在 Ubuntu 18 上安装配置代理软件

前言

使用本软件的初衷是想要解决Linux终端下HTTPS代理的问题,以保证OpenStack-Helm项目在部署期间,所需要的Docker镜像可以顺利拉取下来。目前,常用的各大代理软件少有支持HTTPS,但基本都支持SOCKS5协议,所以在应用的广泛程度上不是那么理想。例如:各移动终端、PS5之类的游戏设备都没有支持SOCKS5协议,相比而言HTTPS的代理模式被广泛支持。本文介绍的Privoxy软件就是作为代理链条上的中间层,配合Linux终端环境变量,用来将终端命令工具行产生的HTTPS、HTTP、FTP流量转为SOCKS5流量,最终再交给代理软件处理转发。

安装环境

局域网中代理服务器端的IP地址:192.168.0.60(不在本文讨论范围内)

客户端操作系统:Ubuntu 18.04

客户端IP地址:192.168.2.233

系统APT源列表:

noone@noone-virtual-machine:~$ cat /etc/apt/sources.list
deb http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse

软件安装

noone@noone-virtual-machine:~$ sudo apt-get install privoxy

代理配置

编辑代理软件的配置文件

noone@noone-virtual-machine:~$ sudo vim /etc/privoxy/config
......
#      注释:在此处配置软件监听使用的端口号,默认使用本机的8118端口,用来接收本机转发过来的流量
#      Suppose you are running Privoxy on an IPv6-capable machine and
#      you want it to listen on the IPv6 address of the loopback
#      device:
#
#        listen-address [::1]:8118
#
listen-address  127.0.0.1:8118
listen-address  [::1]:8118
#
......
#      注释:此处的配置,是将本地转发到8118端口的流量,转发到192.168.0.60:10808,此接口是局域网中代理软件提供的
#      To chain Privoxy and Tor, both running on the same system, you
#      would use something like:
#
#        forward-socks5t   /               127.0.0.1:9050 .
#
forward-socks5 / 192.168.0.60:10808 .
#
#      注释:此处按格式填写不想让软件进行转发代理的网段,一般情况多为本地局域网的网段
#      Note that if you got Tor through one of the bundles, you may
#      have to change the port from 9050 to 9150 (or even another
#      one). For details, please check the documentation on the Tor
#      website.
#
#      The public Tor network can't be used to reach your local
#      network, if you need to access local servers you therefore
#      might want to make some exceptions:
#
#        forward         192.168.*.*/     .
#        forward            10.*.*.*/     .
#        forward           127.*.*.*/     .
#
forward         192.168.*.*/     .
forward            10.*.*.*/     .
forward           127.*.*.*/     .
forward           172.24.*.*/    .
#
......
#  注释:若网络不稳定,建议开启软件的转发重试功能
#  Examples:
#
#      forwarded-connect-retries 1
#
forwarded-connect-retries  1
#
......

重启软件并设置为自启动

noone@noone-virtual-machine:~$ sudo systemctl restart privoxy
noone@noone-virtual-machine:~$ sudo systemctl enable privoxy
noone@noone-virtual-machine:~$ sudo systemctl status privoxy
● privoxy.service - Privacy enhancing HTTP Proxy
   Loaded: loaded (/lib/systemd/system/privoxy.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2021-03-24 06:29:00 CST; 3h 49min ago
     Docs: man:privoxy(8)
           https://www.privoxy.org/user-manual/
 Main PID: 26737 (privoxy)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/privoxy.service
           └─26737 /usr/sbin/privoxy --pidfile /var/run/privoxy.pid --user privoxy /etc/privoxy/config

3月 24 06:28:59 noone-virtual-machine systemd[1]: Starting Privacy enhancing HTTP Proxy...
3月 24 06:29:00 noone-virtual-machine systemd[1]: Started Privacy enhancing HTTP Proxy.

编辑系统的环境变量

noone@noone-virtual-machine:~$ vim ~/.bashrc
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
  if [ -f /usr/share/bash-completion/bash_completion ]; then
    . /usr/share/bash-completion/bash_completion
  elif [ -f /etc/bash_completion ]; then
    . /etc/bash_completion
  fi
fi
# 注释:在.bashrc文件末尾追加如下配置,使得命令行工具产生的流量转发给Privoxy软件进行处理
export ftp_proxy="127.0.0.1:8118"
export http_proxy="127.0.0.1:8118"
export https_proxy="127.0.0.1:8118"
export no_proxy="localhost,127.0.0.1,10.0.0.0/8,172.16.0.0/12,172.24.0.0/12,192.168.0.0/16,172.17.0.1,.svc.cluster.local"

效果测试

noone@noone-virtual-machine:/tmp$ wget www.google.com
--2021-03-24 10:21:45--  http://www.google.com/
Connecting to 127.0.0.1:8118... connected.
Proxy request sent, awaiting response... 200 OK
Length: 12823 (13K) [text/html]
Saving to: ‘index.html’

index.html                                                          100%[=====>]  12.52K  --.-KB/s    in 0s      

2021-03-24 10:21:47 (187 MB/s) - ‘index.html’ saved [12823/12823]

noone@noone-virtual-machine:/tmp$ wget www.youtube.com
URL transformed to HTTPS due to an HSTS policy
--2021-03-24 10:23:09--  https://www.youtube.com/
Connecting to 127.0.0.1:8118... connected.
Proxy request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.1’

index.html.1                                                        100%[=====>] 564.69K  90.4KB/s    in 14s     

2021-03-24 10:23:25 (41.1 KB/s) - ‘index.html.1’ saved [578247]

noone@noone-virtual-machine:/tmp$

在局域网中,用于提供最终代理服务的服务器是:192.168.0.60,在监听192.168.0.60:10808端口来接受SOCKS5协议的流量。

局域网代理软件v2rayN的转发日志

观察日志,可以确认使用了Privoxy的Ubuntu已经成功将Linux终端命令行产生的流量转发给代理服务器处理了。

OpenStack-Helm
#Linux #Ubuntu #代理软件
在 Ubuntu 18 上安装配置代理软件
https://srezone.open-space.cc/article/3466813046.html
作者
Richard Li
发布于
2021年3月24日
许可协议