Centos7配置 yum代理_centos7系统的服务器想要使用yum安装软件,怎么配置代理

Centos7 下配置yum代理

1、应用场景
某些应用场景中，Linux服务器需要通过yum安装应用的包，但是这些Linux服务器可能不能连接到外网，但是内部也没有对应的yum服务器，这个时候，找一台内部能够访问外网的服务器配置一个代理，然后使用代理进行yum的动作。
2、案列
服务端： 172.16.5.154
客户端： 172.16.5.156
3、找一个公司可以上外网的服务器配置Squid代理

rpm -qa squid    # 确保本服务器没有配置Squid
yum -y install  openssl squid 
cat /etc/squid/squid.conf
1
2
3

内容如下

#
#Recommended minimum configuration:
#

#Example rule allowing access from your local networks.
#Adapt to list your (internal) IP networks from where browsing
#should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
#Recommended minimum Access Permission configuration:
#
#Deny requests to certain unsafe ports
http_access deny !Safe_ports

#Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

#Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

#We strongly recommend the following be uncommented to protect innocent
#web applications running on the proxy server who think the only
#one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
#INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

#Example rule allowing access from your local networks.
#Adapt localnet in the ACL section to list your (internal) IP networks
#from where browsing should be allowed
http_access allow localnet
http_access allow localhost

#And finally deny all other access to this proxy
http_access deny all
http_access allow all
#Squid normally listens to port 3128
http_port 3128

#Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

 Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
 Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

将此文件中的 http_access deny all改为 # http_access deny all
将此文件中注释的地方下面加一条内容
http_access allow all
4、启动代理

systemctl start squid
systemctl enable squid
systemctl status squid
netstat -ntlp
1
2
3
4

结果如下

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      2129/mongod         
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      25748/nginx: master 
tcp        0      0 0.0.0.0:81              0.0.0.0:*               LISTEN      25708/httpd         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2291/sshd           
tcp        0      0 127.0.0.1:32000         0.0.0.0:*               LISTEN      1275/java           
tcp6       0      0 :::80                   :::*                    LISTEN      25748/nginx: master 
tcp6       0      0 :::3128                 :::*                    LISTEN      16820/(squid-1) 
# 说明3128端口开启，说明代理是正常
1
2
3
4
5
6
7
8
9
10

5、在客户端服务器配置yum代理配置
（1）备份

 cd /etc/yum.repos.d/
 mkdir repo_bak
 mv *.repo repo_bak/
1
2
3

(2)下载新的Centos-Base.repo 到 /etc/yum.repos.d/

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
 yum clean all
 yum makecache
1
2
3

(3) 安装epel 源

yum list | grep epel-release
yum -y install epel-release
yum clean all
yum makecache
yum repolist enabled   # 查看启动的仓库
yum repolist all       # 查看所有的仓库
1
2
3
4
5
6

（4）在/etc/yum.conf中添加如下内容

proxy=http:172.16.5.154:3128
ping www.baidu.com   #执行此命令会看到如下错误
ping: www.baidu.com: Name or service not known
yum -y install squid
1
2
3
4