本文提供了一篇关于在Redhat Linux 5.4上安装配置Squid 3.0.STABLE21作为反向代理/缓存服务器的详细指南。内容涵盖设置系统限制、编译安装Squid、配置文件详解、启动和管理Squid服务以及优化配置。关键配置包括调整ulimit,拷贝语言包,设置acl以限制特定请求,以及配置日志旋转。
squid-3.0.STABLE21 安装配置 by lbj
作用:作为反向代理/缓存服务器
系统:redhat linux 企业版 5.4
- linux 要有gcc编译器,使用squid-3.0.STABLE21版本
- 查询指令
ulimit -n
vi /proc/sys/fs/file-max
vi /proc/sys/net/ipv4/ip_local_port_range - 配置指令
ulimit -HSn 65536
echo 8192 > /proc/sys/fs/file-max
echo "1024 40000" > /proc/sys/net/ipv4/ip_local_port_range - 需要将ulimit -HSn 65536设置在/etc/rc.d/rc.local中,防止重启后失效, 花费时间来增加这个限制值的大小。否则,squid在高负载时执行性能将很低。
- 将语言包的zh-cn所有ERR文件拷贝到 ../squid-3.0.STABLE21/errors/Simplify_Chinese
- 编译指令
# ./configure --prefix=/usr/local/squid3 --disable-internal-dns --enable-err-languages="Simplify_Chinese" --enable-default-err-languages="Simplify_Chinese" - 安装
[root@localhost squid-3.0.STABLE21]# make
[root@localhost squid-3.0.STABLE21]# make install - 改变目录权限
chmod -R 777 /usr/local/squid3/var/ - 创建cache空间
Creating Swap Directories,Making directories in /usr/local/squid3/var/cache/00
/usr/local/squid3/sbin/squid -z - 检查squid.conf的配置
./squid - k parse - 启动squid
./squid -N -d1 - 将squid以后台进程运行
./squid -s - 发送关闭squid进程的信号
./squid -k shutdown - -k function
指示squid执行不同的管理功能。
reconfigure, rotate, shutdown, interrupt, kill, debug, check, or parse. reconfigure导致运行中的squid重新读取配置文件。
rotate导致squid滚动它的日志,这包括了关闭日志,重命名,和再次打开它们。
shutdown发送关闭squid进程的信号。
interrupt立刻关闭squid,不必等待活动会话完成。
kill发送KILL信号给squid,这是关闭squid的最后保证。
debug将squid设置成完全的调试模式
check简单的检查运行中的squid进程,返回的值显示squid是否在运行。
parse简单的解析squid.conf文件,如果配置文件包含错误,进程返回非零值。 - 强制关闭squid进程
ps -A | grep squid
kill -9 id - 配置要点
acl QUERY urlpath_regex -i cgi-bin /? /.jsp /.asp /.php /.cgi /.aspx
cache deny QUERY
默认区分大小写,-i参数表示不区分大小写
#logfile_rotate 8
0-8 共9个log
通过squid -k rotate命令轮转日志
strip_query_terms off
解决http://www.jackbillow.com/xxx.php?codetin=pig
?后边丢失问题 - 我的配置文件squid.conf
配置文件中使用外部dns,因此./configure时要带--disable-internal-dns 参数
同时因为使用了外部dns,因此需要保证squid服务器能够访问你所设置的dnsnameserver.若作为内网使用,应修改
TAG: dns_testnames字段项,默认指向互联网的微软服务器等,克改为可以访问的域名
配置中不明白的地方请参阅squid权威指南.特别注意squid2.X版本和3.X版本的不同之处
# WELCOME TO SQUID 3.0.STABLE21----server 192.168.3.10 by libingjin edit
# -----------------------------------------------------------------------------
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
# --TAG: acl
# --Default:
# --acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl mylan1 src 192.168.1.0/24
acl mydmz3 src 192.168.3.0/24
# --
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# ------------------------
# --TAG: http_access
# --Default:
# --http_access deny all
http_access allow manager localhost
http_access deny manager
# --Deny requests to unknown ports
http_access deny !Safe_ports
# --Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow all
# ------------------
# --TAG: icp_access
# --Default:
# --icp_access deny all
icp_access allow mylan1
icp_access allow mydmz3
icp_access deny all
# -----------------
# --TAG: htcp_access
# --Default:
# --htcp_access deny all
htcp_access allow mylan1
htcp_access allow mydmz3
htcp_access deny all
# ------------------
# --TAG: urlpath_regex
acl QUERY urlpath_regex -i cgi-bin /? /.jsp /.asp /.php /.cgi /.aspx
acl QUERYSSL url_regex -i ^http://
cache deny QUERY
cache deny QUERYSSL
# -----------------
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
# --TAG: http_port
# --Squid normally listens to port 3128
http_port 80 accel vhost vport
# ------------
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
# --TAG: cache_peer
# --Default:
# --none
cache_peer www.ynxt.com parent 80 0 no-query originserver name=ynxt
cache_peer www.ynest.com parent 80 0 no-query originserver name=ynest
cache_peer xxft.yn.gov.cn parent 80 0 no-query originserver name=xxft
cache_peer xxt.yn.gov.cn parent 80 0 no-query originserver name=xxt
# -------------------------------------------------------------------
# --TAG: cache_peer_domain
# --Default:
# --none
cache_peer_domain ynxt .ynxt.com
cache_peer_domain ynest .ynest.com
cache_peer_domain xxft xxft.yn.gov.cn
cache_peer_domain xxt xxt.yn.gov.cn
# --------------------------------
# --TAG: hierarchy_stoplist
# --We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
# --------------------------
# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------
# --TAG: cache_mem (bytes)
# --Default:
# --cache_mem 8 MB
cache_mem 1024 MB
# --------------
# --TAG: maximum_object_size_in_memory (bytes)
# --Default:
# --maximum_object_size_in_memory 8 KB
maximum_object_size_in_memory 1024 KB
# ----------------------------------
# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
# --TAG: cache_dir
# --Default:
# --cache_dir ufs /usr/local/squid3/var/cache 100 16 256
cache_dir ufs /usr/local/squid3/var/cache 10000 16 256
# ----------------------------------------------------
# --TAG: maximum_object_size (bytes)
# --Default:
# --maximum_object_size 4096 KB
maximum_object_size 32 MB
# --------------------------
# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
# --TAG: access_log
# --And priority could be any of:err, warning, notice, info, debug.
access_log /usr/local/squid3/var/logs/access.log squid
# ----------------------------------------------------
# --TAG: cache_log
# --Default:
# --cache_log /usr/local/squid3/var/logs/cache.log
cache_log /usr/local/squid3/var/logs/cache.log
# --------------------------------------------
# --TAG: pid_filename
# --Default:
# --pid_filename /usr/local/squid3/var/logs/squid.pid
pid_filename /usr/local/squid3/var/logs/squid.pid
# -----------------------------------------------
# --TAG: logfile_rotate
# --Default:
# logfile_rotate 10
logfile_rotate 7
# --------------
# --TAG: strip_query_terms
# --Default:
# --strip_query_terms on
strip_query_terms off
# -------------------
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
# --TAG: refresh_pattern
# --Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|/?) 0 0% 0
refresh_pattern . 0 20% 4320
# ----------------------------
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
# --TAG: cache_mgr
# --Default:
# --cache_mgr webmaster
cache_mgr kmmartin@163.com
# ------------------------
# ICP OPTIONS
# -----------------------------------------------------------------------------
# --TAG: icp_port
# --Default:
# --icp_port 0
icp_port 3130
# -----------
# ERROR PAGE OPTIONS
# -----------------------------------------------------------------------------
# --TAG: error_directory
# --Default:
# --error_directory /usr/local/squid3/share/errors/templates
error_directory /usr/local/squid3/share/errors/Simplify_Chinese
# -------------------------------------------------------------
# DNS OPTIONS
# -----------------------------------------------------------------------------
# --TAG: dns_nameservers
# --Default:
# --none
dns_nameservers 192.168.3.3
# -------------------------
# --TAG: dns_testnames
# --Default:
# --dns_testnames netscape.com internic.net nlanr.net microsoft.com
dns_testnames www.ynxt.com www.ynest.com xxt.yn.gov.cn xxft.yn.gov.cn
# -------------------------------------------------------------------
# MISCELLANEOUS
# -----------------------------------------------------------------------------
# --TAG: forwarded_for on|off
# --Default:
# --forwarded_for on
forwarded_for on
# --------------
# --TAG: coredump_dir
# --Default:
# --coredump_dir none
coredump_dir /usr/local/squid3/var/cache
# -------------------------------------- - squid.sh的启动脚本
赋予可执行权限# chmod 755 squid.sh
#!/bin/sh
#
ulimit -HSn 15000
# this script starts and stops Squid
echo 15000 > /proc/sys/fs/file-max
case "$1" in
start)
/usr/local/squid/sbin/squid -s
echo -n ' Squid'
;;
stop)
/usr/local/squid/sbin/squid -k shutdown
;;
esac
#./squid.sh start就可以启动squid了
扫一扫
644
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
