说明: TinyProxy 貌似不可以设置user/passd
摘要:
.timproxy docker部署
. Squid服务 docker部署 (支持用户名密码) 官网: http://www.squid-cache.org/
1.timproxy
docker install : 36M
sudo docker run -itd --restart=always --name='tinyproxy' -p 7990:8888 happysea/tinyproxy:latest ANY sudo docker run -d --name='tinyproxy' -p 7777:8888 happysea/tinyproxy:latest 192.168.18.129 sudo docker run -d --name='tinyproxy' -p 8888:8888 happysea/tinyproxy:latest 10.160.0.120/24 192.168.18.201/16 logs docker logs -f tinyproxy will display a following tail of /var/log/tinyproxy/tinyproxy.log
Squid proxy server允许您为代理设置用户名和密码
如果简单使用,足以:
安装tinyproxy包 sudo apt-get update sudo apt-get install tinyproxy
配置文件在 /etc/tinyproxy.conf
还有可能在/etc/tinyproxy/tinyproxy.conf
Port 8888 #预设是8888 Port,你可以更改 Allow 127.0.0.1 #将127.0.0.1改成你自己的IP #例如你的IP 是1.2.3.4,你改成Allow 1.2.3.4,那只有你才可以连上这个Proxy
运行 service tinyproxy start 默认启动 sudo service tinyproxy start 重启 sudo service tinyproxy restart 重启 sudo service tinyproxy restart 测试 curl -x <IP>:<PORT> https://www.cnblogs.com/lshan/
2. Squid服务 docker部署 sameersbn/squid:3.5.27-2 (后期会重新整理一份) 可以参考:https://blog.csdn.net/github_32362501/article/details/106816010
1.由于Squid服务本身具备代理和缓存两个功能(缓存的功能这里不做详细介绍,可以问度娘自行搜索),建议为这个容器设置一下CPU、内存和磁盘的限额,
防止极端情况下会把主机资源耗尽。为了方便调试和使用,可以给容器起一个容易记忆的名字,
顺便将Squid的缓存和日志目录也挂载到主机上。完整命令如下:
docker run -d --name squid3 --restart=always \ -m 1G \ -p 3128:3128 \ -v /etc/squid3/squid.conf:/opt/docker/squid3/squid.conf \ -v /var/log/squid3:/opt/docker/squid3/log/ \ -v /var/spool/squid3:/opt/docker/squid3/spool \ sameersbn/squid:3.5.27-2
如果需要添加用户名密码,可以进行如下操作
2.准备密码文件,在下列页面生成账户和密码,复制字符串
https://tool.oschina.net/htpasswd
or
# 生成认证文件 $ sudo htpasswd squid_passwd your-username ## 在这里输入两次密码 # 将认证文件拷贝至容器 $ sudo docker cp squid_passwd squid:/etc/squid3/
3.写入到密码文件
vi /etc/squid/passwd
admin:$apr1$eztgnc1xn$uBhK0S/qwE18A2/lGEvSnY/
4. 修改配置文件
vi /etc/squid/squid.conf
#启用验证,不想要密码可以不配这一段 auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd acl auth_user proxy_auth REQUIRED http_access allow auth_user #允许客户端IP范围 acl client src 10.0.0.0/8 http_access allow client http_access deny all
重启测试即可
完整配置:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl localnet src 0.0.0.0/0.0.0.0 acl localnet src 0.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # username&password auth config auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/squid_passwd acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access deny to_localhost http_access allow localnet http_access allow localhost http_access deny all http_port 3128 cache_dir ufs /var/spool/squid3 100 16 256 coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320
