squid作为代理服务器应用一例
2013-08-13 19:11
148 查看
一、squid介绍:
Squid cache(简称为Squid)是一个流行的自由软件(GNU通用公共许可证)的代理服务器和Web缓存服务器。Squid有广泛的用途,从作为网页服务器的前置cache服务器缓存相关请求来提高Web服务器的速度,到为一组人共享网络资源而缓存万维网,域名系统和其他网络搜索,到通过过滤流量帮助网络安全,到局域网通过代理上网。
官方网址:http://www.squid-cache.org/
二、下载与安装:
wget http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.8.tar.gz
groupadd squid
useradd squid -s /sbin/nologin -g squid
tar zxf squid-3.3.8.tar.gz
cd squid-3.3.8
./configure--prefix=/usr/local/squid --enable-dlmalloc
--with-pthreads--enable-poll --disable-internal-dns --enable-stacktrace
--enable-removal-policies="heap,lru" --enable-delay-pools
--enable-storeio="aufs,coss,diskd,ufs"
make -j 4;make install
chown -R squid:squid /usr/local/squid
mkdir /u1/cache
chown squid:squid /u1/cache
chmod +w /u1/cache
>>>>>> 到这里squid就安装完成啦 <<<<<<
三、配置:
squid主配置文件为:squid.conf,参考配置如下:
max_filedescriptors 65535
visible_hostname linuxblind
acl SSL_ports port 443
acl Safe_ports port 8080
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl myip src localhost
cache_mgr zhangdh@taoying.com
#cache_effective_user squid
#cache_effective_group squid
http_access allow manager localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl OverConnLimit maxconn 300
http_access deny OverConnLimit
http_access deny myip
http_access allow all
acl_uses_indirect_client on
follow_x_forwarded_for allow all
allow_underscore on
half_closed_clients off
http_port 192.168.1.108:80 accel vhost vport #透明代理配置
icp_port 0
#源服务器ip:port,即www站点地址和端口
cache_peer 192.168.1.108 parent 8080 0 no-query originserver name=web
cache_peer_domain web www.bbs.linuxblind.com
http_access allow all
forwarded_for on
acl QUERY urlpath_regex cgi-bin .cgi .php .avi .wmv .rm .ram .mpg .mpeg .zip .exe .asp .aspx
cache deny QUERY
#缓存设置,这里我没有对其严格划分,其中应根据各类型资源的特点有针对性的选择缓存对象。
reload_into_ims on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern -i \.html 1440 100% 129600 ignore-reload override-lastmod
refresh_pattern -i \.shtml 1440 100% 129600 ignore-reload override-lastmod
refresh_pattern -i \.htm 1440 100% 129600 ignore-reload override-lastmod
refresh_pattern -i \.gif 1440 100% 129600 reload-into-ims
refresh_pattern -i \.jpg 1440 100% 129600 reload-into-ims
refresh_pattern -i \.png 1440 100% 129600 reload-into-ims
refresh_pattern -i \.bmp 1440 100% 129600 reload-into-ims
refresh_pattern -i \.swf 1440 100% 129600 reload-into-ims
refresh_pattern -i \.flv 129600 100% 129600 reload-into-ims
refresh_pattern -i \.js 1440 100% 129600 reload-into-ims
refresh_pattern -i \.css 1440 100% 129600 reload-into-ims
pid_filename /usr/local/squid/var/logs/squid.pid
#日志格式的设定
logformat squid_custom_log %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt "%{Referer}>h" "%{User-Agent}>h" %{Cookie}>h
cache_log /usr/local/squid/var/logs/cache.log
access_log /usr/local/squid/var/logs/access.log
cache_store_log /usr/local/squid/var/logs/store.log
#error_directory /usr/local/squid/var/logs/errors
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
memory_pools_limit 312 MB
maximum_object_size 4096 KB
maximum_object_size_in_memory 4096 KB
memory_replacement_policy lru
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
cache_dir ufs /u1/cache 1024 16 256 #cache目录
#cache_dir null /tmp
negative_ttl 0 second
四、启动与关闭:
生成cache目录:/usr/local/squid/sbin/squid -z
启动:/usr/local/squid/sbin/squid -NCdl &
关闭:/usr/local/squid/sbin/squid -k shutdown
配置重新加载:/usr/local/squid/sbin/squid -k reconfigure
squid访问日志分割:/usr/local/squid/sbin/squid -k rotate
其他工具:/usr/local/squid/bin目录下
eg:check cache informations
problem:client: ERROR: Cannot connect to [::1]:80: Connection refused
resolve:/usr/local/squid/bin/squidclient -h 192.168.1.108 -p 80 mgr:info
/usr/local/squid/bin/squidclient -h 192.168.1.108 -p 80 mgr:mem
***小提示:
echo "1" > /proc/sys/net/ipv4/ip_forward #打开ip转发功能,在上面的步骤中也需要执行。
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0.0.0.0/0.0.0.0 --dport 80 -j REDIRECT --sport 3128 #这里是将所有后端的80端口都通过3128(squid默认端口)代理出去。
五、测试:
阅读拓展:http://home.arcor.de/pangj/squid/chap01.html (squid权威指南)
本文出自 “zhangdh开放空间” 博客,请务必保留此出处http://linuxblind.blog.51cto.com/7616603/1272457
Squid cache(简称为Squid)是一个流行的自由软件(GNU通用公共许可证)的代理服务器和Web缓存服务器。Squid有广泛的用途,从作为网页服务器的前置cache服务器缓存相关请求来提高Web服务器的速度,到为一组人共享网络资源而缓存万维网,域名系统和其他网络搜索,到通过过滤流量帮助网络安全,到局域网通过代理上网。
官方网址:http://www.squid-cache.org/
二、下载与安装:
wget http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.8.tar.gz
groupadd squid
useradd squid -s /sbin/nologin -g squid
tar zxf squid-3.3.8.tar.gz
cd squid-3.3.8
./configure--prefix=/usr/local/squid --enable-dlmalloc
--with-pthreads--enable-poll --disable-internal-dns --enable-stacktrace
--enable-removal-policies="heap,lru" --enable-delay-pools
--enable-storeio="aufs,coss,diskd,ufs"
make -j 4;make install
chown -R squid:squid /usr/local/squid
mkdir /u1/cache
chown squid:squid /u1/cache
chmod +w /u1/cache
>>>>>> 到这里squid就安装完成啦 <<<<<<
三、配置:
squid主配置文件为:squid.conf,参考配置如下:
max_filedescriptors 65535
visible_hostname linuxblind
acl SSL_ports port 443
acl Safe_ports port 8080
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl myip src localhost
cache_mgr zhangdh@taoying.com
#cache_effective_user squid
#cache_effective_group squid
http_access allow manager localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl OverConnLimit maxconn 300
http_access deny OverConnLimit
http_access deny myip
http_access allow all
acl_uses_indirect_client on
follow_x_forwarded_for allow all
allow_underscore on
half_closed_clients off
http_port 192.168.1.108:80 accel vhost vport #透明代理配置
icp_port 0
#源服务器ip:port,即www站点地址和端口
cache_peer 192.168.1.108 parent 8080 0 no-query originserver name=web
cache_peer_domain web www.bbs.linuxblind.com
http_access allow all
forwarded_for on
acl QUERY urlpath_regex cgi-bin .cgi .php .avi .wmv .rm .ram .mpg .mpeg .zip .exe .asp .aspx
cache deny QUERY
#缓存设置,这里我没有对其严格划分,其中应根据各类型资源的特点有针对性的选择缓存对象。
reload_into_ims on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern -i \.html 1440 100% 129600 ignore-reload override-lastmod
refresh_pattern -i \.shtml 1440 100% 129600 ignore-reload override-lastmod
refresh_pattern -i \.htm 1440 100% 129600 ignore-reload override-lastmod
refresh_pattern -i \.gif 1440 100% 129600 reload-into-ims
refresh_pattern -i \.jpg 1440 100% 129600 reload-into-ims
refresh_pattern -i \.png 1440 100% 129600 reload-into-ims
refresh_pattern -i \.bmp 1440 100% 129600 reload-into-ims
refresh_pattern -i \.swf 1440 100% 129600 reload-into-ims
refresh_pattern -i \.flv 129600 100% 129600 reload-into-ims
refresh_pattern -i \.js 1440 100% 129600 reload-into-ims
refresh_pattern -i \.css 1440 100% 129600 reload-into-ims
pid_filename /usr/local/squid/var/logs/squid.pid
#日志格式的设定
logformat squid_custom_log %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt "%{Referer}>h" "%{User-Agent}>h" %{Cookie}>h
cache_log /usr/local/squid/var/logs/cache.log
access_log /usr/local/squid/var/logs/access.log
cache_store_log /usr/local/squid/var/logs/store.log
#error_directory /usr/local/squid/var/logs/errors
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
memory_pools_limit 312 MB
maximum_object_size 4096 KB
maximum_object_size_in_memory 4096 KB
memory_replacement_policy lru
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
cache_dir ufs /u1/cache 1024 16 256 #cache目录
#cache_dir null /tmp
negative_ttl 0 second
四、启动与关闭:
生成cache目录:/usr/local/squid/sbin/squid -z
启动:/usr/local/squid/sbin/squid -NCdl &
关闭:/usr/local/squid/sbin/squid -k shutdown
配置重新加载:/usr/local/squid/sbin/squid -k reconfigure
squid访问日志分割:/usr/local/squid/sbin/squid -k rotate
其他工具:/usr/local/squid/bin目录下
eg:check cache informations
problem:client: ERROR: Cannot connect to [::1]:80: Connection refused
resolve:/usr/local/squid/bin/squidclient -h 192.168.1.108 -p 80 mgr:info
/usr/local/squid/bin/squidclient -h 192.168.1.108 -p 80 mgr:mem
***小提示:
echo "1" > /proc/sys/net/ipv4/ip_forward #打开ip转发功能,在上面的步骤中也需要执行。
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0.0.0.0/0.0.0.0 --dport 80 -j REDIRECT --sport 3128 #这里是将所有后端的80端口都通过3128(squid默认端口)代理出去。
五、测试:
阅读拓展:http://home.arcor.de/pangj/squid/chap01.html (squid权威指南)
本文出自 “zhangdh开放空间” 博客,请务必保留此出处http://linuxblind.blog.51cto.com/7616603/1272457
相关文章推荐
- NFS作为图片共享存储应用一例
- squid反向代理作为web前端内容缓存器及局域网内客户机通过代理服务器上网
- Ubuntu安装Squid作为内网的代理服务器(Proxy)的简单配置
- squid作为反向代理(web缓存服务器)的应用
- 代理服务器squid的配置与应用
- varnish作为代理服务器一例
- Nginx 作代理服务器 以及作为Web实现动态分离技术应用
- Ubuntu安装squid作为内网的代理服务器(Proxy)的简单配制
- Squid 代理服务器在企业网络中的应用
- 代理服务器squid在企业中的应用
- ubuntu 14.04中打开squid服务并将本机作为代理服务器
- 作为开发者必须知道的5个安卓应用推广方式
- 作为一个移动应用开发者,我们的创意应当避免走向低俗
- java学习日记_45:应用类型作为形式参数。
- acegi 作为 yale cas认证服务器的客户端在springside项目中的应用
- Android中使用系统桌面背景作为应用背景,支持拖动
- React-Native 如何将图片作为页面的背景以及控件的嵌套实现启动应用
- 使用VNC作为Qt-Embedded应用的输出