1.下載下傳windows下squid安裝包位址:
http://squid.acmeconsulting.it/download/squid-2.7.STABLE8-bin.zip
2.将下載下傳的squid安裝包解壓并放到被安裝的windows 2003 R2上c盤,c:\squid
3.運作cmd,進入目錄c:\squid\etc
a) copy squid.conf.default squid.conf
b) copy mime.conf.default mime.conf
c) copy cachemgr.conf.default cachemgr.conf
d) copy squid_radius_auth.conf.default squid_radius_auth.conf
4.修改配置檔案squid.conf
# Recommended minimum configuration:
acl all src 0.0.0.0/0 #定義所有源網段,預設為所有位址
acl manager proto cache_object
acl localhost src 127.0.0.1/32 #定義環回主機源位址
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 #定義允許通路的目的網段
#acl localhost src 0/0 #針對本機沒有必要設定全部網段
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#定義内部主機源網段分别為10.0.0.0/8、172.16.0.0/12、192.168.0.0/16, localnet為自定義名稱,用于注冊那些網段可以上網
acl localnet src 10.0.0.0/8 #RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#此行數用于定義内網ipv6位址段,暫時不用注釋即可
#acl localnet src fc00::/7 # RFC 4193 local private network range
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines(本機ipv6位址類似環回)
#将端口進行定義,友善以後配置(端口名稱可以自定義)
acl SSL_ports port 443 #https
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
forwarded_for transparent
# Recommended minimum Access Permission configuration:
# Only allow cachemgr access from localhost
#配置允許或禁止那些源ip或端口通路
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
#禁止未定義的端口通信,此處使用的正規表達式,“!”表示取反
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
# 自定義的源ip網段
http_access allow localnet
http_access allow localhost
http_access allow all
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
# squid 預設啟用3128,此處更改為31288
http_port 31288
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
# Leave coredumps in the first cache dir
#主要用于備份成的core檔案
#注意,在window 2003 R2要建立對應目錄,否則會報錯
coredump_dir c:/squid/var/squid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#access cache.log 緩存日志的存放位置
#注意,在window2003 R2要建立對應目錄,否則會報錯
cache_dir ufs c:/squid/var/cache 20480 16 256
cache_log c:/squid/var/cache/cache.log
#stroage the path of the pid
#主要用于記錄程序的pid,定義的目錄一定要正确
pid_filename c:/squid/var/logs/squid.pid
#set visible_hostname,注冊開啟代理的主機名稱,注釋此選項會warning
visible_hostname iZ25khcmcysZ
5.squid指令選項解釋
簡單介紹一下squid常用選項
C:\squid\sbin>squid.exe -h
Usage: squid [-hirvzCDFIRYX] [-d level] [-s | -l facility] [-f config-file] [-u port] [-k signal] [-n name] [-O command-line]
-f file Use given config-file instead of
c:/squid/etc/squid.conf #可以自定義配置檔案路徑
-i Installs as a Windows Service.
-k reconfigure|rotate|shutdown|interrupt|kill|debug|check|parse
Parse configuration file, then send signal to
running copy (except -k parse) and exit.
-n name Specify Windows Service name to use for service operations default is: Squid.
-r Removes a Windows Service (see -n option).
-z Create swap directories
-X Force full debugging. #此選項主要用于開啟squid服務,并且列印服務啟動的過程問題,便于排除錯誤問題
6.常見錯誤問題追蹤
使用squid -X 顯示debug資訊啟動資訊
a) 開啟主機代理的主機名注冊,配置選項visible_hostname iZ25khcmcysZ
b) WARNING提示資訊,配置選項備援,如
acl localhost src 0/0 定義本機所有位址,沒有必要的
c) ERROR 提示資訊,配置選項錯誤等
pid_filename 定義的路徑提示 not found
Cache_log 定義的路徑提示 not found
7.在IE浏覽器中,修改對應ip和代理端口(此處不做詳細介紹)
ok!!!
注意:使用squid -X 強制顯示debug資訊以及程序啟動過程中出現哪些失敗程序;當啟動成功後,會顯示程序pid檔案。