YUM installation
yum install squid -y
yum install httpd-tools -y

Compile and install

cd squid*
./configure \
--prefix=/usr \
--exec-prefix=/usr \
--includedir=/usr/include \
--datadir=/usr/share \
--libdir=/usr/lib64 \
--libexecdir=/usr/lib64/squid \
--localstatedir=/var \
--sysconfdir=/etc/squid \
--sharedstatedir=/var/lib \
--with-logdir=/var/log/squid \
--with-pidfile=/var/run/squid.pid \
--with-default-user=squid \
--enable-silent-rules \
--enable-dependency-tracking \
--with-openssl \
--enable-icmp \
--enable-delay-pools \
--enable-useragent-log \
--enable-esi \
--enable-follow-x-forwarded-for \
--enable-auth
make && make install
#Compile and install
chown squid:squid /var/log/squid/
# Set the log directory to belong to

Support authentication login (squid3.5+)

Generate password file

htpasswd -cd  /etc/squid/passwd squid1
#apache tools to create files and user passwords
htpasswd -d  /etc/squid/passwd squid2
#Create a second user and password

test password

/usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd

squid1 123456

configuration file

cat /etc/squid/squid.conf

visible_hostname fuckgfw
#Create a host name, feel free to do so
http_port 1024
#Specify the server ip:port

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated
#Enable authentication

access_log /var/log/squid/access.log
#Set log path

request_header_access X-Forwarded-For deny all
request_header_access From deny all
request_header_access Via deny all
#High Stash Configuration

Service start and stop

squid -k parse
squid -s 
squid -k shutdown

Firewall Forwarding Rules

iptables -t nat -A PREROUTING  -p tcp --dport 80 -j REDIRECT --to-ports 3128
#Accessing the web through this machine will redirect to port 3128

iptables -I POSTROUTING -t nat  -j MASQUERADE
#Turn on MASQUERADE address disguise

echo 1 > /proc/sys/net/ipv4/ip_forward
grep  ip_forward  /etc/sysctl.conf &>/dev/null || echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
#开启NAT转发

Through the above configuration, you can access http and https websites~

Support SSLBump method

Compile and install

... same as above

generate certificate

#Generate Prviate Key
openssl genrsa -out attacker.club.private 2048
#Greate Certificate siqning request
openssl req -new -key attacker.club.private -out attacker.club.csr

Country Name (2 letter code) [XX]:US State or Province Name (full name) []:Illinois Locality Name (eg, city) [Default City]:Chicago Organization Name (eg, company) [Default Company Ltd]:Example Company LTD. Organizational Unit Name (eg, section) []:Information Technology Common Name (eg, your name or your server"s hostname) []:Example Company LTD. Email Address []: Please enter the following "extra" attributes to be sent with your certificate request A challenge password []: An optional company name []:Example Company LTD.

Download the Chinese patch

git clone https://gitlab.com/xhang/gitlab.git
#Download Patch
cat gitlab/VERSION
#View Chinese version

Download the specified version

https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=10.6.4

update software

yum install curl policycoreutils openssh-server openssh-clients   && systemctl restart sshd

install gitlab

 

wget -c https://packages.gitlab.com/gitlab/gitlab-ce/el/7/x86_64/gitlab-ce-9.0.6-ce.0.el7.x86_64.rpm
rpm -ivh gitlab*.rpm
#Download and install the rpm package

domain name

because /etc/gitlab/gitlab.rb

external_url "http://gitlab.example.com"

First boot (initial configuration)

gitlab-ctl reconfigure

Sinicization

git clone https://github.com/larryli/gitlabhq.git
#Download the Chinese package

gitlab-ctl stop
#Close gitlab
head -1 /opt/gitlab/version-manifest.txt
#View the installed version of gitlab
cd gitlab/
#Go to the Chinese package directory
git diff v10.6.4 v10.6.4-zh >../v10.6.4-zh.diff
cd ..
yum install patch
patch -d /opt/gitlab/embedded/service/gitlab-rails -p1 < v10.6.4-zh.diff

~~\cp gitlabhq/* /opt/gitlab/embedded/service/gitlab-rails/ ~~

gitlab-ctl  start
#Start gitlab

manage

gitlab-ctl status
#View Status

reconfigure gitlab

gitlab-ctl reconfigure

permission

Set administrator password

Username for administrator account login: root

(Although the user name of the administrator after logging in is Administrator, the actual user name for logging in is root)

support ldap

cat /etc/gitlab/gitlab.rb

gitlab_rails["ldap_enabled"] = true

###! **remember to close this block with "EOS" below**
gitlab_rails["ldap_servers"] = YAML.load <<-"EOS"
   main: # "main" is the GitLab "provider ID" of this LDAP server
     label: " GitLab LDAP"
     host: "10.0.0.200"
     port: 389
     uid: "uid"
     method: "plain" # "start_tls" or "simple_tls" or "plain"
     bind_dn: "CN=Manager,DC=huored,DC=com"
     password: "XXX"
     base: "DC=huored,DC=com"
EOS
gitlab-ctl  restart

git repository location

/var/opt/gitlab/git-data/repositorie

Related articles

webservice example

What is webservice: WebService is a remote invocation technology across programming languages and operating system platforms. The so-called cross programming language and cross operating platform means that the server program is written in java, and the

Native jdbc example with spring JDBC example

Native jdbc integration with spring Introduction to JDBC The JDBC API allows users to access any form of tabular data, especially data stored in relational databases. Implementation process: Connect to a data source, such as a database. Pass query

Deploying Nginx

How to install PostgreSQL Linux downloads (Red Hat family) Tip: The current version is Version 10.3 surroundings [root@h210 ~]# hostnamectl Static hostname: h210 Icon name: computer-vm

Install OpenVPN

OpenVPN is an open source VPN (Virtual private network) software OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods ba

mysql binlog transaction logs

binlog is binary log, binary log file, this file records all mysql dml operations. Through the binlog log, we can do data recovery, master-resident replication and master-slave replication, etc. Developers may not pay much attention to binlog

istio Deployment

1.istio Deployment Download address: https://github.com/istio/istio/releases Network disk link: https://pan.baidu.com/s/1L4CK2icK6teT5Ef4eiJwKw Password: i16u Resource allocation: ​master 2U2G ​node 2U8G curl -L https://git.io/getLatestIstio | ISTIO_

gitlab Deployment

GitLab is an open source project for warehouse management systems. Use Git as a code management tool and build a web service on this basis. Public or private projects can be accessed through a web interface. It has similar functionality to Github

django nginx Deployment

Upload complete django project files to the server sftp ftp lrzsz can upload files to the server, depending on yourself My django project is called yunwei, the main app is rabc and web, the whole project is put under /opt/ as follows: [root@test-code op

Honeypot target drone deployment

pip install docker-compose # docker-compose wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip # Source Code unzip vulhub-master.zip && cd vulhub-master # Decompress cd zabbix/CVE-2016-10134 # Access to vulnerabilities/environ