平时大家在部署环境或项目时,肯定有碰到类似的网络环境:私有网络中,有一台机器(一般是跳板机或代理机)可访问外网,其它机器无外网访问权限。这时除这台以外的其他机器,yum 无法正常安装软件。解决方案是:在有外网权限的机器上配置 squid 代理到公网,然后为内网其他机器配置 yum 代理。当然除了yum,squid也可以为主机或docker提供网络代理。

安装squid

1
2
yum -y install epel-release
yum -y install squid

配置

1
2
3
4
vi /etc/squid/squid.conf
修改http_access配置,注释deny,增加allow
#http_access deny all
http_access allow all

启动服务

1
2
systemctl start squid
systemctl enable squid

服务默认监听3128端口

使用squid作为代理

yum

修改/etc/yum.conf配置,增加proxy=http://192.168.98.8:3128

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@node192 ~]# cat /etc/yum.conf 
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release


#  This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
#  It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
proxy=http://192.168.98.8:3128

服务器

修改以下文件
1、 / etc/profile
2、/.bashrc
3、/.zshrc 

1
2
3
4
5
export proxy="http://192.168.98.8:3128" 
export http_proxy=$proxy 
export https_proxy=$proxy 
export ftp_proxy=$proxy 
export no_proxy="localhost, 127.0.0.1, ::1"