/squid.pid # ### BEGIN INIT INFO # Provides: squid # Required-Start: $network $remote_fs $syslog # Required-Stop: $network $remote_fs $syslog # Should-Start: $named # Should-Stop: $named # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Squid HTTP Proxy version 4.x ### END INIT INFO NAME=squid DESC="Squid HTTP Proxy" DAEMON=/usr/sbin/squid PIDFILE=/var/run/$NAME.pid CONFIG=/etc/squid/squid.conf SQUID_ARGS="-YC -f $CONFIG" [ ! -f /etc/default/squid ] || . /etc/default/squid . /lib/lsb/init-functions PATH=/bin:/usr/bin:/sbin:/usr/sbin [ -x $DAEMON ] || exit 0 ulimit -n 65535 find_cache_dir () { w=" " # space tab res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep "Processing:" | sed s/.*Processing:\ // | sed -ne ' s/^['"$w"']*'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p; t end; d; :end q'` [ -n "$res" ] || res=$2 echo "$res" } grepconf () { w=" " # space tab res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep "Processing:" | sed s/.*Processing:\ // | sed -ne ' s/^['"$w"']*'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p; t end; d; :end q'` [ -n "$res" ] || res=$2 echo "$res" } create_run_dir () { run_dir=/var/run/squid usr=`grepconf cache_effective_user proxy` grp=`grepconf cache_effective_group proxy` if [ "$(dpkg-statoverride --list $run_dir)" = "" ] && [ ! -e $run_dir ] ; then mkdir -p $run_dir chown $usr:$grp $run_dir [ -x /sbin/restorecon ] && restorecon $run_dir fi } start () { cache_dir=`find_cache_dir cache_dir` cache_type=`grepconf cache_dir` run_dir=/var/run/squid # # Create run dir (needed for several workers on SMP) # create_run_dir # # Create spool dirs if they don't exist. # if test -d "$cache_dir" -a ! -d "$cache_dir/00" then log_warning_msg "Creating $DESC cache structure" $DAEMON -z -f $CONFIG [ -x /sbin/restorecon ] && restorecon -R $cache_dir fi umask 027 ulimit -n 65535 cd $run_dir start-stop-daemon --quiet --start \ --pidfile $PIDFILE \ --exec $DAEMON -- $SQUID_ARGS < /dev/null return $? } stop () { PID=`cat $PIDFILE 2>/dev/null` start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON # # Now we have to wait until squid has _really_ stopped. # sleep 2 if test -n "$PID" && kill -0 $PID 2>/dev/null then log_action_begin_msg " Waiting" cnt=0 while kill -0 $PID 2>/dev/null do cnt=`expr $cnt + 1` if [ $cnt -gt 24 ] then log_action_end_msg 1 return 1 fi sleep 5 log_action_cont_msg "" done log_action_end_msg 0 return 0 else return 0 fi } cfg_pidfile=`grepconf pid_filename` if test "${cfg_pidfile:-none}" != "none" -a "$cfg_pidfile" != "$PIDFILE" then log_warning_msg "squid.conf pid_filename overrides init script" PIDFILE="$cfg_pidfile" fi case "$1" in start) res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"` if test -n "$res"; then log_failure_msg "$res" exit 3 else log_daemon_msg "Starting $DESC" "$NAME" if start ; then log_end_msg $? else log_end_msg $? fi fi ;; stop) log_daemon_msg "Stopping $DESC" "$NAME" if stop ; then log_end_msg $? else log_end_msg $? fi ;; reload|force-reload) res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"` if test -n "$res"; then log_failure_msg "$res" exit 3 else log_action_msg "Reloading $DESC configuration files" start-stop-daemon --stop --signal 1 \ --pidfile $PIDFILE --quiet --exec $DAEMON log_action_end_msg 0 fi ;; restart) res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"` if test -n "$res"; then log_failure_msg "$res" exit 3 else log_daemon_msg "Restarting $DESC" "$NAME" stop if start ; then log_end_msg $? else log_end_msg $? fi fi ;; status) status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit 3 ;; *) echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart|status}" exit 3 ;; esac exit 0