如何设置具有基本用户名和密码身份验证的鱿鱼代理?

发布于 2024-09-10 21:53:59 字数 1549 浏览 10 评论 0原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

庆幸我还是我 2024-09-17 21:53:59

这是我在 Ubuntu 14.04 上设置基本身份验证所需要做的事情(在其他地方找不到指南)

基本鱿鱼配置

/etc/squid3/squid.conf 而不是超级臃肿的默认配置文件

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

# Choose the port you want. Below we set it to default 3128.
http_port 3128

请注意basic_ncsa_auth程序而不是旧的ncsa_auth

squid 2.x

对于squid 2.x,您需要编辑/etc/squid/squid.conf 文件和位置:

auth_param basic program /usr/lib/squid/digest_pw_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

设置用户

sudo htpasswd -c /etc/squid3/passwords username_you_like

并为所选用户名输入两次密码,然后为所选用户名

sudo service squid3 restart

输入两次密码

sudo htpasswd -c /etc/squid/passwords username_you_like

,然后为所选用户名输入两次密码,然后为

sudo service squid restart

htdigest 与 htpasswd

对于许多问我的人:这两种工具生成不同的文件格式:

  • htdigest 以纯文本形式存储密码。
  • htpasswd 存储经过哈希处理的密码(可以使用各种哈希算法)

尽管格式存在差异,basic_ncsa_auth 仍然能够解析使用 htdigest 生成的密码文件。因此,您可以选择使用:

sudo htdigest -c /etc/squid3/passwords realm_you_like username_you_like

请注意,此方法是经验性的、未记录的,并且 Squid 的未来版本可能不支持。

在 Ubuntu 14.04 上,htdigesthtpasswd 均在 [apache2-utils][1] 软件包中提供。

MacOS

与上面类似,但文件路径不同。

安装squid

brew install squid

启动squid服务

brew services start squid

Squid配置文件存储在/usr/local/etc/squid.conf

注释或删除以下行:

http_access allow localnet

然后类似于 Linux 配置(但具有更新的路径)添加以下内容:

auth_param basic program /usr/local/Cellar/squid/4.8/libexec/basic_ncsa_auth /usr/local/etc/squid_passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

请注意,basic_ncsa_auth 的路径可能会有所不同,因为它取决于使用 brew,您可以使用 ls /usr/local/Cellar/squid/ 来验证这一点。另请注意,您应该在以下部分的下方添加上述内容:

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

现在为自己生成一个 user:password 基本身份验证凭据(注意:htpasswdhtdigest 在 MacOS 上也可用)

htpasswd -c /usr/local/etc/squid_passwords username_you_like

重新启动squid服务

brew services restart squid

Here's what I had to do to setup basic auth on Ubuntu 14.04 (didn't find a guide anywhere else)

Basic squid conf

/etc/squid3/squid.conf instead of the super bloated default config file

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

# Choose the port you want. Below we set it to default 3128.
http_port 3128

Please note the basic_ncsa_auth program instead of the old ncsa_auth

squid 2.x

For squid 2.x you need to edit /etc/squid/squid.conf file and place:

auth_param basic program /usr/lib/squid/digest_pw_auth /etc/squid/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

Setting up a user

sudo htpasswd -c /etc/squid3/passwords username_you_like

and enter a password twice for the chosen username then

sudo service squid3 restart

squid 2.x

sudo htpasswd -c /etc/squid/passwords username_you_like

and enter a password twice for the chosen username then

sudo service squid restart

htdigest vs htpasswd

For the many people that asked me: the 2 tools produce different file formats:

  • htdigest stores the password in plain text.
  • htpasswd stores the password hashed (various hashing algos are available)

Despite this difference in format basic_ncsa_auth will still be able to parse a password file generated with htdigest. Hence you can alternatively use:

sudo htdigest -c /etc/squid3/passwords realm_you_like username_you_like

Beware that this approach is empirical, undocumented and may not be supported by future versions of Squid.

On Ubuntu 14.04 htdigest and htpasswd are both available in the [apache2-utils][1] package.

MacOS

Similar as above applies, but file paths are different.

Install squid

brew install squid

Start squid service

brew services start squid

Squid config file is stored at /usr/local/etc/squid.conf.

Comment or remove following line:

http_access allow localnet

Then similar to linux config (but with updated paths) add this:

auth_param basic program /usr/local/Cellar/squid/4.8/libexec/basic_ncsa_auth /usr/local/etc/squid_passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

Note that path to basic_ncsa_auth may be different since it depends on installed version when using brew, you can verify this with ls /usr/local/Cellar/squid/. Also note that you should add the above just bellow the following section:

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

Now generate yourself a user:password basic auth credential (note: htpasswd and htdigest are also both available on MacOS)

htpasswd -c /usr/local/etc/squid_passwords username_you_like

Restart the squid service

brew services restart squid
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文