加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
克隆/下载
squid.sh 5.31 KB
一键复制 编辑 原始数据 按行查看 历史
Ting 提交于 2019-07-17 17:02 . update squid 4.8
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
echo "
#============================================
# SYSTEM REQUIRED: Ubuntu / Centos
# DESCRIPTION: Install Squid(with TLS)
# VERSION: 1.2
# AUTHOR: reruin <reruin@gmail.com>
#============================================
"
#init
read -p "Please input Squid visible_hostname(squid):" hostname
if [ "$hostname" = "" ]; then
hostname="squid"
fi
read -p "Please input Squid https port(4433):" port
if [ "$port" = "" ]; then
port="4433"
fi
read -p "Please input Mysql Host(localhost):" mysqlhost
if [ "$mysqlhost" = "" ]; then
mysqlhost="localhost"
fi
read -p "Please input Mysql Port(3306):" mysqlport
if [ "$mysqlport" = "" ]; then
mysqlport="3306"
fi
read -p "Please input Mysql Database(squid):" mysqldb
if [ "$mysqldb" = "" ]; then
mysqldb="squid"
fi
read -p "Please input Mysql User(root):" mysqluser
if [ "$mysqluser" = "" ]; then
mysqluser="root"
fi
read -p "Please input Mysql Password(12345678):" mysqlpwd
if [ "$mysqlpwd" = "" ]; then
mysqlpwd="12345678"
fi
clear
get_char()
{
SAVEDSTTY=`stty -g`
stty -echo
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -raw
stty echo
stty $SAVEDSTTY
}
echo ""
echo "Visible_hostname : $hostname"
echo "Https Port : $port"
echo "Mysql Host : $mysqlhost"
echo "Mysql Port : $mysqlport"
echo "Mysql Database : $mysqldb"
echo "Mysql User : $mysqluser"
echo "Mysql Password : $mysqlpwd"
echo ""
echo "Press any key to start...or Press Ctrl+c to cancel"
char=`get_char`
clear
echo -e "\n| Squid is installing ... "
#install some necessary tools
#Squid-3.5 is not compatible with OpenSSL v1.1+. As of Debian Squeeze, or Ubuntu Zesty the libssl1.0-dev package must be used instead. This is resolved in the Squid-4 packages when they become available.
if [ -n "$(command -v apt-get)" ]
then
apt-get -y update >/dev/null 2>&1
apt-get -y install wget gcc g++ make libgnutls28-dev libdbd-mysql-perl >/dev/null 2>/root/squid_install_error.log
elif [ -n "$(command -v yum)" ]
then
yum -y install gcc gcc-c++ make openssl-devel perl-DBD-MySQL >/dev/null 2>/root/squid_install_error.log
fi
#download squid
cd ~
echo -e "\n| Download Squid Package ... "
wget -O squid_latest.tar.gz http://www.squid-cache.org/Versions/v4/squid-4.8.tar.gz >/dev/null 2>&1
tar -xzf squid_latest.tar.gz
cd squid-4.8
#install
echo -e "\n| Configure ... "
./configure --with-gnutls --enable-auth --enable-basic-auth-helpers=DB --with-default-user=squid >/dev/null 2>/root/squid_install_error.log
if [ $? -ne 0 ]; then
echo -e "[Error] configure failed."
exit 1
fi
echo -e "\n| Compile ... "
make >/dev/null 2>/root/squid_install_error.log
make install >/dev/null 2>/root/squid_install_error.log
squiduser=`awk -F':' '{ print $1}' /etc/passwd | grep squid`
if [ "$squiduser" = "" ]; then
useradd squid
fi
chmod 777 /usr/local/squid/var/logs
mv /usr/local/squid/etc/squid.conf /usr/local/squid/etc/squid.conf.bak
mkdir -p /usr/local/squid/cert
#save conf
cat >>/usr/local/squid/etc/squid.conf<<EOF
visible_hostname $hostname
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-49999 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
dns_v4_first on
auth_param basic program /usr/local/squid/libexec/basic_db_auth --dsn "dbi:mysql:host=$mysqlhost;port=$mysqlport;database=$mysqldb" --user $mysqluser --password $mysqlpwd --plaintext --persist
auth_param basic children 5
auth_param basic credentialsttl 2 hours
auth_param basic realm require auth
acl auth_user proxy_auth REQUIRED
http_access allow auth_user
http_access deny all
https_port $port tls-cert=/usr/local/squid/cert/ssl.crt tls-key=/usr/local/squid/cert/ssl.key
coredump_dir /usr/local/squid/var/cache/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
EOF
#save system service
cat >>/lib/systemd/system/squid.service<<EOF
[Unit]
Description=Squid daemon
After=network.target network-online.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/squid/var/run/squid.pid
ExecStart=/usr/local/squid/sbin/squid -sYC
ExecStop=/bin/kill -HUP $MAINPID
ExecReload=/bin/kill -HUP $MAINPID
KillMode=mixed
Restart=on-failure
RestartSec=30s
[Install]
WantedBy=multi-user.target
EOF
ln -s /lib/systemd/system/squid.service /etc/systemd/system/squid.service
#auto startup
cat >>/etc/rc.local<<EOF
/usr/local/squid/sbin/squid -s
EOF
clear
#end
echo "
Success !
"
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化