整套环境一体化部署:Squid5.5 + frps (服务端) + frpc (服务端客户端) 全开机自启|CentOS9 + FRP0.69.0 (豆B版)
(–全文来自豆包,未经验证–)
目录规范
FRP 统一目录:/root/frp
Squid 编译路径:/usr/local/squid
一、前置环境(一键执行)
#ssh运行
#关闭SELinux
setenforce 0
sed -i ‘s/^SELINUX=enforcing/SELINUX=disabled/’ /etc/selinux/config
#安装依赖
dnf remove -y squid
dnf groupinstall -y “Development Tools”
dnf install -y openssl-devel libcap-devel libxml2-devel expat-devel perl httpd-tools
#防火墙放行全需要端口
firewall-cmd –permanent –add-port={7000,7500,23128,13128}/tcp
firewall-cmd –reload
二、FRP 0.69.0 部署(/root/frp)
#ssh运行:
mkdir -p /root/frp && cd /root/frp
wget https://github.com/fatedier/frp/releases/download/v0.69.0/frp_0.69.0_linux_amd64.tar.gz
tar -zxvf frp_0.69.0_linux_amd64.tar.gz –strip-components=1
rm -rf frp_0.69.0_linux_amd64.tar.gz
2.1 frps.toml(服务端配置)
#ssh运行:
cat > /root/frp/frps.toml <<‘EOF’
bindPort = 7000
auth.token = “Abc_2026_FRP”
tls.enable = true
webServer.port = 7500
webServer.user = “admin”
webServer.pwd = “Admin123456”
EOF
2.2 frpc.toml(VPS 本地 frpc,如需反向隧道备用,不用可空配置)
#架构:Windows-frpc→VPS-frps→VPS-3128 (Squid),VPS 本机无需启用 frpc,保留配置文件即可
#ssh运行:
cat > /root/frp/frpc.toml <<‘EOF’ serverAddr = “127.0.0.1” serverPort = 7000 auth.token = “Abc_2026_FRP” tls.enable = true EOF
2.3 frps systemd 自启服务
#ssh 运行
cat > /etc/systemd/system/frps.service <<‘EOF’
[Unit]
Description=FRP Server 0.69.0
After=network.target
[Service]
ExecStart=/root/frp/frps -c /root/frp/frps.toml
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
三、Squid5.5 编译 + 安装 + 配置 + 自启
#ssh运行:
mkdir -p /usr/local/src && cd /usr/local/src
wget http://www.squid-cache.org/Versions/v5/squid-5.5.tar.gz
tar -zxvf squid-5.5.tar.gz && cd squid-5.5
#编译参数
./configure \
–prefix=/usr/local/squid \
–sysconfdir=/etc/squid \
–enable-ssl \
–enable-ssl-crtd \
–enable-auth-basic \
–enable-basic-auth-helpers=NCSA \
–enable-linux-netfilter \
–enable-epoll \
–with-openssl=/usr/bin/openssl
make -j$(nproc) && make install
#运行用户
useradd -M -s /sbin/nologin squid
chown -R squid:squid /usr/local/squid/var
/usr/local/squid/sbin/squid -z
#创建代理密码 user
mkdir -p /etc/squid
htpasswd -bc /etc/squid/passwd user Proxy@2026
#Squid 主配置 /etc/squid/squid.conf
ssh运行:
cat > /etc/squid/squid.conf <<‘EOF’
http_port 127.0.0.1:3128
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Proxy Auth Required
acl auth_ok proxy_auth REQUIRED
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow auth_ok
http_access allow CONNECT SSL_ports
http_access deny all
forwarded_for off
via off
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
cache deny all
EOF
#创建Squid systemd 服务
ssh运行:
cat > /etc/systemd/system/squid.service <<‘EOF’
[Unit]
Description=Squid5.5 Proxy Service
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/squid/var/run/squid.pid
ExecStart=/usr/local/squid/sbin/squid
ExecReload=/usr/local/squid/sbin/squid -k reconfigure
ExecStop=/usr/local/squid/sbin/squid -k shutdown
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
四、批量启用开机自启 & 启动服务
ssh运行:
systemctl daemon-reload
#设置开机自启
systemctl enable frps squid
#立即启动
#systemctl start frps squid
#查看运行状态
systemctl status frps squid
五、Windows 端 frpc 配置 & 开机自启
#客户端配置frpc.toml(D:\frp\frpc.toml)
serverAddr = “186.244.215.20”
serverPort = 7000
auth.token = “abc_2026_FRP”
tls.enable = true
[[proxies]]
name = “squid-proxy”
type = “tcp”
localIP = “127.0.0.1”
localPort = 3128
remotePort = 23128
#管理员 CMD 执行安装系统服务
cmd
D:
cd D:\frp
frpc.exe install -c frpc.toml
net start frpc
六、链路 & 浏览器配置
链路:Firefox→127.0.0.1:3128(Win-frpc)→加密FRP隧道→VPS-frps:23128→VPS-127.0.0.1:3128(Squid)
火狐:HTTP 代理127.0.0.1:3128,取消勾选 HTTPS/FTP 共用代理,代理账号:user / Proxy@2026
七、日常运维命令
ssh运行:
#重启全套服务
systemctl restart frps squid
#实时日志
journalctl -u frps -f
journalctl -u squid -f
#端口核验
ss -tulnp | grep -E “frps|squid”
#补充说明
#VPS 不需要启动 frpc 服务,整套转发依靠 Windows 客户端主动连入,如需额外反向映射再启用 VPS 的 frpc.service。
#修改配置后执行systemctl reload xxx重载生效。
#纠偏:
豆包最后那句:“VPS 不需要启动 frpc 服务,整套转发依靠 Windows 客户端主动连入,如需额外反向映射再启用 VPS 的 frpc.service。”在逻辑上就错了,前面的所有配置都是客户端作为被被访者设定的,即[[proxies]]角色,在本例中是将客户端的3128端口开放到公网23128,直观点举例:就是可以把本机的3389(将windows端frpc。toml里面的localPort端口3128换成3389)开放到公网的23128端口,外网可以通过服务器的公网ip:23128访问客户端的远程桌面。但却无法让客户端通过代理设置上网。豆包有点在胡说八道了,且其极容易陷入逻辑错乱而无法自行纠正。
