CentOS builds http proxy

Posted by kickassamd on Tue, 08 Mar 2022 09:32:16 +0100

1, Configuration:
A centos ECS:

Let's mainly talk about some of my problems here. Don't choose too high centos system version, otherwise it may not be set successfully.

My setting here is centos7 2-bit linux alicloud server.
Say important things three times (otherwise I must step on the pit. I found out the reason after the third day): CentOS 7 2-bit linux alicloud server, centos7 2-bit linux alicloud server, centos7 2-bit linux alicloud server

Tucao, ah, before, it used centos8 system, and the result was not successful. Then I set up socks5 to try, and it still didn't work. I saw an article saying that I needed 7.2 centos system. After I changed the system, I searched some articles, and then successfully built sock5. Then I make complaints about whether squid was building up http. Then I tested it with my own server. The result is really the reason for the system. My own system was replaced with 7.2, and both sock5 and HTTP were successful.


1. Install openssl

Determine whether to install openssl:

openssl version -a

If the following interface appears, it indicates that it has been installed and then does not need to be installed again:



Installation command:

yum install openssl

2. Install squid

Installation command:

yum install squid -y
# -y Represents automatic selection y,Fully automatic installation

3. Ann net tools

Installation command:

yum install net-tools

4. Modify squid's configuration file squid conf

① . modify the port number

Reference configuration content:

cat /etc/squid/squid.conf

The default port number is 3128. It is recommended to modify it to prevent the scanning agent from being shared




Use vi to modify the configuration file and find the location of the port number above. I change it here to 6128

vi /etc/squid/squid.conf

Change the port number:




By default, the time in squid's access log is unix timestamp, which is inconvenient to read. You can use / etc / squid / squid Conf add a line of logformat configuration:

#Add this line to the end of the configuration file
#access log time human-readable
logformat squid %tl.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt

② Turn on the firewall

netstat -tunpl



Open the port number of squid and restart:

firewall-cmd --zone=public --add-port=6128/tcp --permanent
firewall-cmd --reload

Then execute the above to open the port number 6128 of squid (you can change it according to your own settings)

5. Start squid

systemctl start squid

View process:

netstat -tunpl




6. Native proxy access:

Native proxy access

curl -x www.baidu.com

It indicates that the preliminary configuration of the agent is successful. But you can't use this agent using your own computer.




7. Modify to support all proxy access (use)

Edit squid's configuration file at http_ Add two lines before access deny all:

acl client src
http_access allow client

You can put HTTP in the figure below_ Access deny all
If modified and saved:



Then restart squid:

systemctl restart squid

The agent can be used at this time, but it will be a transparent agent. You need to set the user name and password to enhance the availability of the agent and prevent it from being scanned and used at will. You can also add some setting fields and make it a high hidden agent.

8. Set user name + password

① Set password file

#Set password
yum -y install httpd-tools
touch /etc/squid/passwd && chown squid /etc/squid/passwd

② Create user password

#Create user password
htpasswd /etc/squid/passwd yourusername

After the naming (your username is the agent's user name), enter the password (the agent's password) twice




③ . change the configuration file:

vi /etc/squid/squid.con
#Add under acl code block in configuration file
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 2 hours
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
#add to
http_access allow all
#Or comment out
http_access deny all

④ . restart the service squid:

systemctl restart squid

At this time, you can use the proxy of user name to test.

I use a Google plug-in SwitchyOmega here:

Then visit: http://httpbin.org/ip




It can be seen from the results that even if the user + password is set, the http agent is still not high hidden. In front is my local agent, followed by the agent ip, which is still bad. You need to set it in the configuration below.

9. Set the agent as high hidden agent:

vi /etc/squid/squid.conf

Add these self segments to the configuration file.

request_header_access X-Forwarded-For deny all
request_header_access From deny all
request_header_access Via deny all

Remember to save after changing the configuration file:
Then restart:

systemctl restart squid

Then visit again: http://httpbin.org/ip


At this time, you can become the agent of gaoni.

10. Set startup and self startup:

systemctl enable squid


Transferred from: https://blog.csdn.net/weixin_42081389/article/details/105405148


Topics: Linux