我有一台安装了 squid 的 ubuntu20 服务器,昨天之前连接都正常,但是从任何设备都连接不上,我查了 access.log 错误是 443,奇怪的是重启服务的时候,一切如常,突然就连接不上,还显示 443,日志如下:
1675701298.639 3531 51.159.210.175 TCP_MISS/503 538 GET https://zj.chunfafa.cc/ - HIER_DIRECT/47.75.18.48 text/xml
1675701298.347 15335 216.250.247.251 NONE/500 0 CONNECT 185.45.82.51:80 - HIER_DIRECT/185.45.82.51 -
1675701535.912 8853 158.101.167.143 TCP_TUNNEL/200 39 CONNECT 185.45.82.28:8443 - HIER_DIRECT/185.45.82.28 -
1675701535.421 0 51.159.210.97 NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -
1675701535.713 3069 176.97.210.103 TCP_TUNNEL/200 39 CONNECT xinebit.com:443 - HIER_DIRECT/45.93.201.94 -
1675701784.022 60015 193.123.32.118 NONE/503 0 CONNECT 185.45.82.130:80 - HIER_NONE/- -
1675701784.022 59943 158.101.167.143 NONE/503 0 CONNECT 37.130.194.154:80 - HIER_NONE/- -
1675701784.022 59953 193.123.32.118 NONE/503 0 CONNECT 37.130.193.12:80 - HIER_NONE/- -
1675701784.022 60015 84.246.80.166 NONE/503 0 CONNECT 83.169.194.30:465 - HIER_NONE/- -
1675701784.022 59237 146.70.52.247 NONE/503 0 CONNECT 37.130.194.154:80 - HIER_NONE/- -
1675701784.022 60014 84.17.49.109 NONE/503 0 CONNECT 37.130.193.5:443 - HIER_NONE/- -
1675701784.022 59222 193.123.32.118 NONE/503 0 CONNECT 37.130.192.12:80 - HIER_NONE/- -
1675701784.022 60014 193.123.32.118 NONE/503 0 CONNECT 185.45.83.56:443 - HIER_NONE/- -
1675701784.022 60014 146.70.52.247 NONE/503 0 CONNECT 185.45.82.26:8443 - HIER_NONE/- -
1675701784.030 6 75.119.141.2 TCP_TUNNEL/200 39 CONNECT amp-api.apps.apple.com:443 - HIER_DIRECT/23.212.232.122 -
squid配置文件
/etc/squid/squid.conf
Dropbox 链接:squid配置文件:
文件内容 (没有 #
注释行)
1189 | acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
1190 | acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
1191 | acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
1192 | acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
1193 | acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
1194 | acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
1195 | acl localnet src fc00::/7 # RFC 4193 local private network range
1196 | acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
1197 |
1198 | acl SSL_ports port 443
1199 | acl Safe_ports port 80 # http
1200 | acl Safe_ports port 21 # ftp
1201 | acl Safe_ports port 443 # https
1202 | acl Safe_ports port 70 # gopher
1203 | acl Safe_ports port 210 # wais
1204 | acl Safe_ports port 1025-65535 # unregistered ports
1205 | acl Safe_ports port 280 # http-mgmt
1206 | acl Safe_ports port 488 # gss-http
1207 | acl Safe_ports port 591 # filemaker
1208 | acl Safe_ports port 777 # multiling http
1209 | acl CONNECT method CONNECT
1385 | # Deny requests to certain unsafe ports
1386 | http_access allow !Safe_ports
1387 |
1388 | # Deny CONNECT to other than secure SSL ports
1389 | http_access allow CONNECT !SSL_ports
1390 |
1391 | # Only allow cachemgr access from localhost
1392 | http_access allow localhost manager
1393 | http_access deny manager
1401 | # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
1402 | #
1403 | include /etc/squid/conf.d/*
1404 |
1405 | # Example rule allowing access from your local networks.
1406 | # Adapt localnet in the ACL section to list your (internal) IP networks
1407 | # from where browsing should be allowed
1408 | #http_access allow localnet
1409 | http_access allow localhost
1410 |
1411 | # And finally deny all other access to this proxy
1412 | http_access allow all
1907 | # Squid normally listens to port 3128
1908 | http_port 3128
4584 | # Leave coredumps in the first cache dir
4585 | coredump_dir /var/spool/squid
5284 | # Add any of your own refresh_pattern entries above these.
5285 | #
5286 | refresh_pattern ^ftp: 1440 20% 10080
5287 | refresh_pattern ^gopher: 1440 0% 1440
5288 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
5289 | refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
5290 | refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
5291 | refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
5292 | refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
5293 | # example pattern for deb packages
5294 | #refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
5295 | refresh_pattern . 0 20% 4320