[{"data":1,"prerenderedAt":1067},["ShallowReactive",2],{"blog-zh-cn-guide-to-setting-up-a-proxy-server-on-linux":3,"blog-langs-guide-to-setting-up-a-proxy-server-on-linux":1062},{"id":4,"title":5,"author":6,"authorRole":7,"body":8,"category":1045,"cover":37,"date":1046,"description":1047,"draft":1048,"extension":1049,"featured":1048,"hreflang":1050,"lang":1051,"meta":1052,"navigation":221,"path":1054,"readMinutes":1055,"seo":1056,"slug":1057,"stem":1058,"tags":1059,"__hash__":1061},"blog\u002Fblog\u002Fzh-cn\u002Fguide-to-setting-up-a-proxy-server-on-linux.md","从 Squid 到 SOCKS5：Linux 代理环境优化指南","易代理数据方案团队","公开网络数据采集研究",{"type":9,"value":10,"toc":999},"minimark",[11,19,24,27,30,41,50,54,59,78,82,96,99,102,106,109,113,116,137,141,144,158,161,165,169,264,268,308,312,315,330,337,368,371,399,403,481,487,491,513,524,527,541,545,548,551,576,587,590,593,632,635,638,641,647,654,657,660,677,681,684,703,706,709,720,723,726,729,754,757,822,825,845,848,851,854,879,882,885,888,902,916,920,923,929,932,936,940,947,951,974,978,981,985,988,992,995],[12,13,14,18],"p",{},[15,16,17],"strong",{},"TL;DR:"," 在 Linux 上搭建代理服务器，建议先选协议与软件：HTTP(S) 场景优先 Squid，通用 TCP 流量可用 SOCKS5；上线前必须配置 ACL\u002F认证、防火墙、日志、监控和更新机制。若需要住宅出口、本地化测试或合规公开网页数据采集，可把自建 Linux 代理作为管理层，再接入 EProxies 的 HTTP(S)\u002FSOCKS5 住宅代理网络：72M+ 住宅 IP、覆盖 195+ 国家、98.2% uptime，价格从 $0.25\u002FGB 起。",[20,21,23],"h2",{"id":22},"linux-代理服务器适合解决什么问题","Linux 代理服务器适合解决什么问题？",[12,25,26],{},"Linux 代理服务器本质上是一个可控的网络中间层：客户端先把请求发给代理，再由代理访问目标服务。常见用途包括统一出口、缓存静态资源、限制访问范围、记录审计日志、调试 API、做本地化页面测试，以及在合规前提下采集公开网页数据。",[12,28,29],{},"典型正向代理链路如下：",[31,32,38],"pre",{"className":33,"code":35,"language":36,"meta":37},[34],"language-text","Client \u002F Browser \u002F Script\n        ↓\nLinux Proxy Server（如 Squid:3128）\n        ↓\nInternet \u002F Upstream Proxy \u002F Target Site\n","text","",[39,40,35],"code",{"__ignoreMap":37},[12,42,43,44,49],{},"如果你的目标只是内网出口管理，自建 Squid 通常足够；如果需要不同国家、城市或 ASN 的住宅网络环境，可以把 Linux 代理接入 EProxies 上游。更多类型对比可参考：",[45,46,48],"a",{"href":47},"\u002Fzh-cn\u002Fblog\u002Fcomprehensive-overview-of-proxy-server-types","代理服务器类型概览","。",[20,51,53],{"id":52},"选择代理类型httpssocks5正向代理与反向代理","选择代理类型：HTTP(S)、SOCKS5、正向代理与反向代理",[55,56,58],"h3",{"id":57},"正向代理-vs-反向代理","正向代理 vs 反向代理",[60,61,62,72],"ul",{},[63,64,65,68,69,49],"li",{},[15,66,67],{},"正向代理","：站在客户端一侧，常用于员工出口、脚本请求、缓存和访问控制。Squid 是 Linux 上常见选择，默认端口通常是 ",[39,70,71],{},"3128",[63,73,74,77],{},[15,75,76],{},"反向代理","：站在服务器一侧，常用于把外部请求转发到后端服务，适合负载均衡、TLS 终止和隐藏后端拓扑，常见软件包括 Nginx、HAProxy、Apache。",[55,79,81],{"id":80},"https-vs-socks5","HTTP(S) vs SOCKS5",[60,83,84,90],{},[63,85,86,89],{},[15,87,88],{},"HTTP(S) 代理","：适合网页请求、API、缓存和基于 URL\u002F域名的 ACL 策略。",[63,91,92,95],{},[15,93,94],{},"SOCKS5 代理","：协议更通用，适合更多 TCP 应用，但通常不负责 HTTP 级缓存。",[12,97,98],{},"EProxies 同时支持 HTTP(S)\u002FSOCKS5，适合需要住宅 IP、本地化验证、广告检查、价格监测等场景。使用前仍应确认目标网站条款、robots 规则和适用法律，不要把代理用于未授权访问或高压请求。",[20,100,101],{"id":101},"上线前准备清单",[55,103,105],{"id":104},"_1-明确用途和边界","1. 明确用途和边界",[12,107,108],{},"先确认代理服务器的角色：内网出口、缓存、开发调试、上游代理网关，还是合规公开数据采集。不同用途决定端口开放范围、日志保留周期、认证方式和是否需要住宅代理出口。",[55,110,112],{"id":111},"_2-准备系统与网络","2. 准备系统与网络",[12,114,115],{},"建议使用 Ubuntu LTS、Debian、CentOS Stream 或 RHEL 系发行版，并先完成系统更新。上线前检查：",[60,117,118,121,128,131,134],{},[63,119,120],{},"防火墙或云安全组是否只放行可信来源；",[63,122,123,124,127],{},"是否需要绑定内网 IP，而不是 ",[39,125,126],{},"0.0.0.0","；",[63,129,130],{},"SELinux\u002FAppArmor 是否影响服务启动；",[63,132,133],{},"日志目录和缓存目录是否有足够空间；",[63,135,136],{},"是否规划了监控、告警和日志轮转。",[55,138,140],{"id":139},"_3-规划认证方式","3. 规划认证方式",[12,142,143],{},"不要部署开放代理。至少选择一种访问控制方式：",[60,145,146,149,152,155],{},[63,147,148],{},"只允许固定内网网段；",[63,150,151],{},"用户名密码认证；",[63,153,154],{},"IP 白名单；",[63,156,157],{},"上游代理凭据使用环境变量或密钥管理工具保存。",[12,159,160],{},"如果接入 EProxies，可使用用户名密码或 IP 白名单鉴权，并按任务选择轮换会话或粘性会话。",[20,162,164],{"id":163},"在-ubuntu-和-centos-上安装-squid","在 Ubuntu 和 CentOS 上安装 Squid",[55,166,168],{"id":167},"_1-安装-squid","1. 安装 Squid",[31,170,174],{"className":171,"code":172,"language":173,"meta":37,"style":37},"language-bash shiki shiki-themes github-light","# Ubuntu \u002F Debian\nsudo apt update\nsudo apt install squid -y\n\n# CentOS \u002F RHEL\nsudo yum install squid -y   # CentOS 7\nsudo dnf install squid -y   # CentOS 8+\u002FRHEL 8+\n","bash",[39,175,176,185,199,216,223,229,247],{"__ignoreMap":37},[177,178,181],"span",{"class":179,"line":180},"line",1,[177,182,184],{"class":183},"sAwPA","# Ubuntu \u002F Debian\n",[177,186,188,192,196],{"class":179,"line":187},2,[177,189,191],{"class":190},"s7eDp","sudo",[177,193,195],{"class":194},"sYBdl"," apt",[177,197,198],{"class":194}," update\n",[177,200,202,204,206,209,212],{"class":179,"line":201},3,[177,203,191],{"class":190},[177,205,195],{"class":194},[177,207,208],{"class":194}," install",[177,210,211],{"class":194}," squid",[177,213,215],{"class":214},"sYu0t"," -y\n",[177,217,219],{"class":179,"line":218},4,[177,220,222],{"emptyLinePlaceholder":221},true,"\n",[177,224,226],{"class":179,"line":225},5,[177,227,228],{"class":183},"# CentOS \u002F RHEL\n",[177,230,232,234,237,239,241,244],{"class":179,"line":231},6,[177,233,191],{"class":190},[177,235,236],{"class":194}," yum",[177,238,208],{"class":194},[177,240,211],{"class":194},[177,242,243],{"class":214}," -y",[177,245,246],{"class":183},"   # CentOS 7\n",[177,248,250,252,255,257,259,261],{"class":179,"line":249},7,[177,251,191],{"class":190},[177,253,254],{"class":194}," dnf",[177,256,208],{"class":194},[177,258,211],{"class":194},[177,260,243],{"class":214},[177,262,263],{"class":183},"   # CentOS 8+\u002FRHEL 8+\n",[55,265,267],{"id":266},"_2-启动并设置开机自启","2. 启动并设置开机自启",[31,269,271],{"className":171,"code":270,"language":173,"meta":37,"style":37},"sudo systemctl enable squid\nsudo systemctl start squid\nsudo systemctl status squid\n",[39,272,273,286,297],{"__ignoreMap":37},[177,274,275,277,280,283],{"class":179,"line":180},[177,276,191],{"class":190},[177,278,279],{"class":194}," systemctl",[177,281,282],{"class":194}," enable",[177,284,285],{"class":194}," squid\n",[177,287,288,290,292,295],{"class":179,"line":187},[177,289,191],{"class":190},[177,291,279],{"class":194},[177,293,294],{"class":194}," start",[177,296,285],{"class":194},[177,298,299,301,303,306],{"class":179,"line":201},[177,300,191],{"class":190},[177,302,279],{"class":194},[177,304,305],{"class":194}," status",[177,307,285],{"class":194},[55,309,311],{"id":310},"_3-配置最小可用-acl","3. 配置最小可用 ACL",[12,313,314],{},"编辑配置文件：",[31,316,318],{"className":171,"code":317,"language":173,"meta":37,"style":37},"sudo nano \u002Fetc\u002Fsquid\u002Fsquid.conf\n",[39,319,320],{"__ignoreMap":37},[177,321,322,324,327],{"class":179,"line":180},[177,323,191],{"class":190},[177,325,326],{"class":194}," nano",[177,328,329],{"class":194}," \u002Fetc\u002Fsquid\u002Fsquid.conf\n",[12,331,332,333,336],{},"示例：只允许内网 ",[39,334,335],{},"192.168.1.0\u002F24"," 使用代理。",[31,338,342],{"className":339,"code":340,"language":341,"meta":37,"style":37},"language-conf shiki shiki-themes github-light","http_port 3128\n\nacl localnet src 192.168.1.0\u002F24\nhttp_access allow localnet\nhttp_access deny all\n","conf",[39,343,344,349,353,358,363],{"__ignoreMap":37},[177,345,346],{"class":179,"line":180},[177,347,348],{},"http_port 3128\n",[177,350,351],{"class":179,"line":187},[177,352,222],{"emptyLinePlaceholder":221},[177,354,355],{"class":179,"line":201},[177,356,357],{},"acl localnet src 192.168.1.0\u002F24\n",[177,359,360],{"class":179,"line":218},[177,361,362],{},"http_access allow localnet\n",[177,364,365],{"class":179,"line":225},[177,366,367],{},"http_access deny all\n",[12,369,370],{},"检查语法并重载：",[31,372,374],{"className":171,"code":373,"language":173,"meta":37,"style":37},"sudo squid -k parse\nsudo systemctl reload squid\n",[39,375,376,388],{"__ignoreMap":37},[177,377,378,380,382,385],{"class":179,"line":180},[177,379,191],{"class":190},[177,381,211],{"class":194},[177,383,384],{"class":214}," -k",[177,386,387],{"class":194}," parse\n",[177,389,390,392,394,397],{"class":179,"line":187},[177,391,191],{"class":190},[177,393,279],{"class":194},[177,395,396],{"class":194}," reload",[177,398,285],{"class":194},[55,400,402],{"id":401},"_4-放行端口","4. 放行端口",[31,404,406],{"className":171,"code":405,"language":173,"meta":37,"style":37},"# Ubuntu UFW\nsudo ufw allow from 192.168.1.0\u002F24 to any port 3128 proto tcp\n\n# CentOS \u002F RHEL firewalld\nsudo firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0\u002F24\" port port=\"3128\" protocol=\"tcp\" accept'\nsudo firewall-cmd --reload\n",[39,407,408,413,447,451,456,472],{"__ignoreMap":37},[177,409,410],{"class":179,"line":180},[177,411,412],{"class":183},"# Ubuntu UFW\n",[177,414,415,417,420,423,426,429,432,435,438,441,444],{"class":179,"line":187},[177,416,191],{"class":190},[177,418,419],{"class":194}," ufw",[177,421,422],{"class":194}," allow",[177,424,425],{"class":194}," from",[177,427,428],{"class":194}," 192.168.1.0\u002F24",[177,430,431],{"class":194}," to",[177,433,434],{"class":194}," any",[177,436,437],{"class":194}," port",[177,439,440],{"class":214}," 3128",[177,442,443],{"class":194}," proto",[177,445,446],{"class":194}," tcp\n",[177,448,449],{"class":179,"line":201},[177,450,222],{"emptyLinePlaceholder":221},[177,452,453],{"class":179,"line":218},[177,454,455],{"class":183},"# CentOS \u002F RHEL firewalld\n",[177,457,458,460,463,466,469],{"class":179,"line":225},[177,459,191],{"class":190},[177,461,462],{"class":194}," firewall-cmd",[177,464,465],{"class":214}," --permanent",[177,467,468],{"class":214}," --add-rich-rule=",[177,470,471],{"class":194},"'rule family=\"ipv4\" source address=\"192.168.1.0\u002F24\" port port=\"3128\" protocol=\"tcp\" accept'\n",[177,473,474,476,478],{"class":179,"line":231},[177,475,191],{"class":190},[177,477,462],{"class":194},[177,479,480],{"class":214}," --reload\n",[12,482,483,484,486],{},"不要直接对公网开放 ",[39,485,71],{},"。如果必须跨公网访问，建议配合 VPN、固定源 IP、强认证和速率限制。",[55,488,490],{"id":489},"_5-客户端测试","5. 客户端测试",[31,492,494],{"className":171,"code":493,"language":173,"meta":37,"style":37},"curl -x http:\u002F\u002FSERVER_IP:3128 https:\u002F\u002Fexample.com -I\n",[39,495,496],{"__ignoreMap":37},[177,497,498,501,504,507,510],{"class":179,"line":180},[177,499,500],{"class":190},"curl",[177,502,503],{"class":214}," -x",[177,505,506],{"class":194}," http:\u002F\u002FSERVER_IP:3128",[177,508,509],{"class":194}," https:\u002F\u002Fexample.com",[177,511,512],{"class":214}," -I\n",[12,514,515,516,519,520,523],{},"若返回 HTTP 头信息，说明基础链路已通。若连接失败，先检查 ",[39,517,518],{},"systemctl status squid","、",[39,521,522],{},"ss -lntp | grep 3128"," 和防火墙规则。",[20,525,526],{"id":526},"可复现的编辑测试记录",[12,528,529,530,532,533,536,537,540],{},"为避免只给理论步骤，本文按一台 Ubuntu 22.04、2 vCPU、4GB RAM 的测试机复核了基础流程：安装 Squid、限制 ",[39,531,335],{}," 访问、使用 ",[39,534,535],{},"squid -k parse"," 校验配置，并用 ",[39,538,539],{},"curl -x"," 发起 HTTPS HEAD 请求。测试中最常见的问题不是安装失败，而是 ACL 顺序写反、云安全组未放行、或把代理误暴露到公网。结论是：先限制来源，再开放端口，比“先能连通再补安全”更稳妥。",[20,542,544],{"id":543},"性能优化先减少无效流量再增加并发","性能优化：先减少无效流量，再增加并发",[55,546,547],{"id":547},"缓存与连接参数",[12,549,550],{},"Squid 适合缓存静态资源，但不应缓存登录态页面、个人数据或敏感接口响应。可从保守参数开始：",[31,552,554],{"className":339,"code":553,"language":341,"meta":37,"style":37},"cache_mem 256 MB\nmaximum_object_size 64 MB\nrefresh_pattern -i \\.(jpg|png|css|js)$ 1440 50% 10080\npipeline_prefetch on\n",[39,555,556,561,566,571],{"__ignoreMap":37},[177,557,558],{"class":179,"line":180},[177,559,560],{},"cache_mem 256 MB\n",[177,562,563],{"class":179,"line":187},[177,564,565],{},"maximum_object_size 64 MB\n",[177,567,568],{"class":179,"line":201},[177,569,570],{},"refresh_pattern -i \\.(jpg|png|css|js)$ 1440 50% 10080\n",[177,572,573],{"class":179,"line":218},[177,574,575],{},"pipeline_prefetch on\n",[12,577,578,579,582,583,586],{},"上线后观察 ",[39,580,581],{},"TCP_HIT"," 与 ",[39,584,585],{},"TCP_MISS","，再决定是否扩大缓存。缓存命中率低时，盲目增加磁盘空间通常没有意义。",[55,588,589],{"id":589},"连接与限速",[12,591,592],{},"高性能代理不等于无限并发。建议按客户端、目标域名或业务类型分层限速：",[31,594,596],{"className":339,"code":595,"language":341,"meta":37,"style":37},"acl api_clients src 10.0.1.0\u002F24\nacl heavy_sites dstdomain .example.com\n\ndelay_pools 1\ndelay_class 1 2\ndelay_parameters 1 8000\u002F16000 4000\u002F8000\ndelay_access 1 allow api_clients heavy_sites\n",[39,597,598,603,608,612,617,622,627],{"__ignoreMap":37},[177,599,600],{"class":179,"line":180},[177,601,602],{},"acl api_clients src 10.0.1.0\u002F24\n",[177,604,605],{"class":179,"line":187},[177,606,607],{},"acl heavy_sites dstdomain .example.com\n",[177,609,610],{"class":179,"line":201},[177,611,222],{"emptyLinePlaceholder":221},[177,613,614],{"class":179,"line":218},[177,615,616],{},"delay_pools 1\n",[177,618,619],{"class":179,"line":225},[177,620,621],{},"delay_class 1 2\n",[177,623,624],{"class":179,"line":231},[177,625,626],{},"delay_parameters 1 8000\u002F16000 4000\u002F8000\n",[177,628,629],{"class":179,"line":249},[177,630,631],{},"delay_access 1 allow api_clients heavy_sites\n",[12,633,634],{},"这样可以削峰，减少 429、超时和目标站压力。",[55,636,637],{"id":637},"上游住宅代理",[12,639,640],{},"如果需要住宅出口，可使用：",[31,642,645],{"className":643,"code":644,"language":36,"meta":37},[34],"Client → Linux Squid → EProxies HTTP(S)\u002FSOCKS5 → Target Site\n",[39,646,644],{"__ignoreMap":37},[12,648,649,650,49],{},"EProxies 提供 72M+ 住宅 IP、195+ 国家覆盖、98.2% uptime，支持轮换与粘性会话，价格从 $0.25\u002FGB 起。轮换会话适合公开页面的大规模区域测试；粘性会话更适合需要会话稳定的登录态验证或持续区域观察。产品详情可查看：",[45,651,653],{"href":652},"\u002Fzh-cn\u002Fresidential-proxies","EProxies 住宅代理",[20,655,656],{"id":656},"安全加固要点",[55,658,659],{"id":659},"最小暴露",[60,661,662,665,668,671,674],{},[63,663,664],{},"只监听必要地址；",[63,666,667],{},"只放行可信源 IP；",[63,669,670],{},"禁止开放匿名代理；",[63,672,673],{},"不把代理凭据写进代码仓库；",[63,675,676],{},"定期更新系统和 Squid。",[55,678,680],{"id":679},"acl-与认证","ACL 与认证",[12,682,683],{},"基础 ACL 示例：",[31,685,687],{"className":339,"code":686,"language":341,"meta":37,"style":37},"acl trusted_net src 10.0.0.0\u002F24\nhttp_access allow trusted_net\nhttp_access deny all\n",[39,688,689,694,699],{"__ignoreMap":37},[177,690,691],{"class":179,"line":180},[177,692,693],{},"acl trusted_net src 10.0.0.0\u002F24\n",[177,695,696],{"class":179,"line":187},[177,697,698],{},"http_access allow trusted_net\n",[177,700,701],{"class":179,"line":201},[177,702,367],{},[12,704,705],{},"如果需要账号认证，可使用 NCSA\u002FBasic 认证，并定期轮换密码。对于生产环境，建议把认证、来源 IP 限制、防火墙和日志审计同时启用，而不是只依赖一种控制手段。",[55,707,708],{"id":708},"日志与隐私",[12,710,711,712,715,716,719],{},"Squid 日志可能包含 URL、查询参数、客户端 IP 和认证失败记录。应限制 ",[39,713,714],{},"\u002Fvar\u002Flog\u002Fsquid\u002F"," 访问权限，启用 ",[39,717,718],{},"logrotate","，并设定合理保留周期。涉及个人数据或敏感业务时，应先确认内部合规要求。",[20,721,722],{"id":722},"监控与维护",[55,724,725],{"id":725},"关键指标",[12,727,728],{},"不要只看服务是否在线，还要看质量：",[60,730,731,734,737,740,743,751],{},[63,732,733],{},"CPU、内存、磁盘 I\u002FO；",[63,735,736],{},"并发连接数和带宽；",[63,738,739],{},"4xx\u002F5xx、407、超时率；",[63,741,742],{},"平均响应时间与峰值延迟；",[63,744,745,747,748,750],{},[39,746,581],{}," \u002F ",[39,749,585],{}," 缓存命中；",[63,752,753],{},"异常来源 IP 与突发请求。",[12,755,756],{},"常用命令：",[31,758,760],{"className":171,"code":759,"language":173,"meta":37,"style":37},"systemctl status squid\njournalctl -u squid -f\ntail -f \u002Fvar\u002Flog\u002Fsquid\u002Faccess.log\ntail -f \u002Fvar\u002Flog\u002Fsquid\u002Fcache.log\nss -lntp | grep 3128\n",[39,761,762,771,784,795,804],{"__ignoreMap":37},[177,763,764,767,769],{"class":179,"line":180},[177,765,766],{"class":190},"systemctl",[177,768,305],{"class":194},[177,770,285],{"class":194},[177,772,773,776,779,781],{"class":179,"line":187},[177,774,775],{"class":190},"journalctl",[177,777,778],{"class":214}," -u",[177,780,211],{"class":194},[177,782,783],{"class":214}," -f\n",[177,785,786,789,792],{"class":179,"line":201},[177,787,788],{"class":190},"tail",[177,790,791],{"class":214}," -f",[177,793,794],{"class":194}," \u002Fvar\u002Flog\u002Fsquid\u002Faccess.log\n",[177,796,797,799,801],{"class":179,"line":218},[177,798,788],{"class":190},[177,800,791],{"class":214},[177,802,803],{"class":194}," \u002Fvar\u002Flog\u002Fsquid\u002Fcache.log\n",[177,805,806,809,812,816,819],{"class":179,"line":225},[177,807,808],{"class":190},"ss",[177,810,811],{"class":214}," -lntp",[177,813,815],{"class":814},"sD7c4"," |",[177,817,818],{"class":190}," grep",[177,820,821],{"class":214}," 3128\n",[55,823,824],{"id":824},"推荐工具组合",[12,826,827,828,519,831,519,834,519,836,519,839,519,842,844],{},"轻量维护可用 ",[39,829,830],{},"htop",[39,832,833],{},"iotop",[39,835,808],{},[39,837,838],{},"lsof",[39,840,841],{},"tcpdump",[39,843,718],{},"。生产环境建议接入 Prometheus + Grafana，并搭配 Node Exporter、Squid Exporter 或日志平台监控错误率、延迟、带宽、缓存命中率和磁盘容量。安全侧可使用 Fail2ban、系统审计日志和防火墙日志识别暴力认证或异常来源。",[20,846,847],{"id":847},"常见故障排查",[55,849,850],{"id":850},"代理连不上",[12,852,853],{},"先确认服务状态：",[31,855,857],{"className":171,"code":856,"language":173,"meta":37,"style":37},"systemctl status squid\nss -lntp | grep 3128\n",[39,858,859,867],{"__ignoreMap":37},[177,860,861,863,865],{"class":179,"line":180},[177,862,766],{"class":190},[177,864,305],{"class":194},[177,866,285],{"class":194},[177,868,869,871,873,875,877],{"class":179,"line":187},[177,870,808],{"class":190},[177,872,811],{"class":214},[177,874,815],{"class":814},[177,876,818],{"class":190},[177,878,821],{"class":214},[12,880,881],{},"再检查防火墙、云安全组和客户端代理地址。很多连接失败并不是 Squid 问题，而是端口没有对正确来源开放。",[55,883,884],{"id":884},"配置改完启动失败",[12,886,887],{},"运行：",[31,889,891],{"className":171,"code":890,"language":173,"meta":37,"style":37},"squid -k parse\n",[39,892,893],{"__ignoreMap":37},[177,894,895,898,900],{"class":179,"line":180},[177,896,897],{"class":190},"squid",[177,899,384],{"class":214},[177,901,387],{"class":194},[12,903,904,905,908,909,912,913,49],{},"重点检查 ACL 名称、",[39,906,907],{},"http_access"," 顺序、缓存目录权限和配置文件拼写。Squid 的规则顺序很关键，通常应先 ",[39,910,911],{},"allow"," 明确信任来源，最后 ",[39,914,915],{},"deny all",[55,917,919],{"id":918},"_407-认证失败","407 认证失败",[12,921,922],{},"检查客户端格式是否正确：",[31,924,927],{"className":925,"code":926,"language":36,"meta":37},[34],"http:\u002F\u002Fuser:password@proxy-host:port\n",[39,928,926],{"__ignoreMap":37},[12,930,931],{},"若使用 IP 白名单，确认当前服务器公网出口 IP 是否已加入白名单。接入 EProxies 时，也要确认协议是 HTTP(S) 还是 SOCKS5，以及使用的是轮换会话还是粘性会话。",[20,933,935],{"id":934},"faq","FAQ",[55,937,939],{"id":938},"how-can-you-enhance-security-while-configuring-a-proxy-server","How can you enhance security while configuring a proxy server?",[12,941,942,943,946],{},"配置代理服务器时，应先避免开放代理：用防火墙或云安全组限制来源 IP，并在 Squid 中配置 ACL、认证和 ",[39,944,945],{},"http_access deny all","。同时关闭不必要端口，定期更新系统与代理软件，保护日志和代理凭据。生产环境建议再加入 Fail2ban、速率限制、异常请求告警和定期权限审计。",[55,948,950],{"id":949},"what-tools-can-be-used-to-monitor-and-maintain-a-proxy-server","What tools can be used to monitor and maintain a proxy server?",[12,952,953,954,519,956,519,958,519,960,519,962,519,964,519,966,519,968,970,971,973],{},"基础工具包括 ",[39,955,766],{},[39,957,775],{},[39,959,788],{},[39,961,808],{},[39,963,838],{},[39,965,830],{},[39,967,833],{},[39,969,841],{}," 和 ",[39,972,718],{},"。生产环境建议使用 Prometheus + Grafana、Node Exporter、Squid Exporter 或集中式日志平台监控 CPU、内存、连接数、延迟、错误率和缓存命中率。安全维护可结合 Fail2ban、防火墙日志和系统审计日志排查异常访问。",[55,975,977],{"id":976},"what-are-the-best-practices-for-ensuring-high-performance-in-proxy-servers","What are the best practices for ensuring high performance in proxy servers?",[12,979,980],{},"高性能代理应先控制无效流量：设置合理缓存、连接超时、限速、日志轮转和 ACL，避免无限并发。系统层面要关注文件描述符、CPU、内存、磁盘 I\u002FO、DNS 解析和网络带宽；代理层面要持续观察命中率、延迟、4xx\u002F5xx 和超时率。若接入住宅代理上游，应按地区、会话类型和目标站响应情况选择轮换或粘性会话，而不是单纯增加请求量。",[55,982,984],{"id":983},"linux-代理服务器适合用于网页数据采集吗","Linux 代理服务器适合用于网页数据采集吗？",[12,986,987],{},"可以，但只适合合规采集公开可访问数据，并应遵守目标网站条款、robots 规则和适用法律。建议设置请求间隔、重试上限、缓存和错误退避，避免对目标网站造成异常压力。住宅代理可改善地区覆盖和本地化测试质量，但不能替代合规评估。",[55,989,991],{"id":990},"https-代理和-socks5-代理怎么选","HTTP(S) 代理和 SOCKS5 代理怎么选？",[12,993,994],{},"网页请求、API 调试、缓存和基于域名的访问控制，优先选 HTTP(S) 代理。需要更通用的 TCP 流量转发时，可选择 SOCKS5。EProxies 同时支持 HTTP(S)\u002FSOCKS5，因此可以按应用兼容性、认证方式、延迟和会话稳定性选择。",[996,997,998],"style",{},"html pre.shiki code .sAwPA, html code.shiki .sAwPA{--shiki-default:#6A737D}html pre.shiki code .s7eDp, html code.shiki .s7eDp{--shiki-default:#6F42C1}html pre.shiki code .sYBdl, html code.shiki .sYBdl{--shiki-default:#032F62}html pre.shiki code .sYu0t, html code.shiki .sYu0t{--shiki-default:#005CC5}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .sD7c4, html code.shiki .sD7c4{--shiki-default:#D73A49}",{"title":37,"searchDepth":187,"depth":187,"links":1000},[1001,1002,1006,1011,1018,1019,1024,1029,1033,1038],{"id":22,"depth":187,"text":23},{"id":52,"depth":187,"text":53,"children":1003},[1004,1005],{"id":57,"depth":201,"text":58},{"id":80,"depth":201,"text":81},{"id":101,"depth":187,"text":101,"children":1007},[1008,1009,1010],{"id":104,"depth":201,"text":105},{"id":111,"depth":201,"text":112},{"id":139,"depth":201,"text":140},{"id":163,"depth":187,"text":164,"children":1012},[1013,1014,1015,1016,1017],{"id":167,"depth":201,"text":168},{"id":266,"depth":201,"text":267},{"id":310,"depth":201,"text":311},{"id":401,"depth":201,"text":402},{"id":489,"depth":201,"text":490},{"id":526,"depth":187,"text":526},{"id":543,"depth":187,"text":544,"children":1020},[1021,1022,1023],{"id":547,"depth":201,"text":547},{"id":589,"depth":201,"text":589},{"id":637,"depth":201,"text":637},{"id":656,"depth":187,"text":656,"children":1025},[1026,1027,1028],{"id":659,"depth":201,"text":659},{"id":679,"depth":201,"text":680},{"id":708,"depth":201,"text":708},{"id":722,"depth":187,"text":722,"children":1030},[1031,1032],{"id":725,"depth":201,"text":725},{"id":824,"depth":201,"text":824},{"id":847,"depth":187,"text":847,"children":1034},[1035,1036,1037],{"id":850,"depth":201,"text":850},{"id":884,"depth":201,"text":884},{"id":918,"depth":201,"text":919},{"id":934,"depth":187,"text":935,"children":1039},[1040,1041,1042,1043,1044],{"id":938,"depth":201,"text":939},{"id":949,"depth":201,"text":950},{"id":976,"depth":201,"text":977},{"id":983,"depth":201,"text":984},{"id":990,"depth":201,"text":991},"how-tos","2026-07-03","Linux 代理服务器搭建指南：详解正向\u002F反向代理、HTTP\u002FSOCKS5、Squid 配置、鉴权、日志、限速、缓存维护及 EProxies 接入。",false,"md","\u002Fblog\u002Fguide-to-setting-up-a-proxy-server-on-linux","zh-cn",{"authorBio":1053},"易代理数据方案团队帮助工程与分析团队搭建合规的公开网络数据管道，覆盖请求分发、错误处理，并遵循目标站点条款与适用法律，让采集长期可持续。","\u002Fblog\u002Fzh-cn\u002Fguide-to-setting-up-a-proxy-server-on-linux",10,{"title":5,"description":1047},"guide-to-setting-up-a-proxy-server-on-linux","blog\u002Fzh-cn\u002Fguide-to-setting-up-a-proxy-server-on-linux",[1060],"Guide to Setting Up a Proxy Server on Linux","6KSEhg0HkOkStpEWlVq_9ASexHdGAey_xuAkpB4Fy_k",[1063,1066],{"path":1064,"lang":1065},"\u002Fblog\u002Fen\u002Fguide-to-setting-up-a-proxy-server-on-linux","en",{"path":1054,"lang":1051},1783092653155]