nomal 

squi

TE 0 Comments 

# ============================================
# Squid 代理服务器完整配置
# 服务器: 10.
# 端口: 8443 (同时承载 HTTPS 和 SSH over HTTP)
# 功能: 允许内网访问特定HTTPS网站,并代理其SSH连接
# ============================================

# ---------- 1. 基础网络与端口配置 ----------
# 监听地址和端口(所有代理服务均通过此端口)
http_port 10..6:8443

# 设置Squid进程运行的用户和组(通常为squid或proxy)
cache_effective_user proxy
cache_effective_group proxy

# ---------- 2. 访问控制列表(ACL)定义 ----------
# 2.1 允许使用代理的内网源IP段
acl localnet src all

# 2.2 定义“安全端口”
# 包括HTTP(s)、SSH及你自定义的SSH端口
acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl Safe_ports port 22          # ssh (标准端口)
acl Safe_ports port 2222        # 你为github ssh指定的端口
acl Safe_ports port 2223        # 你为gitlab ssh指定的端口
acl SSL_ports port 443


# +++ 新增:为目标SSH端口创建独立的ACL +++
acl ssh_port port 22


# 2.3 定义允许访问的目标域名(白名单)
# 使用 .domain.com 格式匹配主域名及其所有子域名
acl allowed_domains dstdomain .github.com
acl allowed_domains dstdomain .githubusercontent.com
acl allowed_domains dstdomain .gitlab.com
acl allowed_domains dstdomain .anaconda.com
acl allowed_domains dstdomain .anaconda.org
# 后续添加新域名格式:acl allowed_domains dstdomain .example.com
acl allowed_domains dstdomain  .tsinghua.edu.cn 

# 2.4 定义CONNECT方法(用于建立HTTPS和SSH隧道)
acl CONNECT method CONNECT

# ---------- 3. 访问权限规则(处理顺序至关重要) ----------
# 3.1 首先拒绝所有不安全的端口访问
http_access deny !Safe_ports

# 3.2 允许内网对白名单域名的普通HTTP/HTTPS访问
http_access allow localnet allowed_domains

# 3.3 允许内网通过CONNECT方法连接到SSH相关端口(关键步骤)
# 此规则使得SSH流量可以通过HTTP代理隧道传输

http_access allow localnet CONNECT ssh_port

# 3.4 最后,拒绝所有未匹配上述规则的访问
http_access deny all

# ---------- 4. 缓存、日志与性能优化 ----------
# 禁用磁盘缓存以简化配置,所有流量直通
cache deny all

# 日志文件路径
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log none

# 隐藏客户端真实IP地址,增强隐私性
request_header_access Via deny all
request_header_access X-Forwarded-For deny all

# 设置DNS解析服务器
 
# ---------- 5. 高级与调优参数 ----------
# 最大上传/下载大小(可根据需要调整)
reply_body_max_size none
# 连接超时设置
forward_timeout 30 seconds
connect_timeout 30 seconds
read_timeout 30 minutes
request_timeout 20 seconds

squid -k parse



目前允许的domain  

allowed_domains dstdomain .github.com .gitlab.com .anaconda.com .anaconda.org  .tsinghua.edu.cn  
=========================== 需要配置代理:

# 设置全局代理
git config --global http.proxy http://10. .6:8443
git config --global https.proxy http://10. .6:8443

# 如果只需要对特定网站(如GitHub)使用代理,可以这样设置
# git config --global http.https://github.com.proxy http://10 .6:8443


export http_proxy=http://10. .6:8443
export https_proxy=http://10. 6:8443
# 可选的,设置不走代理的内网地址
export no_proxy="localhost,127.0.0.1,10.0.0.0/8"

永久生效:将以上三行export命令添加到当前用户的 ~/.bashrc 文件末尾,然后执行 source ~/.bashrc 使其生效。




root@nb--0:~/.ssh# cat /root/.ssh/config
Host github.com
  HostName github.com
  User git
  Port 22
  ProxyCommand nc -X connect -x 10. .6:8443 %h %p
Host gitlab.com
  HostName gitlab.com
  User git
  Port 22
  ProxyCommand nc -X connect -x 10.  .6:8443 %h %p
root@nb-hfo1v82qzw-0:~/.ssh# ssh -T git@github.com
git@github.com: Permission denied (publickey).
root@nb-hfo1v82qzw-0:~/.ssh#


ssh git 的方法

安装nc:
apt install netcat -y


客户端SSH配置:为了让 git clone 等命令更方便,建议在内网客户端的 ~/.ssh/config 文件中写入以下配置,这样SSH命令会自动使用代理,无需每次输入冗长参数:

Host github.com
  HostName github.com
  User git
  Port 22
  ProxyCommand nc -X connect -x 10. 19.6:8443 %h %p
Host gitlab.com
  HostName gitlab.com
  User git
  Port 22
  ProxyCommand nc -X connect -x 10. 13.26:8443 %h %p

 


验证:

root@nb--0:~/.ssh# cat /root/.ssh/config
Host github.com
  HostName github.com
  User git
  Port 22
  ProxyCommand nc -X connect -x 10 .6:8443 %h %p
Host gitlab.com
  HostName gitlab.com
  User git
  Port 22
  ProxyCommand nc -X connect -x 10. 6:8443 %h %p
root@nb--0:~/.ssh# ssh -T git@github.com
git@github.com: Permission denied (publickey).
root@nb--0:~/.ssh#




wget

root@nb--0:~# wget https://github.com/kindsof/dify.git
--2025-12-06 01:02:52--  https://github.com/kindsof/dify.git
Connecting to 10.6:8443... connected.
Proxy request sent, awaiting response... 301 Moved Permanently
Location: https://github.com/kindsof/dify [following]
--2025-12-06 01:02:53--  https://github.com/kindsof/dify
Reusing existing connection to github.com:443.
Proxy request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'dify.git'

dify.git                          [   <=>                                            ] 406.68K   513KB/s    in 0.8s

2025-12-06 01:02:55 (513 KB/s) - 'dify.git' saved [416443]

root@nb--0:~# ls
dify.git  mc  syncshell
root@nb-hfo1v82qzw-0:~#


git clone

root@nb--0:~# git clone https://github.com/kindsof/dify.git
Cloning into 'dify'...
remote: Enumerating objects: 96668, done.
^Cceiving objects:  18% (17401/96668), 26.69 MiB | 5.69 MiB/s
root@nb-hfo1v82qzw-0:~#

PIP 安装
root@nb--0:~# pip install pymilvus==2.6.0b0 -i https://pypi.tuna.tsinghua.edu.cn/simple
Looking in indexes: https://pypi.tuna.tsinghua.edu.cn/simple
Collecting pymilvus==2.6.0b0
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/80/fb/7cf9aaf57c0866ea0df851f052366d4a9b65794dda71f6f140168035c219/pymilvus-2.6.0b0-py3-none-any.whl (240 kB)
Collecting setuptools>69 (from pymilvus==2.6.0b0)
  Using cached https://pypi.tuna.tsinghua.edu.cn/packages/a3/dc/17031897dae0efacfea57dfd3a82fdd2a2aeb58e0ff71b77b87e44edc772/setuptools-80.9.0-py3-none-any.whl (1.2 MB)
Collecting grpcio<1.68.0,>=1.66.2 (from pymilvus==2.6.0b0)
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/d4/ea/32bb9c4d58234383a4e617baf72da4e26e0ccf6396ca36ff7ddc95898ab6/grpcio-1.67.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (5.9 MB)
     ━━━━━━━━━━╸━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.6/5.9 MB 10.4 MB/s eta 0:00:01

You May Also Like

智能类

TE 0

moto安全驾驶

TE 0

huizong

TE 0

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注