差異處
這裏顯示兩個版本的差異處。
下次修改 | 前次修改 | ||
squid [2017/01/06 22:43] jz 建立 |
squid [2018/12/29 21:39] (目前版本) jz |
||
---|---|---|---|
行 1: | 行 1: | ||
- | <code> | + | ====== Squid ====== |
- | pkg install squid-3.5.23 | + | |
- | pkg install py27-htpasswd-2008.03.05_2 | + | ===== Install ===== |
+ | |||
+ | <code bash> | ||
+ | pkg install squid | ||
+ | pkg install htdigest | ||
sysrc squid_enable="YES" | sysrc squid_enable="YES" | ||
</code> | </code> | ||
+ | ===== Auth ===== | ||
+ | There are two ways to specify the password auth, ''htdigest'' or ''htpasswd''. | ||
+ | |||
+ | **htdigest** | ||
+ | |||
+ | ''/usr/local/etc/squid/squid.conf'' | ||
<code> | <code> | ||
- | auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords | + | auth_param basic program /usr/local/libexec/squid/basic_ncsa_auth /usr/local/etc/squid/password |
auth_param basic realm proxy | auth_param basic realm proxy | ||
- | acl authenticated proxy_auth REQUIRED | + | auth_param basic casesensitive |
- | http_access allow authenticated | + | |
</code> | </code> | ||
+ | <code bash> | ||
+ | apache-htdigest -c /usr/local/etc/squid/password realm username | ||
+ | # or htdigest if apache-htdigest is not found | ||
+ | </code> | ||
+ | |||
+ | <code bash> | ||
+ | php -a | ||
+ | echo 'user': . crypt('password', base64_encode('password')); | ||
+ | </code> | ||
+ | |||
+ | **htpasswd** | ||
+ | |||
+ | ''/usr/local/etc/squid/squid.conf'' | ||
<code> | <code> | ||
- | touch /usr/local/etc/squid/passwords | + | auth_param digest realm proxy |
- | htpasswd.py -b /usr/local/etc/squid/passwords username password | + | auth_param digest program /usr/local/libexec/squid/digest_file_auth -c /usr/local/etc/squid/password |
</code> | </code> | ||
+ | <code bash> | ||
+ | htpasswd -c /usr/local/etc/squid/password username | ||
+ | </code> | ||
+ | |||
+ | ===== ACL ===== | ||
+ | ''/usr/local/etc/squid/squid.conf'' | ||
<code> | <code> | ||
+ | acl users proxy_auth REQUIRED | ||
+ | acl ncku src 140.116.0.0/16 | ||
+ | http_access deny !ncku | ||
+ | http_access allow users | ||
+ | http_port 3128 | ||
+ | </code> | ||
+ | |||
+ | ===== Check config ===== | ||
+ | |||
+ | <code bash> | ||
squid -f /usr/local/etc/squid/squid.conf -k parse | squid -f /usr/local/etc/squid/squid.conf -k parse | ||
</code> | </code> | ||
+ | |||
+ | ===== Start service ===== | ||
+ | |||
+ | <code bash> | ||
+ | service squid start | ||
+ | </code> | ||
+ |