{"id":4251,"date":"2024-12-03T10:42:40","date_gmt":"2024-12-03T03:42:40","guid":{"rendered":"https:\/\/dncloud.net\/blog\/?p=4251"},"modified":"2024-12-03T10:42:40","modified_gmt":"2024-12-03T03:42:40","slug":"cai-dat-squid-proxy-tren-ubuntu-20-04","status":"publish","type":"post","link":"https:\/\/dncloud.net\/blog\/cai-dat-squid-proxy-tren-ubuntu-20-04\/","title":{"rendered":"H\u01b0\u1edbng d\u1eabn c\u00e0i \u0111\u1eb7t Squid Proxy tr\u00ean Ubuntu 20.04 chi ti\u1ebft nh\u1ea5t"},"content":{"rendered":"<p><strong>Squid Proxy<\/strong> l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 proxy caching m\u1ea1nh m\u1ebd, th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 t\u0103ng hi\u1ec7u su\u1ea5t truy c\u1eadp web, c\u1ea3i thi\u1ec7n b\u1ea3o m\u1eadt v\u00e0 qu\u1ea3n l\u00fd l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng. Trong b\u00e0i vi\u1ebft n\u00e0y, <strong>DNCLOUD<\/strong> s\u1ebd h\u01b0\u1edbng d\u1eabn b\u1ea1n c\u00e1ch c\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh Squid Proxy tr\u00ean h\u1ec7 \u0111i\u1ec1u h\u00e0nh <strong>Ubuntu 20.04<\/strong> m\u1ed9t c\u00e1ch chi ti\u1ebft nh\u1ea5t.<\/p>\n<h2>C\u00e1c y\u00eau c\u1ea7u \u0111\u1ec3 c\u00e0i \u0111\u1eb7t Squid Proxy tr\u00ean Ubuntu 20.04<\/h2>\n<p>\u0110\u1ec3 l\u00e0m theo h\u01b0\u1edbng d\u1eabn b\u1ea1n c\u1ea7n c\u00f3 m\u00e1y ch\u1ee7 <strong>Ubuntu 20.04<\/strong> v\u00e0 ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng ph\u1ea3i l\u00e0 t\u00e0i kho\u1ea3n <strong>root<\/strong> nh\u01b0ng \u0111\u1eb7c quy\u1ec1n <strong>sudo.<\/strong><\/p>\n<div id=\"attachment_4262\" style=\"width: 1210px\" class=\"wp-caption aligncenter\"><img fetchpriority=\"high\" decoding=\"async\" aria-describedby=\"caption-attachment-4262\" class=\"size-full wp-image-4262\" src=\"https:\/\/dncloud.net\/blog\/wp-content\/smush-webp\/cai-dat-squid-proxy.png.webp\" alt=\"c\u00e0i \u0111\u1eb7t squid proxy\" width=\"1200\" height=\"628\" srcset=\"https:\/\/dncloud.net\/blog\/wp-content\/smush-webp\/cai-dat-squid-proxy.png.webp 1200w, https:\/\/dncloud.net\/blog\/wp-content\/smush-webp\/cai-dat-squid-proxy-300x157.png.webp 300w, https:\/\/dncloud.net\/blog\/wp-content\/smush-webp\/cai-dat-squid-proxy-1024x536.png.webp 1024w, https:\/\/dncloud.net\/blog\/wp-content\/smush-webp\/cai-dat-squid-proxy-150x79.png.webp 150w, https:\/\/dncloud.net\/blog\/wp-content\/smush-webp\/cai-dat-squid-proxy-768x402.png.webp 768w, https:\/\/dncloud.net\/blog\/wp-content\/smush-webp\/cai-dat-squid-proxy-1170x612.png.webp 1170w, https:\/\/dncloud.net\/blog\/wp-content\/smush-webp\/cai-dat-squid-proxy-585x306.png.webp 585w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" data-smush-webp-fallback=\"{&quot;src&quot;:&quot;https:\\\/\\\/dncloud.net\\\/blog\\\/wp-content\\\/uploads\\\/cai-dat-squid-proxy.png&quot;,&quot;srcset&quot;:&quot;https:\\\/\\\/dncloud.net\\\/blog\\\/wp-content\\\/uploads\\\/cai-dat-squid-proxy.png 1200w, https:\\\/\\\/dncloud.net\\\/blog\\\/wp-content\\\/uploads\\\/cai-dat-squid-proxy-300x157.png 300w, https:\\\/\\\/dncloud.net\\\/blog\\\/wp-content\\\/uploads\\\/cai-dat-squid-proxy-1024x536.png 1024w, https:\\\/\\\/dncloud.net\\\/blog\\\/wp-content\\\/uploads\\\/cai-dat-squid-proxy-150x79.png 150w, https:\\\/\\\/dncloud.net\\\/blog\\\/wp-content\\\/uploads\\\/cai-dat-squid-proxy-768x402.png 768w, https:\\\/\\\/dncloud.net\\\/blog\\\/wp-content\\\/uploads\\\/cai-dat-squid-proxy-1170x612.png 1170w, https:\\\/\\\/dncloud.net\\\/blog\\\/wp-content\\\/uploads\\\/cai-dat-squid-proxy-585x306.png 585w&quot;}\" \/><p id=\"caption-attachment-4262\" class=\"wp-caption-text\">H\u01b0\u1edbng d\u1eabn c\u00e0i \u0111\u1eb7t Squid Proxy tr\u00ean Ubuntu 20.04<\/p><\/div>\n<h2 id=\"buoc-1-cai-dat-squid-proxy\" class=\"wp-block-heading ftwp-heading\">B\u01b0\u1edbc 1: C\u00e0i \u0111\u1eb7t Squid Proxy<\/h2>\n<p>\u0110\u1ec3 t\u1ea1o <a href=\"https:\/\/dncloud.net\/blog\/proxy-la-gi\/\">Proxy<\/a> b\u1eb1ng Squid tr\u00ean Ubuntu \u0111\u1ea7u ti\u00ean b\u1ea1n c\u1ea7n c\u1eadp nh\u1eadt danh s\u00e1ch g\u00f3i c\u1ee7a b\u1ea1n v\u00e0 c\u00e0i \u0111\u1eb7t <strong>Squid Proxy<\/strong> v\u1edbi t\u01b0 c\u00e1ch kh\u00f4ng ph\u1ea3i<strong> root<\/strong> b\u1eb1ng c\u00e2u l\u1ec7nh sau:<\/p>\n<pre>1 <span class=\"token function\">sudo<\/span> <span class=\"token function\">apt<\/span> update\r\n2 <span class=\"token function\">sudo<\/span> <span class=\"token function\">apt<\/span> <span class=\"token function\">install<\/span> squid<\/pre>\n<p>Sau khi c\u00e0i \u0111\u1eb7t, Squid s\u1ebd t\u1ef1 \u0111\u1ed9ng thi\u1ebft l\u1eadp m\u1ed9t d\u1ecbch v\u1ee5 n\u1ec1n v\u00e0 b\u1eaft \u0111\u1ea7u n\u00f3. \u0110\u1ec3 ki\u1ec3m tra xem d\u1ecbch v\u1ee5 n\u00e0y ch\u1ea1y c\u00f3 \u0111\u00fang c\u00e1ch kh\u00f4ng, b\u1ea1n c\u1ea7n ki\u1ec3m tra l\u1ea1i b\u1eb1ng c\u00e2u l\u1ec7nh:<\/p>\n<pre>systemctl status squid. service<\/pre>\n<p>V\u00e0 b\u1ea1n s\u1ebd nh\u1eadn \u0111\u01b0\u1ee3c ph\u1ea7n output d\u01b0\u1edbi \u0111\u00e2y, n\u1ebfu b\u1ea1n c\u00e0i \u0111\u1eb7t th\u00e0nh c\u00f4ng:<\/p>\n<pre>Output\r\nsquid.service - Squid Web Proxy Server\r\n Loaded: loaded (\/lib\/systemd\/system\/squid.service; enabled; vendor preset: enabled)\r\n Active: active (running) since Tue 2024-11-26 14:13:15 UTC; 2min 11s ago<\/pre>\n<p>Squid m\u1eb7c \u0111\u1ecbnh kh\u00f4ng cho ph\u00e9p b\u1ea5t k\u1ef3 m\u00e1y kh\u00e1ch n\u00e0o k\u1ebft n\u1ed1i v\u1edbi n\u00f3 t\u1eeb b\u00ean ngo\u00e0i d\u1ecbch v\u1ee5 m\u00e1y ch\u1ee7. V\u00ec v\u1eady, \u0111\u1ec3 k\u00edch ho\u1ea1t k\u1ebft n\u1ed1i t\u1eeb b\u00ean ngo\u00e0i, b\u1ea1n c\u1ea7n th\u1ef1c hi\u1ec7n thay \u0111\u1ed5i \u0111\u1ed1i v\u1edbi file c\u1ea5u h\u00ecnh squid, t\u1ec7p n\u00e0y \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef trong <span class=\"penci-highlighted-black\">\/etc\/squid\/squid.conf<\/span>. M\u1edf squid b\u1eb1ng so\u1ea1n tr\u00ecnh th\u1ea3o <span class=\"penci-highlighted-black\">nano<\/span> ho\u1eb7c b\u1ea5t c\u1ee9 tr\u00ecnh so\u1ea1n th\u1ea3o n\u00e0o b\u1ea1n mu\u1ed1n.<\/p>\n<pre><span class=\"token function\">sudo<\/span> <span class=\"token function\">nano<\/span>\/etc\/squid\/squid.conf<\/pre>\n<p>L\u01b0u \u00fd r\u1eb1ng c\u1ea5u h\u00ecnh c\u1ee7a Squid c\u1ef1c k\u1ef3 d\u00e0i v\u00e0 ch\u1ee9a m\u1ed9t s\u1ed1 l\u01b0\u1ee3ng c\u1ef1c k\u1ef3 l\u1edbn c\u00e1c t\u00f9y ch\u1ecdn \u0111\u00e3 t\u1ea1m th\u1eddi b\u1ecb v\u00f4 hi\u1ec7u h\u00f3a b\u1eb1ng c\u00e1ch \u0111\u1eb7t m\u1ed9t <span class=\"penci-highlighted-black\">#<\/span> \u1edf \u0111\u1ea7u d\u00f2ng khi \u0111ang b\u1eadt \u1edf ch\u1ebf \u0111\u1ed9 m\u1eb7c \u0111\u1ecbnh. Tuy nhi\u00ean, \u0111\u1ec3 t\u00ecm ki\u1ebfm trong t\u1ec7p m\u00e0 b\u1ea1n mu\u1ed1n ch\u1ec9nh s\u1eeda trong nano b\u1eb1ng c\u00e1ch nh\u1ea5n t\u1ed5 h\u1ee3p ph\u00edm <strong>Ctrl+W, <\/strong>t\u00ecm c\u1ee5m t\u1eeb b\u1ea1n t\u00ecm ki\u1ebfm v\u00e0 b\u1ea5m <strong>Enter<\/strong>. C\u00f2n n\u1ebfu b\u1ea1n mu\u1ed1n t\u00ecm k\u1ebft qu\u1ea3 ph\u00f9 h\u1ee3p c\u1ee7a c\u1ee5m t\u1eeb \u0111\u00f3 nh\u1ea5n <strong>Alt+W.<\/strong><\/p>\n<p>B\u1ea1n mu\u1ed1n th\u1ea5y c\u00e1c kh\u1ed1i v\u0103n b\u1ea3n gi\u1ea3i th\u00edch c\u00e1c quy t\u1eafc truy c\u1eadp m\u1eb7c \u0111\u1ecbnh c\u1ee7a Squid, b\u1ea1n t\u00ecm d\u00f2ng c\u00f3 c\u1ee5m t\u1eeb<span class=\"penci-highlighted-black\"> http_access deny all:<\/span><\/p>\n<pre>1 . . .\r\n2 #\r\n3 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS \r\n4 # \r\n5 include \/etc\/squid\/conf.d\/* \r\n6 # Example rule allowing access from your local networks. \r\n7 # Adapt localnet in the ACL section to list your (internal) IP networks \r\n8 # from where browsing should be allowed \r\n9 #http_access allow localnet\r\n10 http_access allow localhost \r\n11\r\n12 # And finally deny all other access to this proxy \r\n13 http_access deny all \r\n14 . . .<\/pre>\n<p>\u1ede \u0111\u00e2y b\u1ea1n c\u00f3 th\u1ec3 th\u1ea5y, h\u00e0nh vi hi\u1ec7n t\u1ea1i cho ph\u00e9p m\u00e1y ch\u1ee7 k\u1ebft n\u1ed1i <strong><a href=\"https:\/\/locallhost.com\/\" rel=\"noopener\">localhost<\/a>,<\/strong> c\u00f2n l\u1ea1i th\u00ec kh\u00f4ng k\u1ebft n\u1ed1i. B\u1edfi v\u00ec c\u00e1c quy t\u1eafc n\u00e0y \u0111\u01b0\u1ee3c s\u1eafp x\u1ebfp theo c\u00e1c tr\u00ecnh tr\u1ef1 t\u1eeb tr\u00ean xu\u1ed1ng d\u01b0\u1edbi, n\u00ean b\u1ea1n c\u1ea7n gi\u1eef deny all c\u00e1c quy t\u1eafc \u1edf cu\u1ed1i block c\u1ea5u h\u00ecnh. T\u1ea5t nhi\u00ean, ng\u01b0\u1eddi d\u00f9ng c\u0169ng c\u00f3 th\u1ec3 s\u1eeda \u0111\u1ed5i c\u00e1c l\u1ec7nh tr\u00ean th\u00e0nh cho ph\u00e9p hay h\u1ea1n ch\u1ebf m\u1ed9t v\u00e0i quy t\u1eafc ho\u1eb7c n\u1ebfu kh\u00f4ng b\u1ea1n c\u00f3 th\u1ec3 th\u00eam m\u1ed9t d\u00f2ng tr\u00ean <strong>http_access allow localhost\u00a0 <\/strong>bao g\u1ed3m IP ng\u01b0\u1eddi d\u00f9ng,\u0111\u00e3\u00a0c\u1ee5 th\u1ec3 nh\u01b0 sau:<\/p>\n<pre>1#\r\n2 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS \r\n3 # \r\n4 include \/etc\/squid\/conf.d\/* \r\n5 # Example rule allowing access from your local networks. \r\n6 acl localnet src your_ip_address \r\n7 # Adapt localnet in the ACL section to list your (internal) IP networks \r\n8 # from where browsing should be allowed \r\n9 #http_access allow localnet \r\n10 http_access allow localhost<\/pre>\n<p>Trong \u0111\u00f3, g\u1ed3m:<\/p>\n<ul>\n<li><strong><code>acl<\/code><\/strong>: l\u00e0 vi\u1ebft t\u1eaft c\u1ee7a<b> <\/b>(Danh s\u00e1ch ki\u1ec3m to\u00e1n truy c\u1eadp), l\u00e0 thu\u1eadt ng\u1eef ph\u1ed5 bi\u1ebfn c\u00f3 c\u00e1c ch\u00ednh s\u00e1ch cho ph\u00e9p truy c\u1eadp<\/li>\n<li><strong><code>localnet<\/code><\/strong> : Trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y l\u00e0 t\u00ean ACL c\u1ee7a b\u1ea1n.<\/li>\n<li><strong><code>src<\/code><\/strong> : \u0110\u00e2y l\u00e0 n\u01a1i b\u1eaft ngu\u1ed3n y\u00eau c\u1ea7u t\u1eeb ACL, t\u1ee9c l\u00e0 \u0111\u1ecba ch\u1ec9 IP c\u1ee7a b\u1ea1n.<\/li>\n<\/ul>\n<p>Sau khi ho\u00e0n th\u00e0nh c\u00e1c b\u01b0\u1edbc tr\u00ean, b\u1ea1n h\u00e3y l\u01b0a v\u00e0 \u0111\u00f3ng file. N\u1ebfu b\u1ea1n \u0111ang s\u1eed d\u1ee5ng <span class=\"penci-highlighted-black\">nano<\/span> b\u1ea1n nh\u1ea5n t\u1ed5 h\u1ee3p ph\u00edm <strong>Ctrl + X, <\/strong>sau \u0111\u00f3 khung l\u1eddi nh\u1eafc hi\u1ec3n th\u1ecb b\u1ea1n c\u00f3 \u0111\u1ed3ng \u00fd x\u00e1c nh\u1eadn kh\u00f4ng, h\u00e3y<strong> nh\u1ea5n Y <\/strong>r\u1ed3i<strong> Enter.<\/strong><\/p>\n<p>V\u1eeba r\u1ed3i b\u1ea1n \u0111\u00e3 t\u1ea1o proxy b\u1eb1ng Squid th\u00e0nh c\u00f4ng, l\u00fac n\u00e0y b\u1ea1n c\u00f3 th\u1ec3 kh\u1edfi \u0111\u1ed9ng l\u1ea1i Squid \u0111\u1ec3 c\u1eadp nh\u1eadt c\u1ea5u h\u00ecnh v\u00e0 k\u1ebft n\u1ed1i. Nh\u01b0ng b\u1ea1n c\u1ea7n th\u1ef1c hi\u1ec7n nhi\u1ec1u thao t\u00e1c \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o b\u1ea3o m\u1eadt c\u1ee7a Squid tr\u01b0\u1edbc khi kh\u1edfi \u0111\u1ed9ng l\u1ea1i. Ho\u1eb7c n\u1ebfu b\u1ea1n ch\u01b0a c\u00f3 <a href=\"https:\/\/dncloud.net\/blog\/server-la-gi\/\">m\u00e1y ch\u1ee7<\/a> \u0111\u1ec3 tri\u1ec3n khai proxy tr\u00ean Squid, b\u1ea1n tham kh\u1ea3o th\u00eam<a href=\"https:\/\/dncloud.net\/cloud-vps\/\"> d\u1ecbch v\u1ee5 VPS<\/a> c\u1ee7a <strong>DNCLOUD.<\/strong><\/p>\n<h2 id=\"buoc_2_\u2013_bao_mat_squid\">B\u01b0\u1edbc 2 \u2013 B\u1ea3o m\u1eadt Squid<\/h2>\n<p>Th\u01b0\u1eddng th\u00ec c\u00e1c Proxy v\u00e0 c\u00e1c \u1ee9ng d\u1ee5ng t\u1eeb client k\u1ebft n\u1ed1i v\u1edbi Proxy \u0111\u1ec1u \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3 nhi\u1ec1u ph\u01b0\u01a1ng th\u1ee9c x\u00e1c th\u1ef1c bao g\u1ed3m c\u00e1c ph\u01b0\u01a1ng th\u1ee9c nh\u01b0: kho\u00e1 d\u00f9ng chung (shared keys) ho\u1eb7c m\u00e1y ch\u1ee7 x\u00e1c th\u1ef1c ri\u00eang bi\u1ec7t. Nh\u01b0ng ph\u1ed5 bi\u1ebfn nh\u1ea5t l\u00e0 c\u00e1ch th\u1ee9c b\u1ea3o m\u1eadt ng\u01b0\u1eddi d\u00f9ng th\u00f4ng qua <strong>username\/password. <\/strong>Squid cho ph\u00e9p c\u00e1c c\u1eb7p c\u00f3 gi\u00e1 tr\u1ecb <span class=\"penci-highlighted-black\">username\/password<\/span>b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng t\u00ednh n\u0103ng k\u1ebft h\u1ee3p c\u1ee7a Linux nh\u01b0 b\u01b0\u1edbc b\u1ed5 sung hay h\u1ea1n ch\u1ebf quy\u1ec3n truy c\u1eadp Proxy theo \u0111\u1ecba ch\u1ec9 IP. \u0110\u1ec3 th\u1ef1c hi\u1ec7n x\u00e1c th\u1ef1c, b\u1ea1n c\u1ea7n t\u1ea1o file c\u00f3 t\u00ean <strong>\/etc\/squid\/password <\/strong>v\u00e0 tr\u1ecf c\u1ea5u h\u00ecnh Squid \u0111\u1ebfn \u0111\u00f3.<\/p>\n<p>\u0110\u1ea7u ti\u00ean, b\u1ea1n ph\u1ea3i c\u00e0i \u0111\u1eb7t ti\u1ec7n \u00edch t\u1eeb <strong>Apache <\/strong>\u0111\u1ec3 c\u00f3 quy\u1ec1n truy c\u1eadp v\u00e0 t\u1ea1o m\u1eadt kh\u1ea9u Squid b\u1ea1n th\u00edch b\u1eb1ng l\u00eanh nh\u01b0 sau:<\/p>\n<pre><span class=\"token function\">sudo<\/span> <span class=\"token function\">apt<\/span> <span class=\"token function\">install<\/span> apache2-utils<\/pre>\n<p>V\u1edbi c\u1ea5p l\u1ec7nh <span class=\"penci-highlighted-black\">htpasswd<\/span> b\u1ea1n s\u1eed d\u1ee5ng \u0111\u1ec3 t\u1ea1o m\u1eadt kh\u1ea9u cho ng\u01b0\u1eddi d\u00f9ng Squid m\u1edbi. Th\u01b0\u1eddng c\u00e1c t\u00e0i kho\u1ea3n n\u00e0y s\u1ebd kh\u00f4ng ghi \u0111\u00e8 hay t\u00e1c \u0111\u1ed9ng n\u00e0o \u0111\u1ebfn b\u1ea5t k\u1ef3 ng\u01b0\u1eddi d\u00f9ng h\u1ec7 th\u1ed1ng m\u00e0 b\u1ea1n \u0111\u00e3 \u0111\u0103ng nh\u1eadp n\u1ebfu mu\u1ed1n. Sau khi nh\u1eadp t\u00ean t\u00e0i kho\u1ea3n, b\u1ea1n s\u1ebd \u0111\u01b0\u1ee3c nh\u1eafc nh\u1eadp m\u1eadt kh\u1ea9u sau \u0111\u00f3:<\/p>\n<pre><span class=\"token function\">sudo<\/span> htpasswd -c \/etc\/squid\/passwords your_squid_username<\/pre>\n<p>V\u1edbi thao t\u00e1c n\u00e0y s\u1ebd \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef t\u00ean ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u1eadt kh\u1ea9u m\u1edbi c\u1ee7a b\u1ea1n th\u1ec3 hi\u1ec7n trong file<strong> \/etc\/squid\/passwords.\u00a0<\/strong>M\u1eadt kh\u1ea9u n\u00e0y s\u1ebd \u0111\u01b0\u1ee3c Squid l\u00e0m ngu\u1ed3n x\u00e1c th\u1ef1c, \u0111\u1ec3 xem m\u1eadt kh\u1ea9u sau khi b\u0103m b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng l\u1ec7nh <span class=\"penci-highlighted-black\">cat<\/span>:<\/p>\n<pre><span class=\"token function\">sudo<\/span> <span class=\"token function\">cat<\/span> \/etc\/squid\/passwords<\/pre>\n<p>B\u1ea1n c\u00f3 th\u1ec3 th\u1ea5y c\u00e2u l\u1ec7nh sau khi b\u0103m \u0111\u00e3 tr\u1edf th\u00e0nh chu\u1ed7i t\u1ef1 nhi\u00ean, \u0111\u1ea3m b\u1ea3o t\u00ednh b\u1ea3o m\u1eadt t\u1ed1t nh\u1ea5t.<\/p>\n<pre>Output\r\ndncloud:$apr1$Dgl.Mxnd$vdqLYjBGdtoWA47w4tDzv.<\/pre>\n<p>Sau khi t\u00e0i kho\u1ea3n b\u1ea1n \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o th\u00e0nh c\u00f4ng, h\u00e3y c\u1eadp nh\u1eadt c\u1ea5u h\u00ecnh Squid v\u00e0 t\u1ec7p <strong>\/etc\/squid\/passwords <\/strong>\u0111\u1ec3 x\u00e1c th\u1ef1c. M\u1edf l\u1ea1i file Squid b\u1eb1ng l\u1ec7nh:<\/p>\n<pre><span class=\"token function\">sudo<\/span> <span class=\"token function\">nano<\/span> \/etc\/squid\/squid.conf<\/pre>\n<p>V\u00e0 th\u00eam c\u00e1c d\u00f2ng l\u1ec7nh sau:<\/p>\n<pre>1 auth_param basic program \/usr\/lib\/squid3\/basic_ncsa_\r\n2 auth \/etc\/squid\/passwords \r\n3 auth_param basic realm proxy \r\n4 acl authenticated proxy_auth REQUIRED \r\n5 http_access allow authenticated<\/pre>\n<p>L\u00fac n\u00e0y, file c\u01a1 b\u1ea3n Squid s\u1ebd nh\u01b0 sau:<\/p>\n<pre>\u2026 \r\n# \r\n# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS \r\n# \r\ninclude \/etc\/squid\/conf.d\/* \r\nauth_param basic program \/usr\/lib\/squid3\/basic_ncsa_auth \/etc\/squid\/passwords \r\nauth_param basic realm proxy \r\nacl authenticated proxy_auth REQUIRED \r\n# Example rule allowing access from your local networks. \r\nacl localnet src your_ip_address \r\n# Adapt localnet in the ACL section to list your (internal) IP networks \r\n# from where browsing should be allowed \r\n#http_access allow localnet \r\nhttp_access allow localhost \r\nhttp_access allow authenticated \r\n# And finally deny all other access to this proxy \r\nhttp_access deny all \r\n\u2026<\/pre>\n<p>C\u00e1c d\u00f2ng l\u1ec7nh v\u1eeba \u0111\u01b0\u1ee3c th\u00eam y\u00eau c\u1ea7u Squid ki\u1ec3m tra\u00a0<strong>passwords<\/strong> t\u1ec7p m\u1edbi c\u1ee7a b\u1ea1n. \u0110\u1ec3 bi\u1ebft c\u00e1c h\u00e0m m\u1eadt kh\u1ea9u \u0111\u01b0\u1ee3c ph\u00e2n t\u00edch b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng <strong>basic_ncsa_auth <\/strong>v\u00e0 y\u00eau c\u1ea7u x\u00e1c th\u1ef1c b\u1eb1ng Proxy. \u0110\u1ec3 th\u1ef1c hi\u1ec7n b\u1eb1ng c\u00e1ch nh\u1eadp l\u1ec7nh: Qu\u00e1 tr\u00ecnh n\u00e0y th\u01b0\u1eddng s\u1ebd m\u1ea5t v\u00e0i ph\u00fat ch\u1edd \u0111\u1ee3i.<\/p>\n<pre><span class=\"token function\">sudo<\/span> systemctl restart squid.service<\/pre>\n<p>N\u1ebfu b\u1ea1n s\u1eed d\u1ee5ng <span class=\"penci-highlighted-black\">ufw<\/span> b\u1ea1n c\u1ea7n ph\u1ea3i m\u1edf v\u00e0 \u0111\u00f3ng c\u1ed5ng <span class=\"penci-highlighted-black\">3128<\/span> th\u00f4ng qua t\u01b0\u1eddng l\u1eeda<\/p>\n<pre><span class=\"token function\">sudo<\/span> ufw allow 3128<\/pre>\n<p>Cu\u1ed1i c\u00f9ng b\u1ea1n \u0111\u00e3 \u0111\u01b0\u1ee3c k\u1ebft n\u1ed1i v\u1edbi Proxy c\u1ee7a m\u00ecnh v\u00e0 th\u1ef1c hi\u1ec7n c\u00e1c t\u00e1c v\u1ee5 qu\u1ea3n l\u00fd c\u1ea7n thi\u1ebft.<\/p>\n<h2 id=\"buoc_3_\u2013_ket_noi_thong_qua_squid\">B\u01b0\u1edbc 3 \u2013 K\u1ebft n\u1ed1i th\u00f4ng qua Squid<\/h2>\n<p>\u0110\u1ec3 ki\u1ec3m tra m\u00e1y ch\u1ee7 Squid \u0111\u00e3 \u0111\u01b0\u1ee3c ho\u1ea1t \u0111\u1ed9ng ch\u00ednh x\u00e1c tr\u00ean c\u00e1c m\u00f4i tr\u01b0\u1eddng Windows, Mac v\u00e0 Linux th\u00ec hi\u1ec7n nay \u0111\u1ec1u c\u00e0i \u0111\u1eb7t m\u1eb7c \u0111\u1ecbnh ch\u01b0\u01a1ng tr\u00ecnh <span class=\"penci-highlighted-black\">crul.<\/span> Ch\u01b0\u01a1ng tr\u00ecnh n\u00e0y d\u00f9ng \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c y\u00eau c\u1ea7u web kh\u00e1c nhau.<\/p>\n<p>N\u1ebfu b\u1ea1n mu\u1ed1n x\u00e1c minh xem m\u1ed9t k\u1ebft n\u1ed1i t\u00e0i nguy\u00ean nh\u1ea5t \u0111\u1ecbnh c\u00f3 ho\u1ea1t \u0111\u1ed9ng t\u1ed1t trong trinh duy\u1ec7t th\u00ec c\u00f3 th\u1ec3 ki\u1ec3m tra nhanh ch\u00f3ng b\u1eb1ng <span class=\"penci-highlighted-black\">curl<\/span> tr\u00ean m\u00e1y c\u1ee5c b\u1ed9 c\u1ee7a m\u00ecnh \u0111\u1ec3 ki\u1ec3m tra v\u00e0 ch\u1ea1y l\u1ec7nh nh\u01b0 sau:<\/p>\n<pre><span class=\"token function\">curl<\/span> -v -x http:\/\/your_squid_username:your_squid_password@your_server_ip:3128 http:\/\/www.google.com\/<\/pre>\n<p>Trong \u0111\u00f3, \u0111\u1ed1i s\u1ed1 <span class=\"penci-highlighted-black\">-x<\/span>chuy\u1ec3n m\u1ed9t y\u00eau c\u1ea7u Proxy t\u1edbi <span class=\"penci-highlighted-black\">curl <\/span>s\u1eed d\u1ee5ng giao th\u1ee9c <span class=\"penci-highlighted-black\">http<\/span> , ch\u1ec9 \u0111\u1ecbnh username v\u00e0 password khi \u0111\u0103ng nh\u1eadp m\u00e1y ch\u1ee7, sau \u0111\u00f3 k\u1ebft n\u1ed1i v\u1edbi m\u1ed9t trang<a href=\"https:\/\/dncloud.net\/blog\/website-la-gi\/\"> website<\/a> \u0111ang ho\u1ea1t nh\u01b0 Google.com. K\u1ebft qu\u1ea3 th\u00e0nh c\u00f4ng n\u1ebfu b\u1ea1n th\u1ea5y d\u00f2ng l\u1ec7nh sau:<\/p>\n<pre>Output \r\n* Trying 138.197.103.77... \r\n* TCP_NODELAY set \r\n* Connected to 138.197.103.77 (138.197.103.77) port 3128 (#0) \r\n* Proxy auth using Basic with user 'dncloud' \r\n&gt; GET http:\/\/www.google.com\/ HTTP\/1.1<\/pre>\n<p>Ngo\u00e0i ra, b\u1ea1n c\u0169ng c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o c\u00e1c trang web c\u00f3 s\u1eed d\u1ee5ng <span class=\"penci-highlighted-black\">https<\/span> tr\u00ean m\u00e3 ngu\u1ed3n m\u1edf <strong>Squid Proxy<\/strong> m\u00e0 kh\u00f4ng c\u1ea7n th\u1ef1c hi\u1ec7n th\u00eam b\u1ea5t c\u1ee9 thay \u0111\u1ed5i c\u1ea5u h\u00ecnh kh\u00e1c. V\u1edbi nh\u1eefng thay \u0111\u1ed5i n\u00e0y s\u1eed d\u1ee5ng m\u1ed9t ch\u1ec9 th\u1ecb ri\u00eang bi\u1ec7t \u0111\u1ec3 duy tr\u00ec <a href=\"https:\/\/dncloud.net\/blog\/ssl-la-gi\/\">SSL<\/a> gi\u1eefa m\u00e1y ch\u1ee7 v\u00e0 m\u00e1y kh\u00e1ch\u00a0 \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 <span class=\"penci-highlighted-black\">CONNECT<\/span>\u00a0nh\u01b0 sau:<\/p>\n<pre><span class=\"token function\">curl<\/span> -v -x http:\/\/your_squid_username:your_squid_password@your_server_ip:3128 https:\/\/www.google.com\/<\/pre>\n<pre>Output \r\n* Trying 138.197.103.77... \r\n* TCP_NODELAY set * Connected to 138.197.103.77 (138.197.103.77) port 3128 (#0) \r\n* allocate connect buffer! \r\n* Establish HTTP proxy tunnel to www.google.com:443 \r\n* Proxy auth using Basic with user 'dnclou' \r\n&gt; CONNECT www.google.com:443 HTTP\/1.1 \r\n&gt; Host: www.google.com:443 \r\n&gt; Proxy-Authorization: Basic c2FtbXk6c2FtbXk= \r\n&gt; User-Agent: curl\/7.55.1 &gt; Proxy-Connection: Keep-Alive \r\n&gt; \r\n&lt; HTTP\/1.1 200 Connection established \r\n&lt; \r\n* Proxy replied OK to CONNECT request \r\n* CONNECT phase completed!<\/pre>\n<p>Th\u00f4ng tin \u0111\u0103ng nh\u1eadp m\u00e0 b\u1ea1n s\u1eed d\u1ee5ng <span class=\"penci-highlighted-black\">curl<\/span>\u00a0s\u1ebd ho\u1ea1t \u0111\u1ed9ng \u1edf b\u1ea5t k\u1ef3 n\u01a1i n\u00e0o m\u00e0 b\u1ea1n mu\u1ed1n s\u1eed d\u1ee5ng m\u00e1y ch\u1ee7 Proxy c\u1ee7a m\u00ecnh.<\/p>\n<h2>L\u1eddi k\u1ebft<\/h2>\n<p>Th\u00f4ng qua b\u00e0i h\u01b0\u1edbng d\u1eabn n\u00e0y, hy v\u1ecdng b\u1ea1n bi\u1ebft c\u00e1ch tri\u1ec3n khai <strong>t\u1ea1o Squid Proxy tr\u00ean Ubuntu 20.04<\/strong> \u0111\u1ec3 u\u1ef7 quy\u1ec1n v\u00e0 qu\u1ea3n l\u00fd l\u01b0u l\u01b0\u01a1ng truy c\u1eadp m\u00e0 kh\u00f4ng t\u1ed1n chi ph\u00ed n\u00e0o ho\u1eb7c v\u1edbi chi ph\u00ed th\u1ea5p. N\u1ebfu b\u1ea1n c\u00f3 th\u1eafc m\u1eafc n\u00e0o h\u00e3y \u0111\u1ec3 l\u1ea1i b\u00ecnh lu\u1eadn \u1edf ph\u00eda d\u01b0\u1edbi <strong>DNCLOUD<\/strong> s\u1ebd gi\u1ea3i \u0111\u00e1p th\u1eafc m\u1eafc cho b\u1ea1n s\u1edbm nh\u1ea5t. Ch\u00fac b\u1ea1n th\u00e0nh c\u00f4ng!<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Squid Proxy l\u00e0 m\u1ed9t c\u00f4ng c\u1ee5 proxy caching m\u1ea1nh m\u1ebd, th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 t\u0103ng&hellip;<\/p>\n","protected":false},"author":1,"featured_media":4261,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"no","_lmt_disable":"","footnotes":""},"categories":[132,210],"tags":[398,385,399,396,397],"class_list":["post-4251","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kien-thuc","category-tai-lieu-huong-dan","tag-cai-dat-squid-proxy","tag-ma-nguon-mo","tag-may-chu","tag-proxy","tag-squid-proxy"],"_links":{"self":[{"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/posts\/4251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/comments?post=4251"}],"version-history":[{"count":0,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/posts\/4251\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/media\/4261"}],"wp:attachment":[{"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/media?parent=4251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/categories?post=4251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dncloud.net\/blog\/wp-json\/wp\/v2\/tags?post=4251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}