用户认证功能的SQUID代理服务器_MySQL

squid代理服务器

　　SQUID和MYSQL的安装采用了SUN发布的二进制安装包，它在software_companion_x86 CD中可以找到；MYSQL_AUTH用GOOGLE搜索就可以找到。

一、安装配置SQUID+MYSQL

1.建立用户和组
# groupadd squid
# useradd -g squid -d /dev/null -s /bin/false squid
# groupadd mysql
# useradd -g mysql -s /bin/false mysql

2. 安装MYSQL

# mount –F hsfs –o ro /dev/dsk/c1t0d0p0 /cdrom
# cd /cdrom/components/i386/Packages
# pkgadd -d ./ -s /var/spool/pkg SFWmysql SFWgcmn
# pkgadd SFWgcmn SFWmysql

# chown -R root /opt/sfw/mysql
# chgrp -R mysql /opt/sfw/mysql
# chown -R mysql /opt/sfw/mysql/var
# /opt/sfw/mysql/bin/mysql_install_db
# /opt/sfw/mysql/bin/mysqld_safe &

# cp /opt/sfw/mysql/share/mysql/my-medium.cnf /etc/my.cnf
# vi /etc/my.cnf
bind-address = 127.0.0.1

设置启动脚本：

# cp /opt/sfw/mysql/share/mysql/mysql.server /etc/init.d/mysql.server
# ln /etc/init.d/mysql.server /etc/rc3.d/S79mysql
# ln /etc/init.d/mysql.server /etc/rc0.d/K00mysql
# ln /etc/init.d/mysql.server /etc/rc1.d/K00mysql
# ln /etc/init.d/mysql.server /etc/rc2.d/K00mysql
# ln /etc/init.d/mysql.server /etc/rcS.d/K00mysql
# chown root:sys /etc/init.d/mysql.server /etc/rc3.d/S79mysql
# chmod 0744 /etc/init.d/mysql.server /etc/rc3.d/S79mysql

设置ROOT密码：
# mysqladmin -u root password llzqq

3．安装SQUID

# pkgadd -d ./ -s /var/spool/pkg SFWsquid
# pkgadd SFWsquid
# cd /opt/sfw/squid/etc
# cp squid.conf.default squid.conf
# cp mime.conf.default mime.conf

4.配置SQUID.CONF

http_port 192.168.0.1:3128
cache_mgr llzqq@nero.3322.org
error_directory /opt/sfw/squid/share/errors/Simplify_Chinese
dns_nameservers 202.99.160.68 202.99.168.8
visible_hostname nero.3322.org
httpd_accel_uses_host_header on
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
cache_mem 20 MB
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 30 KB
minimum_object_size_in_memory 0 KB
cache_swap_low 85
cache_swap_high 90
cache_dir ufs /opt/sfw/squid/var/cache
cache_effective_user squid
cache_effective_group squid

#http_access allow manager localhost
#http_access allow localhost
#http_access deny manager
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
#http_access deny all
http_reply_access allow all
icp_access allow all
miss_access allow all
--------------------------------------------------------
# chown –R squid:squid /opt/sfw/squid/var
# /opt/sfw/squid/sbin/squid -z

5. SQUID启动脚本

# vi /etc/rc3.d/S78squid
====================== S78squid =====================
#!/sbin/sh
#
# Copyright (c) 2004 by llzqq, Inc
# llzqq@126.com
# All rights reserved.
#
#ident '@(#)squid 1.1 04/05/24 SMI'

case '{GetProperty(Content)}' in
start)
/opt/sfw/squid/sbin/squid -s
;;
stop)
/opt/sfw/squid/sbin/squid -k shutdown
pkill squid
;;
*)
echo 'Usage: {GetProperty(Content)} { start | stop }'
exit 1
;;
esac
exit 0
====================== S78squid =====================
# chown root:sys /etc/rc3.d/S78squid
# chmod 744 /etc/rc3.d/S78squid
# ln -s /etc/rc3.d/S78squid /etc/rc2.d/K78squid

二、 安装MYSQL_AUTH

# gzip -d mysql_auth-0.6beta.tar.gz
# tar vxf mysql_auth-0.6beta.tar
# cd mysql_auth-0.6beta

Makefile中需要修改的内容如下：

# vi Makefile

CFLAGS = -I/opt/sfw/mysql/include -L/opt/sfw/mysql/lib/mysql
INSTALL = /usr/ucb/install
$(INSTALL) -o root -g sys -m 700 mypasswd /usr/local/bin/mypasswd
$(INSTALL) -o squid -g squid -m 755 mysql_auth /usr/bin/mysql_auth
$(INSTALL) -o squid -g squid -m 600 $(CONF) /etc/mysql_auth.conf
$(INSTALL) -o squid -g squid -m 600 $(CONF) /etc/mysql_auth.conf.default

src/define.h中需要修改的内容如下：

# vi +5 src/define.h
#define CONFIG_FILE '/etc/mysql_auth.conf'
#define DEF_MYSQLD_SOCKET '/tmp/mysql.sock'

src/mysql_auth.conf中需要修改的内容如下：

# vi src/mysql_auth.conf
mysqld_socket /tmp/mysql.sock
# /usr/ccs/bin/make
# /usr/ccs/bin/make install

创建用户数据库：
# cd scripts
# mysql -u root -p******

测试MYSQL_AUTH

1.添加一个测试用户
# mypasswd llzqq 123456
Password record ADDED succesfully.

2.验证刚才建立的用户
# mysql_auth
llzqq 123456
0K

3.删除一个已经建立的用户用这个命令
# mypasswd –d username

三、在SQUID.CONF中增加MYSQL_AUTH认证部分
# vi /etc/squid/squid.conf

添加下面的代码到SQUID.CONF中“TAG: acl”一节的后面

auth_param basic program /usr/bin/mysql_auth
auth_param basic realm LLZQQ’S CACHING SERVER
auth_param basic children 5
auth_param basic credentialsttl 2 hours
acl password proxy_auth REQUIRED
http_access allow password
authenticate_ip_ttl 2 hours
http_access deny all

四、客户端设置

在浏览器的代理服务器设置中填写SQUID服务器的IP和端口：
192.168.0.1:3218

在下载软件FLASHGET的代理服务器设置中填写SQUID服务器的IP、端口、用户和密码：
192.168.0.1:3218
user:llzqq
passwd:123456

五、注意事项

在进行以上安装前要先安装GCC否则不能编译MYSQL_AUTH，另外在添加用户前需要设置ROOT用户的LD_LIBRARY_PATH变量中有这个路径：/opt/sfw/mysql/lib/mysql