简介:
Squid 反向代理常用于服务器端,客户端访问 Squid 代理服务器的 80 端口,Squid 代理服务器根据配置去请求后端的 web 服务器,
然后将请求到的信息保存在本地并回传给客户端,当又有客户端请求相同资源时,Squid 代理服务器直接将缓存中的信息回传给客户端。
一、安装 Squid
shell > ulimit -n # 默认打开文件描述符为 1024 ,要增大它 1024 shell > vim /etc/security/limits.conf * - nofile 65535
## 定义单个用户的最大打开文件数为 65535 ,要重启服务器生效 ,如果线上服务器不方便重启,那么就使用 ulimit -n 65535 来临时修改
shell > vim /etc/selinux/config SELINUX=enforcing # 将 enforcing 改为 disabled ,同样要重启服务器生效,不方便的话可以使用 setenforce 0 来临时关闭 SELinux shell > reboot shell > ulimit -n 65535 shell > getenforce Disabled
## 再次确认已经修改成功
shell > yum -y install squid shell > rpm -qa squid squid-3.1.10-29.el6.x86_64
二、配置反向代理
shell > mkdir /opt/squid_cache # 创建缓存目录 shell > chown -R squid.squid /opt/squid_cache # 更改属主、属组 shell > > /etc/squid/squid.conf # 清空默认配置文件 shell > vim /etc/squid/squid.conf cache_effective_user squid cache_effective_group squid ## 启动 Squid 用户、组 http_port 192.168.1.88:80 accel vhost ## 将端口监听在 192.168.1.88 上,accel 指加速模式,vhost 用于转发请求 dns_nameservers 8.8.8.8 ## 为了使 Squid 能解析域名需定义真实 DNS 地址 visible_hostname study.localhost.localdomain ## 计算机名,可以为 IP 地址,用于错误页面的显示 cache_mgr wangxiaoqiang888@163.com ## 管理员邮箱地址,用于错误页面上的显示 cache_mem 300 MB ## 内存缓存大小,指定可以使用多少物理内存作为高速缓存。如果此服务器就是专门的缓存服务器,可以指定为物理内存的一半。否则不应大于三分之一 cache_dir ufs /opt/squid_cache 4096 16 256 ## 缓存目录大小为 4G ,这个可以按实际磁盘大小来定,有 16 二级目录,每个二级目录下有 256 个子目录 maximum_object_size 4 MB ## 最大缓存文件大小为 4MB ,超过的直接传给用户,不作缓存 cache_access_log /var/log/squid/access.log ## 访问日志文件路径,记录了用户访问 Internet 的详细信息,可以查看每用户的上网记录 cache_log /var/log/squid/cache.log ## 缓存日志文件路径,记录了缓存相关的日志信息 cache_store_log /var/log/squid/store.log ## 网页缓存日志文件路径,记录了网页在缓存中调用情况 logfile_rotate 7 ## 日志轮转,7 代表保留 6 个旧的日志跟 1 个新日志( 需配合 crond 来使用 ) cache_swap_high 90 ## 缓存磁盘空间大于 90% 时自动清理 cache_swap_low 80 ## 清理到 80% 时停止 cache_peer 192.168.1.80 parent 80 0 originserver name=sina cache_peer 192.168.1.80 parent 80 0 originserver name=baidu ## cache_peer 指定后端服务器地址,80 为后端服务端口,0 为 ICP 端口号(多个 Squid 时用),originserver 指定资源服务器,name 指定一个别名 cache_peer_domain sina sina.com www.sina.com cache_peer_domain baidu baidu.com www.baidu.com ## 指定对应关系,当用户请求 baidu.com 或 www.baidu.com 时,转发到别名为 baidu 的真实服务器上 http_access allow all ## 允许所有人访问代理服务器(必须开启)
三、初始化 Squid
shell > squid -z 2015/01/06 17:31:14| Creating Swap Directories 2015/01/06 17:31:14| /opt/squid_cache exists 2015/01/06 17:31:14| Making directories in /opt/squid_cache/00 2015/01/06 17:31:14| Making directories in /opt/squid_cache/01 2015/01/06 17:31:14| Making directories in /opt/squid_cache/02 2015/01/06 17:31:14| Making directories in /opt/squid_cache/03 2015/01/06 17:31:14| Making directories in /opt/squid_cache/04 2015/01/06 17:31:14| Making directories in /opt/squid_cache/05 2015/01/06 17:31:14| Making directories in /opt/squid_cache/06 2015/01/06 17:31:14| Making directories in /opt/squid_cache/07 2015/01/06 17:31:14| Making directories in /opt/squid_cache/08 2015/01/06 17:31:14| Making directories in /opt/squid_cache/09 2015/01/06 17:31:14| Making directories in /opt/squid_cache/0A 2015/01/06 17:31:14| Making directories in /opt/squid_cache/0B 2015/01/06 17:31:14| Making directories in /opt/squid_cache/0C 2015/01/06 17:31:14| Making directories in /opt/squid_cache/0D 2015/01/06 17:31:14| Making directories in /opt/squid_cache/0E 2015/01/06 17:31:14| Making directories in /opt/squid_cache/0F
四、启动 Squid
shell > service squid start 正在启动 squid:. [确定] shell > chkconfig --add squid shell > chkconfig --level 35 squid on shell > netstat -anpt | grep squid tcp 0 0 192.168.1.88:3128 0.0.0.0:* LISTEN 2988/(squid)
五、测试
shell > cat /var/log/squid/access.log | grep TCP_MISS 1420537525.011 34 192.168.1.110 TCP_MISS/404 561 GET http://alabo.com/favicon.ico - FIRST_UP_PARENT/www text/html 1420537527.279 1124 192.168.1.110 TCP_MISS/200 2028 GET http://alabo.com/ - FIRST_UP_PARENT/www text/html 1420537527.571 137 192.168.1.110 TCP_MISS/200 3271 GET http://alabo.com/images/css.css - FIRST_UP_PARENT/www text/css 1420537528.193 621 192.168.1.110 TCP_MISS/200 140767 GET http://alabo.com/images/benner6.jpg - FIRST_UP_PARENT/www image/jpeg 1420537528.205 770 192.168.1.110 TCP_MISS/200 68852 GET http://alabo.com/images/benner1.jpg - FIRST_UP_PARENT/www image/jpeg 1420537528.599 1151 192.168.1.110 TCP_MISS/200 232817 GET http://alabo.com/images/benner2.jpg - FIRST_UP_PARENT/www image/jpeg 1420537528.606 377 192.168.1.110 TCP_MISS/200 101177 GET http://alabo.com/images/benner8.jpg - FIRST_UP_PARENT/www image/jpeg 1420537528.832 1381 192.168.1.110 TCP_MISS/200 210193 GET http://alabo.com/images/benner4.jpg - FIRST_UP_PARENT/www image/jpeg 1420537529.101 1652 192.168.1.110 TCP_MISS/200 281791 GET http://alabo.com/images/benner3.jpg - FIRST_UP_PARENT/www image/jpeg 1420537529.139 947 192.168.1.110 TCP_MISS/200 75526 GET http://alabo.com/images/benner7.jpg - FIRST_UP_PARENT/www image/jpeg 1420537529.198 1747 192.168.1.110 TCP_MISS/200 244311 GET http://alabo.com/images/benner5.jpg - FIRST_UP_PARENT/www image/jpeg 1420537529.572 959 192.168.1.110 TCP_MISS/200 287741 GET http://alabo.com/images/bj1.jpg - FIRST_UP_PARENT/www image/jpeg 1420537530.190 2 192.168.1.110 TCP_MISS/404 561 GET http://alabo.com/favicon.ico - FIRST_UP_PARENT/www text/html 1420537531.790 200 192.168.1.110 TCP_MISS/200 2028 GET http://alabo.com/ - FIRST_UP_PARENT/www text/html
## TCP_MISS 代表没有被 Squid 缓存,而是从原始服务器取出的并返回给用户的数据
shell > cat /var/log/squid/access.log | grep TCP_MEM_HIT 1420537531.980 0 192.168.1.110 TCP_MEM_HIT/200 3277 GET http://alabo.com/images/css.css - NONE/- text/css 1420537532.009 16 192.168.1.110 TCP_MEM_HIT/200 68858 GET http://alabo.com/images/benner1.jpg - NONE/- image/jpeg 1420537532.050 31 192.168.1.110 TCP_MEM_HIT/200 232823 GET http://alabo.com/images/benner2.jpg - NONE/- image/jpeg 1420537532.108 66 192.168.1.110 TCP_MEM_HIT/200 281797 GET http://alabo.com/images/benner3.jpg - NONE/- image/jpeg 1420537532.199 139 192.168.1.110 TCP_MEM_HIT/200 210199 GET http://alabo.com/images/benner4.jpg - NONE/- image/jpeg 1420537532.201 102 192.168.1.110 TCP_MEM_HIT/200 244317 GET http://alabo.com/images/benner5.jpg - NONE/- image/jpeg 1420537532.326 61 192.168.1.110 TCP_MEM_HIT/200 75532 GET http://alabo.com/images/benner7.jpg - NONE/- image/jpeg 1420537532.330 112 192.168.1.110 TCP_MEM_HIT/200 140773 GET http://alabo.com/images/benner6.jpg - NONE/- image/jpeg 1420537532.376 71 192.168.1.110 TCP_MEM_HIT/200 101183 GET http://alabo.com/images/benner8.jpg - NONE/- image/jpeg 1420537532.393 128 192.168.1.110 TCP_MEM_HIT/200 287747 GET http://alabo.com/images/bj1.jpg - NONE/- image/jpeg
## TCP_MEM_HIT 代表被 Squid 缓存到内存中并返回给用户的数据
shell > cat /var/log/squid/access.log | grep TCP_HIT
## TCP_HIT 代表被 Squid 缓存到 cache 目录(磁盘)中并返回给用户的数据