Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
Community
OrganizationEventAdvent CalendarQiitadon (β)
Service
Qiita JobsQiita ZineQiita Blog
16
Help us understand the problem. What are the problem?
@b4tchkn

Ubuntu18.04でSquidを動かすぜ

はじめに

環境

OS: Ubuntu18.04
Squid Version 3.5.27

やり方

導入

まずはSquidのインストール

$ sudo apt install squid

/etc/squid/squid.confにSquidの設定ファイルがありますが念のためバックアップ取っておいて書き込めないようにしときます

$ sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original
$ sudo chmod a-w /etc/squid/squid.conf.original

設定

ここから先ほどの設定ファイルをいじっていきます

$ sudo vi /etc/squid/squid.conf

ここにはデフォルトで色々書かれていますが,私が設定したのは結果的に以下の通り

squid.conf
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all


# Squid normally listens to port 3128
http_port 58888

cache_mem 256 MB

cache_dir ufs /var/spool/squid 100 16 256

logformat squid [%{%Y/%m/%d|%H:%M:%S}tl] %>a %Ss/%03>Hs %<st [%rm] => %ru %un %Sh/%<a %mt

coredump_dir /var/spool/squid

refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
# example lin deb packages
#refresh_pattern (\.deb|\.udeb)$   129600 100% 129600
refresh_pattern .       0   20% 4320

# クライアント及びプロキシ情報を隠蔽する
forwarded_for off
header_access Referer deny all
header_access X-Forwarded-For deny all
header_access Via deny all

# ホスト名を匿名にする
visible_hostname unknown

最低限,以下があればとりあえずは動くらしい

squid.conf
acl localnet src 192.168.0.0/16
http_access allow localnet
http_port 58888

なお,http_portはデフォルトで3128になっていますがセキュリティの都合上私は好みで58888に設定しています

また,ログの出力フォーマットの部分も自分の見やすいように少しデフォルトと変えています.

設定反映

$ systemctl reload squid

起動

Squidデーモン起動

$ /etc/init.d/squid start

ステータス確認

$ /etc/init.d/squid status

Screenshot from 2018-07-06 10-17-44.png

なにかあった際は以下のコマンドで再起動できます

$ /etc/init.d/squid restart

ログ確認

私の場合、アクセスログの取得のためにSquidを導入したという経緯もあるのでログの出力についても書いておきます

以下のコマンドで出力できます

$ sudo cat /var/log/squid/access.log

Screenshot from 2018-07-06 10-18-07.png

参考サイト

https://tech-mmmm.blogspot.com/2018/01/squid.html
https://help.ubuntu.com/lts/serverguide/squid.html.en
http://blog.cybozu.io/entry/2017/02/03/080000
http://cafedrip.hatenablog.com/entry/2017/08/19/204631
http://blog.michinari-nukazawa.com/2013/11/squid-3-proxy-server-install-and-setup.html
https://qiita.com/Anna/items/12b6948354dcaa223571
http://www.squid-cache.org/Versions/v3/3.5/cfgman/logformat.html

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
16
Help us understand the problem. What are the problem?