大部分运营商架构中,应用节点不能直接访问互联网,给应用程序开发和运行带来困难,
现找到一种解决办法,使用管理节点做代理,其他应用节点通过管理节点访问互联网;
1. 安装 squid
安装包位置: 192.168.88.46:/usr/local/sunlight/squid-3.5.27-144.1.x86_64.rpm
2. 配置squid (增加安全性,局域网内可省略)
acl CONNECT method CONNECT
# line 26: add ( define new ACL )
acl lan src 192.168.88.1/24
http_access allow localhost
# line 26: add ( define new ACL )
acl lan src 192.168.88.1/24
http_access allow localhost
# line 53: add ( allow defined ACL above )
http_access allow lan
# add follows to the end
request_header_access Referer deny all
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all
# do not display IP address
forwarded_for off
3. 启动squid
systemctl start squid
加入系统启动:
systemctl enable squid
4. 应用节点使用管理节点的squid代理
如果只是临时使用,可以设置全局代理:
export http_proxy="http://10.108.144.1:3128/"
export https_proxy="http://10.108.144.1:3128/"
export https_proxy="http://10.108.144.1:3128/"
如果要永久使用,需修改配置文件:
vi /etc/sysconfig/proxy
PROXY_ENABLED="yes"
PROXY_ENABLED="yes"
HTTP_PROXY="http://10.108.144.1:3128"
HTTPS_PROXY="http://10.108.144.1:3128"
NO_PROXY="localhost, 127.0.0.1"
亚特兰蒂斯将使用Web01做代理的方式访问互联网,请知悉;
参考: