国内vps Squid+ipv6成功看有图比（Squid配置有更新）

hcw1588

本帖最后由 hcw1588 于 2013-6-26 18:52 编辑

之前为毛被删帖

这个方法只在国内服务器上有用，国外的试过，全部死啦死啦的。
squid or kangle+HE提供的隧道（香港节点）+HE提供的dns=除推特外，FB和有图比都可上。速度soso的。。。。

squid配置必须加上 dns_nameservers 2001:470:20::2 8.8.8.8 8.8.4.4

推特搞不清，难道没提供ipv6服务？

测试看看p*r*o*x*y.cachecdn.org（去掉*）   端口是3128（基于kangle）
5M，，别挤太多人。



环境centos6 64bit
我的squid配置（供参考，可能有人 ::1 、fc00:: 、fe80::这几个不同）：

PS：ok如果报错试试将两个::1删除，带有fc00:: 、fe80::的这两行删除

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8        # RFC1918 possible internal network
acl localnet src 172.16.0.0/12        # RFC1918 possible internal network
acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

#acl SSL_ports port 443
#acl Safe_ports port 80                # http
#acl Safe_ports port 21                # ftp
#acl Safe_ports port 443                # https
#acl Safe_ports port 70                # gopher
#acl Safe_ports port 210                # wais
#acl Safe_ports port 1025-65535        # unregistered ports
#acl Safe_ports port 280                # http-mgmt
#acl Safe_ports port 488                # gss-http
#acl Safe_ports port 591                # filemaker
#acl Safe_ports port 777                # multiling http
#acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
#http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access allow all

# Squid normally listens to port 3128
http_port 8080

# We recommend you to use at least the following line.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

# Uncomment and adjust the following to add a disk cache directory.
cache_mem 200 MB
maximum_object_size 50 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 50 MB
cache_swap_low 70
cache_swap_high 85
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
cache_dir aufs /var/spool/squid 10000 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
refresh_pattern -i \.flv$ 4320 100% 43200 reload-into-ims ignore-reload
refresh_pattern -i \.ipa$ 4320 100% 43200 reload-into-ims ignore-reload
refresh_pattern -i \.apk$ 4320 100% 43200 reload-into-ims ignore-reload
refresh_pattern -i windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims ignore-reload
refresh_pattern -i download.microsoft.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims ignore-reload
refresh_pattern -i au.download.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims ignore-reload
refresh_pattern -i itunes.apple.com/.*\.(ipa|bmp|jpg|gif) 4320 100% 43200 reload-into-ims ignore-reload
refresh_pattern -i apple.com/.*\.(ipa|bmp|jpg|gif) 4320 100% 43200 reload-into-ims ignore-reload
range_offset_limit 50 MB
range_offset_limit -1 KB
quick_abort_min -1 KB

forwarded_for off
client_persistent_connections on
server_persistent_connections on
client_db off

dns_nameservers 2001:470:20::2 8.8.8.8 8.8.4.4
cache_mgr root
visible_hostname Aliyun
#hosts_file /etc/hosts

我是人

这帖等下应该也会被防水墙删掉。

防水墙是文盲。

雨宫音羽

我是人 发表于 2013-6-26 03:30



这帖等下应该也会被防水墙删掉。

防水墙是文盲。
成功存活半小时以上

雨宫音羽

另外国外不死才怪 某FW早就能检测HTTP代理了

hcw1588

雨宫音羽 发表于 2013-6-26 04:08



另外国外不死才怪 某FW早就能检测HTTP代理了
服务器在国内就不会。。

hcw1588

雨宫音羽 发表于 2013-6-26 04:06



成功存活半小时以上
上一个帖子活了大概两三个小时//、

过客

您的IP:[115.47.41.226] 来自:北京市 电信通

onlybird

hcw1588 发表于 2013-6-26 04:09



服务器在国内就不会。。
坐等去喝茶了好么

hcw1588

onlybird 发表于 2013-6-26 08:04



坐等去喝茶了好么
不会啊，没留任何真实信息，再说这么做的人多了那里管得过来

hcw1588zmr90

过客 发表于 2013-6-26 08:00



您的IP:[115.47.41.226] 来自:北京市 电信通
用的息壤20弄得，废物利用。。。技术帝