Yadda ake ƙirƙirar wakili na HTTP Ta amfani da Squid akan CentOS 7/8
Wakilan gidan yanar gizo sun daɗe da yawa yanzu kuma miliyoyin masu amfani a duk faɗin duniya sun yi amfani da su. Suna da fa'ida iri-iri, mafi shaharar kasancewa rashin sanin suna akan layi, amma akwai wasu hanyoyin da zaku iya amfani da masu amfani da yanar gizo. Ga wasu ra'ayoyi:
- Bayanai na kan layi
- Inganta tsaron kan layi
- Inganta lokacin lodawa
- Toshe mugun nufi
- Shiga ayyukanku na kan layi
- Don kaucewa ƙuntatawa yanki
- A wasu lokuta na iya rage yawan amfani da bandwidth
Uwar garken wakili ita ce kwamfuta da ake amfani da ita azaman tsaka-tsaki tsakanin abokin ciniki da sauran sabar wanda abokin ciniki zai iya neman albarkatu daga gare su. Misali mai sauƙi na wannan shine lokacin da abokin ciniki ke yin buƙatun kan layi (misali yana son buɗe shafin yanar gizon), ya fara haɗawa zuwa uwar garken wakili.
Bayan haka, uwar garken wakili ta bincika cache ɗin diski na gida kuma idan ana iya samun bayanan a wurin, za ta mayar da bayanan ga abokin ciniki, idan ba a cache ba, za ta yi buƙatar a madadin abokin ciniki ta amfani da adireshin IP na wakili (na daban da abokan ciniki) sannan kuma mayar da bayanan ga abokin ciniki. Sabar wakili za ta yi ƙoƙarin ɓoye sabbin bayanan kuma za ta yi amfani da su don buƙatun da aka yi zuwa uwar garken nan gaba.
Squid wakili ne na gidan yanar gizo wanda yayi amfani da nau'ikan ƙungiyoyi na. Yawancin lokaci ana amfani da shi azaman wakili na caching da inganta lokutan amsawa da rage yawan amfani da bandwidth.
Don manufar wannan labarin, zan shigar da Squid akan Linode CentOS 7 VPS kuma in yi amfani da shi azaman uwar garken wakili na HTTP.
Yadda ake Sanya Squid akan CentOS 7/8
Kafin mu fara, ya kamata ku sani cewa Squid, ba shi da wasu ƙayyadaddun buƙatu, amma adadin RAM na iya bambanta dangane da abokan cinikin da ke bincika intanet ta hanyar uwar garken wakili.
An haɗa Squid a cikin ma'ajin tushe don haka shigarwa yana da sauƙi kuma mai sauƙi. Kafin shigar da shi, duk da haka, tabbatar da fakitinku na zamani ta hanyar aiki.
# yum -y update
Ci gaba ta hanyar shigar da squid, farawa kuma kunna shi akan farawa tsarin ta amfani da bin umarni.
# yum -y install squid # systemctl start squid # systemctl enable squid
A wannan gaba, wakilin yanar gizon ku na Squid ya kamata ya riga ya gudana kuma kuna iya tabbatar da matsayin sabis ɗin tare da.
# systemctl status squid
● squid.service - Squid caching proxy Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2018-09-20 10:07:23 UTC; 5min ago Main PID: 2005 (squid) CGroup: /system.slice/squid.service ├─2005 /usr/sbin/squid -f /etc/squid/squid.conf ├─2007 (squid-1) -f /etc/squid/squid.conf └─2008 (logfile-daemon) /var/log/squid/access.log Sep 20 10:07:23 tecmint systemd[1]: Starting Squid caching proxy... Sep 20 10:07:23 tecmint squid[2005]: Squid Parent: will start 1 kids Sep 20 10:07:23 tecmint squid[2005]: Squid Parent: (squid-1) process 2007 started Sep 20 10:07:23 tecmint systemd[1]: Started Squid caching proxy.
Anan akwai mahimman wuraren fayil ɗin da yakamata ku sani:
- Fayil ɗin sanyi na Squid: /etc/squid/squid.conf
- Squid Access log: /var/log/squid/access.log
- Squid Cache log: /var/log/squid/cache.log
Mafi ƙarancin fayil ɗin daidaitawa squid.conf
(ba tare da sharhi a ciki ba) yayi kama da wannan:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all http_port 3128 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320
Ana saita Squid azaman wakili na HTTP
Anan, zamu nuna muku yadda ake saita squid azaman wakili na HTTP ta amfani da adireshin IP na abokin ciniki kawai don tantancewa.
Idan kuna son ba da damar adireshin IP don shiga yanar gizo ta sabon sabar wakili, kuna buƙatar ƙara sabon layin ACL (jerin sarrafawa) a cikin fayil ɗin sanyi.
# vim /etc/squid/squid.conf
Layin da ya kamata ku ƙara shine:
acl localnet src XX.XX.XX.XX
Inda XX.XX.XX.XX shine ainihin adireshin IP na abokin ciniki da kuke son ƙarawa. Ya kamata a ƙara layin a farkon fayil ɗin inda aka ayyana ACLs. Yana da kyau a ƙara sharhi kusa da ACL wanda zai bayyana wanda ke amfani da wannan adireshin IP.
Yana da mahimmanci a lura cewa idan Squid yana wajen cibiyar sadarwar ku, yakamata ku ƙara adireshin IP na jama'a na abokin ciniki.
Kuna buƙatar sake kunna Squid don sabbin canje-canje su yi tasiri.
# systemctl restart squid
Kamar yadda ƙila kuka gani a cikin fayil ɗin sanyi, wasu tashoshin jiragen ruwa ne kawai aka yarda don haɗawa. Kuna iya ƙara ƙarin ta gyara fayil ɗin sanyi.
acl Safe_ports port XXX
Inda XXX shine ainihin tashar jiragen ruwa da kuke son lodawa. Har ila yau yana da kyau a bar sharhi a gaba wanda zai bayyana abin da za a yi amfani da tashar jiragen ruwa.
Don canje-canjen suyi tasiri, kuna buƙatar sake kunna squid sau ɗaya.
# systemctl restart squid
Wataƙila za ku so masu amfani da ku su tantance kafin amfani da wakili. Don wannan dalili, zaku iya kunna ingantaccen ingantaccen HTTP. Yana da sauƙi da sauri don saitawa.
Da farko, kuna buƙatar shigar da kayan aikin httpd.
# yum -y install httpd-tools
Yanzu bari mu ƙirƙiri fayil wanda zai adana sunan mai amfani daga baya don tantancewa. Squid yana gudana tare da mai amfani \squid don haka ya kamata fayil ɗin ya zama mallakin mai amfani.
# touch /etc/squid/passwd # chown squid: /etc/squid/passwd
Yanzu za mu ƙirƙiri sabon mai amfani mai suna \proxyclient kuma mu saita kalmar wucewa.
# htpasswd /etc/squid/passwd proxyclient New password: Re-type new password: Adding password for user proxyclient
Yanzu don saita ingantaccen buɗe fayil ɗin sanyi.
# vim /etc/squid/squid.conf
Bayan tashar jiragen ruwa ACLs suna ƙara layin masu zuwa:
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid Basic Authentication auth_param basic credentialsttl 2 hours acl auth_users proxy_auth REQUIRED http_access allow auth_users
Ajiye fayil ɗin kuma sake kunna squid domin sabbin canje-canje su yi tasiri:
# systemctl restart squid
A ƙarshe, za mu ƙirƙiri ACL na ƙarshe wanda zai taimaka mana toshe gidajen yanar gizon da ba a so. Da farko, ƙirƙiri fayil ɗin da zai adana rukunin yanar gizon da aka baƙaƙe.
# touch /etc/squid/blacklisted_sites.acl
Kuna iya ƙara wasu wuraren da kuke son toshewa. Misali:
.badsite1.com .badsite2.com
Dot ɗin ci gaba yana gaya wa squid don toshe duk abubuwan da suka shafi waɗannan rukunin yanar gizon da suka haɗa da www.badsite1, subsite.badsite1.com, da sauransu.
Yanzu buɗe fayil ɗin sanyi na Squid.
# vim /etc/squid/squid.conf
Bayan tashar jiragen ruwa ACLs suna ƙara layi biyu masu zuwa:
acl bad_urls dstdomain "/etc/squid/blacklisted_sites.acl" http_access deny bad_urls
Yanzu ajiye fayil ɗin kuma sake kunna squid:
# systemctl restart squid
Da zarar an daidaita komai daidai, yanzu zaku iya saita mai binciken abokin ciniki na gida ko saitunan cibiyar sadarwar tsarin aiki don amfani da wakili na HTTP na squid.
A cikin wannan koyawa, kun koyi yadda ake girka, kiyayewa da kuma daidaita sabar HTTP ta Squid da kanku. Tare da bayanin da kuka samu yanzu, zaku iya ƙara wasu mahimman tacewa don zirga-zirgar zirga-zirgar shigowa da masu fita ta Squid.
Idan kuna son tafiya nisan mil, kuna iya saita squid don toshe wasu gidajen yanar gizo yayin lokutan aiki don hana abubuwan da ke raba hankali. Idan kuna da tambayoyi ko sharhi, da fatan za a buga su a cikin sashin sharhin da ke ƙasa.