Spis treści
- 1. Aktualizacja systemu Debian.
- 2. Instalacja Squid 3.
- 3. Instalacja Tor’a i Privoxy.
- 4. Zatrzymanie programów po instalacji.
- 5. Edycja i zmiana konfiguracji programu Tor.
- 6. Tworzenie i zmiana uprawnień folderów lib Tor’a.
- 7. Pobranie skryptu uruchamiającego 8 instancji Tor do folderu /etc/init.d/ i zmiana uprawnień na plik wykonywalny.
- 8. Edycja i zmiana konfiguracji programu Privoxy.
- 9. Tworzenie i zmiana uprawnień folderów z logami Privoxy.
- 10. Pobranie skryptu uruchamiającego 8 instancji Privoxy do folderu /etc/init.d/ i zmiana uprawnień na plik wykonywalny.
- 11. Edycja konfiguracji Squid3 /etc/squid/squid3.conf
- 12. Edycja pliku hosts w folderze /etc/.
- 13. Restart Sieci.
Important!
Testowane:
- Debian 8.x.x.
Konfiguracja:
- Squid (3.5.2) z obsługą SSL,
- Privoxy (3.0.21),
- Tor (0.2.5.12).
Zilustrowany scenariusz połączeń Squid’a3 , Privoxy i Tor’a.
Scenariusz:
Użytkownik łączy się z serwerem squid.
Squid filtruje treść i łączy się do ośmiu instancjami programu Privoxy.
Każda istancja Privoxy łączy się do jednej istancji Tor’a.
Tor łączy się juz bezpośrednio do internetu.
1. Aktualizacja systemu Debian.
sudo apt-get update sudo apt-get upgrade apt-get dist-upgrade
2. Instalacja Squid 3.
http://pl.terminal28.com/instalacja-squid-proxy-serwer-clamav-squidclamav-c-icap-serwer-debian-6-0-x
3. Instalacja Tor’a i Privoxy.
sudo apt-get install tor privoxy
4. Zatrzymanie programów po instalacji.
sudo /etc/init.d/squid3 stop sudo /etc/init.d/privoxy stop sudo /etc/init.d/tor stop
5. Edycja i zmiana konfiguracji programu Tor.
Tworzenie 8 odrębnych plików konfiguracyjnych Tor’a.
torrc-1
sudo cat << EOT > /etc/tor/torrc-1 SocksBindAddress 127.0.0.1 SocksPort 10010 SocksPolicy accept * AllowUnverifiedNodes middle,rendezvous Log notice syslog RunAsDaemon 1 User debian-tor CircuitBuildTimeout 30 NumEntryGuards 6 KeepalivePeriod 60 NewCircuitPeriod 15 DataDirectory /var/lib/tor1 PidFile /var/run/tor/tor-1.pid EOT
torrc-2
sudo cat << EOT > /etc/tor/torrc-2 SocksBindAddress 127.0.0.1 SocksPort 10020 SocksPolicy accept * AllowUnverifiedNodes middle,rendezvous Log notice syslog RunAsDaemon 1 User debian-tor CircuitBuildTimeout 30 NumEntryGuards 6 KeepalivePeriod 60 NewCircuitPeriod 15 DataDirectory /var/lib/tor2 PidFile /var/run/tor/tor-2.pid EOT
torrc-3
sudo cat << EOT > /etc/tor/torrc-3 SocksBindAddress 127.0.0.1 SocksPort 10030 SocksPolicy accept * AllowUnverifiedNodes middle,rendezvous Log notice syslog RunAsDaemon 1 User debian-tor CircuitBuildTimeout 30 NumEntryGuards 6 KeepalivePeriod 60 NewCircuitPeriod 15 DataDirectory /var/lib/tor3 PidFile /var/run/tor/tor-3.pid EOT
torrc-4
sudo cat << EOT > /etc/tor/torrc-4 SocksBindAddress 127.0.0.1 SocksPort 10040 SocksPolicy accept * AllowUnverifiedNodes middle,rendezvous Log notice syslog RunAsDaemon 1 User debian-tor CircuitBuildTimeout 30 NumEntryGuards 6 KeepalivePeriod 60 NewCircuitPeriod 15 DataDirectory /var/lib/tor4 PidFile /var/run/tor/tor-4.pid EOT
torrc-5
sudo cat << EOT > /etc/tor/torrc-5 SocksBindAddress 127.0.0.1 SocksPort 10050 SocksPolicy accept * AllowUnverifiedNodes middle,rendezvous Log notice syslog RunAsDaemon 1 User debian-tor CircuitBuildTimeout 30 NumEntryGuards 6 KeepalivePeriod 60 NewCircuitPeriod 15 DataDirectory /var/lib/tor5 PidFile /var/run/tor/tor-5.pid EOT
torrc-6
sudo cat << EOT > /etc/tor/torrc-6 SocksBindAddress 127.0.0.1 SocksPort 10060 SocksPolicy accept * AllowUnverifiedNodes middle,rendezvous Log notice syslog RunAsDaemon 1 User debian-tor CircuitBuildTimeout 30 NumEntryGuards 6 KeepalivePeriod 60 NewCircuitPeriod 15 DataDirectory /var/lib/tor6 PidFile /var/run/tor/tor-6.pid EOT
torrc-7
sudo cat << EOT > /etc/tor/torrc-7 SocksBindAddress 127.0.0.1 SocksPort 10070 SocksPolicy accept * AllowUnverifiedNodes middle,rendezvous Log notice syslog RunAsDaemon 1 User debian-tor CircuitBuildTimeout 30 NumEntryGuards 6 KeepalivePeriod 60 NewCircuitPeriod 15 DataDirectory /var/lib/tor7 PidFile /var/run/tor/tor-7.pid EOT
torrc-8
sudo cat << EOT > /etc/tor/torrc-8 SocksBindAddress 127.0.0.1 SocksPort 10080 SocksPolicy accept * AllowUnverifiedNodes middle,rendezvous Log notice syslog RunAsDaemon 1 User debian-tor CircuitBuildTimeout 30 NumEntryGuards 6 KeepalivePeriod 60 NewCircuitPeriod 15 DataDirectory /var/lib/tor8 PidFile /var/run/tor/tor-8.pid EOT
6. Tworzenie i zmiana uprawnień folderów lib Tor’a.
Tworzenie 8 odrębnych folderów lib Tor’a.
sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor1 sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor2 sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor3 sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor4 sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor5 sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor6 sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor7 sudo install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor8
7. Pobranie skryptu uruchamiającego 8 instancji Tor do folderu /etc/init.d/ i zmiana uprawnień na plik wykonywalny.
sudo mv /etc/init.d/tor /etc/init.d/tor.orig sudo wget http://terminal28.com/wp-content/uploads/2015/12/tor -O /etc/init.d/tor
sudo chmod +x /etc/init.d/tor
Uruchomienie Tor’a.
sudo /etc/init.d/tor start
Zastosowanie: /etc/init.d/tor {start|stop|restart|reload|force-reload|status}
W czasie uruchamiania Tor’a powinno pojawić się 8 instancji programu:
sudo /etc/init.d/tor start
Raising maximum number of filedescriptors (ulimit -n) to 32768. Starting tor daemon: tor... tor 1 done. tor 2 done. tor 3 done. tor 4 done. tor 5 done. tor 6 done. tor 7 done. tor 8 done.
Weryfikacja:
netstat -tap | grep tor
tcp 0 0 localhost:10060 *:* LISTEN 4037/tor tcp 0 0 localhost:10030 *:* LISTEN 4028/tor tcp 0 0 localhost:10070 *:* LISTEN 4040/tor tcp 0 0 localhost:10040 *:* LISTEN 4031/tor tcp 0 0 localhost:10010 *:* LISTEN 4022/tor tcp 0 0 localhost:10020 *:* LISTEN 4025/tor tcp 0 0 localhost:10080 *:* LISTEN 4027/tor tcp 0 0 localhost:10050 *:* LISTEN 4035/tor
8. Edycja i zmiana konfiguracji programu Privoxy.
Tworzenie 8 odrebnych plików konfiguracyjnych Privoxy.
privoxy_1.conf
sudo cat << EOT > /etc/privoxy/privoxy_1.conf user-manual /usr/share/doc/privoxy/user-manual confdir /etc/privoxy actionsfile match-all.action actionsfile default.action actionsfile user.action filterfile default.filter logfile logfile toggle 1 enable-remote-toggle 0 enable-remote-http-toggle 0 enable-edit-actions 0 enforce-blocks 0 buffer-limit 4096 forwarded-connect-retries 0 accept-intercepted-requests 0 allow-cgi-request-crunching 0 split-large-forms 0 keep-alive-timeout 5 socket-timeout 300 handle-as-empty-doc-returns-ok 1 logdir /var/log/privoxy_1 listen-address localhost:11010 forward-socks5t / 127.0.0.1:10010 . forward 192.168.*.*/ . forward 127.*.*.*/ . forward localhost/ . EOT
privoxy_2.conf
sudo cat << EOT > /etc/privoxy/privoxy_2.conf user-manual /usr/share/doc/privoxy/user-manual confdir /etc/privoxy actionsfile match-all.action actionsfile default.action actionsfile user.action filterfile default.filter logfile logfile toggle 1 enable-remote-toggle 0 enable-remote-http-toggle 0 enable-edit-actions 0 enforce-blocks 0 buffer-limit 4096 forwarded-connect-retries 0 accept-intercepted-requests 0 allow-cgi-request-crunching 0 split-large-forms 0 keep-alive-timeout 5 socket-timeout 300 handle-as-empty-doc-returns-ok 1 logdir /var/log/privoxy_2 listen-address localhost:11020 forward-socks5t / 127.0.0.1:10020 . forward 192.168.*.*/ . forward 127.*.*.*/ . forward localhost/ . EOT
privoxy_3.conf
sudo cat << EOT > /etc/privoxy/privoxy_3.conf user-manual /usr/share/doc/privoxy/user-manual confdir /etc/privoxy actionsfile match-all.action actionsfile default.action actionsfile user.action filterfile default.filter logfile logfile toggle 1 enable-remote-toggle 0 enable-remote-http-toggle 0 enable-edit-actions 0 enforce-blocks 0 buffer-limit 4096 forwarded-connect-retries 0 accept-intercepted-requests 0 allow-cgi-request-crunching 0 split-large-forms 0 keep-alive-timeout 5 socket-timeout 300 handle-as-empty-doc-returns-ok 1 logdir /var/log/privoxy_3 listen-address localhost:11030 forward-socks5t / 127.0.0.1:10030 . forward 192.168.*.*/ . forward 127.*.*.*/ . forward localhost/ . EOT
privoxy_4.conf
sudo cat << EOT > /etc/privoxy/privoxy_4.conf user-manual /usr/share/doc/privoxy/user-manual confdir /etc/privoxy actionsfile match-all.action actionsfile default.action actionsfile user.action filterfile default.filter logfile logfile toggle 1 enable-remote-toggle 0 enable-remote-http-toggle 0 enable-edit-actions 0 enforce-blocks 0 buffer-limit 4096 forwarded-connect-retries 0 accept-intercepted-requests 0 allow-cgi-request-crunching 0 split-large-forms 0 keep-alive-timeout 5 socket-timeout 300 handle-as-empty-doc-returns-ok 1 logdir /var/log/privoxy_4 listen-address localhost:11040 forward-socks5t / 127.0.0.1:10040 . forward 192.168.*.*/ . forward 127.*.*.*/ . forward localhost/ . EOT
privoxy_5.conf
sudo cat << EOT > /etc/privoxy/privoxy_5.conf user-manual /usr/share/doc/privoxy/user-manual confdir /etc/privoxy actionsfile match-all.action actionsfile default.action actionsfile user.action filterfile default.filter logfile logfile toggle 1 enable-remote-toggle 0 enable-remote-http-toggle 0 enable-edit-actions 0 enforce-blocks 0 buffer-limit 4096 forwarded-connect-retries 0 accept-intercepted-requests 0 allow-cgi-request-crunching 0 split-large-forms 0 keep-alive-timeout 5 socket-timeout 300 handle-as-empty-doc-returns-ok 1 logdir /var/log/privoxy_5 listen-address localhost:11050 forward-socks5t / 127.0.0.1:10050 . forward 192.168.*.*/ . forward 127.*.*.*/ . forward localhost/ . EOT
privoxy_6.conf
sudo cat << EOT > /etc/privoxy/privoxy_6.conf user-manual /usr/share/doc/privoxy/user-manual confdir /etc/privoxy actionsfile match-all.action actionsfile default.action actionsfile user.action filterfile default.filter logfile logfile toggle 1 enable-remote-toggle 0 enable-remote-http-toggle 0 enable-edit-actions 0 enforce-blocks 0 buffer-limit 4096 forwarded-connect-retries 0 accept-intercepted-requests 0 allow-cgi-request-crunching 0 split-large-forms 0 keep-alive-timeout 5 socket-timeout 300 handle-as-empty-doc-returns-ok 1 logdir /var/log/privoxy_6 listen-address localhost:11060 forward-socks5t / 127.0.0.1:10060 . forward 192.168.*.*/ . forward 127.*.*.*/ . forward localhost/ . EOT
privoxy_7.conf
sudo cat << EOT > /etc/privoxy/privoxy_7.conf user-manual /usr/share/doc/privoxy/user-manual confdir /etc/privoxy actionsfile match-all.action actionsfile default.action actionsfile user.action filterfile default.filter logfile logfile toggle 1 enable-remote-toggle 0 enable-remote-http-toggle 0 enable-edit-actions 0 enforce-blocks 0 buffer-limit 4096 forwarded-connect-retries 0 accept-intercepted-requests 0 allow-cgi-request-crunching 0 split-large-forms 0 keep-alive-timeout 5 socket-timeout 300 handle-as-empty-doc-returns-ok 1 logdir /var/log/privoxy_7 listen-address localhost:11070 forward-socks5t / 127.0.0.1:10070 . forward 192.168.*.*/ . forward 127.*.*.*/ . forward localhost/ . EOT
privoxy_8.conf
sudo cat << EOT > /etc/privoxy/privoxy_8.conf user-manual /usr/share/doc/privoxy/user-manual confdir /etc/privoxy actionsfile match-all.action actionsfile default.action actionsfile user.action filterfile default.filter logfile logfile toggle 1 enable-remote-toggle 0 enable-remote-http-toggle 0 enable-edit-actions 0 enforce-blocks 0 buffer-limit 4096 forwarded-connect-retries 0 accept-intercepted-requests 0 allow-cgi-request-crunching 0 split-large-forms 0 keep-alive-timeout 5 socket-timeout 300 handle-as-empty-doc-returns-ok 1 logdir /var/log/privoxy_8 listen-address localhost:11080 forward-socks5t / 127.0.0.1:10080 . forward 192.168.*.*/ . forward 127.*.*.*/ . forward localhost/ . EOT
9. Tworzenie i zmiana uprawnień folderów z logami Privoxy.
sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_1 sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_2 sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_3 sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_4 sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_5 sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_6 sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_7 sudo install -o privoxy -g nogroup -m 750 -d /var/log/privoxy_8
10. Pobranie skryptu uruchamiającego 8 instancji Privoxy do folderu /etc/init.d/ i zmiana uprawnień na plik wykonywalny.
sudo mv /etc/init.d/privoxy /etc/init.d/privoxy.orig sudo wget http://terminal28.com/wp-content/uploads/2015/12/privoxy -O /etc/init.d/privoxy
sudo chmod +x /etc/init.d/privoxy sudo update-rc.d privoxy defaults
Uruchomienie Privoxy.
sudo /etc/init.d/privoxy start
Usage: /etc/init.d/privoxy {start|stop|restart|force-reload|status}
Weryfikacja:
netstat -tap | grep privoxy
tcp 0 0 localhost:11010 *:* LISTEN 1968/privoxy tcp 0 0 localhost:11050 *:* LISTEN 2072/privoxy tcp 0 0 localhost:11040 *:* LISTEN 1431/privoxy tcp 0 0 localhost:11080 *:* LISTEN 1543/privoxy tcp 0 0 localhost:11070 *:* LISTEN 1484/privoxy tcp 0 0 localhost:11060 *:* LISTEN 1558/privoxy tcp 0 0 localhost:11020 *:* LISTEN 1512/privoxy tcp 0 0 localhost:10030 *:* LISTEN 1590/privoxy
11. Edycja konfiguracji Squid3 /etc/squid/squid3.conf
Do pliku /etc/squid/squid3.conf konfiguracyjnego dodajemy:
sudo nano /etc/squid3/squid.conf
cache_peer localhost parent 11010 0 default no-query no-delay no-digest no-netdb-exchange round-robin cache_peer localhost_2 parent 11020 0 default no-query no-delay no-digest no-netdb-exchange round-robin cache_peer localhost_3 parent 11030 0 default no-query no-delay no-digest no-netdb-exchange round-robin cache_peer localhost_4 parent 11040 0 default no-query no-delay no-digest no-netdb-exchange round-robin cache_peer localhost_5 parent 11050 0 default no-query no-delay no-digest no-netdb-exchange round-robin cache_peer localhost_6 parent 11060 0 default no-query no-delay no-digest no-netdb-exchange round-robin cache_peer localhost_7 parent 11070 0 default no-query no-delay no-digest no-netdb-exchange round-robin cache_peer localhost_8 parent 11080 0 default no-query no-delay no-digest no-netdb-exchange round-robin always_direct deny all
Uruchomianie Squid3
Czyszczenie i przebudowa cache squida3.
sudo /etc/init.d/squid3 stop sudo squid3 -f /etc/squid3/squid.conf -z sudo /etc/init.d/squid3 start
12. Edycja pliku hosts w folderze /etc/.
sudo nano /etc/hosts
127.0.0.1 localhost # Powinien być już dodany automatycznie 127.0.0.1 localhost_2 127.0.0.1 localhost_3 127.0.0.1 localhost_4 127.0.0.1 localhost_5 127.0.0.1 localhost_6 127.0.0.1 localhost_7 127.0.0.1 localhost_8
13. Restart Sieci.
sudo service networking restart
Notice
Jeśli ten artykuł pomógł Ci, masz co do niego jakieś wątpliwości lub pytania „Zostaw komentarz”, a na pewno na niego odpowiem.
Wspomóż rozwój tego serwisu darowizną:
Wszelkie pozyskane fundusze idą na opłacenie miesięcznego abonamentu za sprzęt na, którym stoi serwer.