【原创】 shell一键配置squid高匿…

部署了大量机器，需要做squid代理用

直接上码

# 一、######### Local shell#########

# sshpass 免于ssh首次登录远程机器需要交互输入密码的繁琐。 

# sshpass -p SERVER_PASSWD ssh/scpparams command

# sshpass ：-p 远程服务器密码

# ssh： -o "StrictHostKeyChecking no"  默认准许登录密钥认证

sshpass -p "SERVER_PASSWD" ssh-o "StrictHostKeyChecking no" -p SERVER_SSH_PORT SERVER_USER@SERVER_IP 'curl "http://zhangzhipeng2023.cn/squid/install-squid.sh"| bash'

# 二、####### install-squid.sh (remote)##########

# 存放于：http://zhangzhipeng2023.cn/squid/install-squid.sh

# 1. 静默安装squid， -y：默认yes

yum install -y squid

# 2.  下载并替换本地squid配置文件， -O：文件保存路径

wget -O "/etc/squid/squid.conf" "http://zhangzhipeng2023.cn/squid/squid.conf"

# 3.  检查参数

squid -k parse

# 4.  初始化缓存

squid -z

# 5.  htpasswd 生成squid 代理 用户名、密码， -c：创建密码文件，-b使用参数传递设置密码

htpasswd -c -b /usr/lib/squid/passwd PROXY_USER PROXY_PASSWD

# 6.  启动squid服务

service squid restart

# 7.  开机启动

####---

# 三、#######squid.conf(remote) ##########

#### 存放于：http://zhangzhipeng2023.cn/squid/squid.conf

# 

# Recommended minimum configuration:

#

acl manager proto cache_object

acl localhost src 127.0.0.1/32 ::1

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from wherebrowsing

# should be allowed

acl localnet src 10.0.0.0/8    # RFC1918 possible internal network

acl localnet src 172.16.0.0/12  # RFC1918possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internalnetwork

acl localnet src fc00::/7      # RFC 4193 local privatenetwork range

acl localnet src fe80::/10     # RFC 4291 link-local(directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80         #http

acl Safe_ports port 21         # ftp

acl Safe_ports port 443        # https

acl Safe_ports port 70         #gopher

acl Safe_ports port 210        # wais

acl Safe_ports port 1025-65535  #unregistered ports

acl Safe_ports port 280        # http-mgmt

acl Safe_ports port 488        # gss-http

acl Safe_ports port 591        # filemaker

acl Safe_ports port 777        # multiling http

acl CONNECT method CONNECT

#

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented toprotect innocent

# web applications running on the proxy server who think theonly

# one who can access services on "localhost" is a localuser

#http_access deny to_localhost

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOURCLIENTS

#

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IPnetworks

# from where browsing should be allowed

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

# http_access allow all

# 配置：代理账号 密码，授权用户

auth_param basic program/usr/lib/squid/ncsa_auth /usr/lib/squid/passwd

acl auth_user proxy_authREQUIRED

http_access allowauth_user

# Squid normally listens to port 3128

http_port 3128

# Uncomment and adjust the following to add a disk cachedirectory.

cache_mem 96 MB

cache_swap_low 90

cache_swap_high 95

cache_dir ufs /tmp/squid100 16 256

# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries abovethese.

refresh_pattern ^ftp:          1440   20%    10080

refresh_pattern ^gopher:       1440   0%     1440

refresh_pattern -i (/cgi-bin/|\?) 0    0%     0

refresh_pattern .             0      20%    4320

#配置高匿，不允许设置任何多余头信息，保持原请求header。

request_header_access Via deny all

request_header_access X-Forwarded-For deny all

关键词：ssh shell无密码登录 忽略登录提示 yum静默安装 yum默认允许 yum默认yes