一、squid介绍:

Squid cache(简称为Squid)是一个流行的自由软件(GNU通用公共许可证)的代理服务器和Web缓存服务器。Squid有广泛的用途,从作为网页服务器的前置cache服务器缓存相关请求来提高Web服务器的速度,到为一组人共享网络资源而缓存万维网,域名系统和其他网络搜索,到通过过滤流量帮助网络安全,到局域网通过代理上网。

官方网址:http://www.squid-cache.org/


二、下载与安装:

wget http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.8.tar.gz

groupadd squid

useradd squid -s /sbin/nologin -g squid

tar zxf squid-3.3.8.tar.gz

cd squid-3.3.8

./configure--prefix=/usr/local/squid --enable-dlmalloc

--with-pthreads--enable-poll --disable-internal-dns --enable-stacktrace

--enable-removal-policies="heap,lru" --enable-delay-pools

--enable-storeio="aufs,coss,diskd,ufs"

make -j 4;make install

chown -R squid:squid /usr/local/squid

mkdir /u1/cache

chown squid:squid /u1/cache

chmod +w /u1/cache

>>>>>> 到这里squid就安装完成啦 <<<<<<


三、配置:

squid主配置文件为:squid.conf,参考配置如下:

max_filedescriptors 65535                            

visible_hostname linuxblind                          

acl SSL_ports port 443                              

acl Safe_ports port 8080                            

acl Safe_ports port 80          # http              

acl Safe_ports port 21          # ftp                

acl Safe_ports port 443         # https              

acl Safe_ports port 70          # gopher            

acl Safe_ports port 210         # wais              

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280         # http-mgmt          

acl Safe_ports port 488         # gss-http          

acl Safe_ports port 591         # filemaker          

acl Safe_ports port 777         # multiling http    

acl CONNECT method CONNECT                          

acl myip src localhost                              

cache_mgr zhangdh@taoying.com                        

#cache_effective_user squid                          

#cache_effective_group squid                        

http_access allow manager localhost

http_access deny !Safe_ports        

http_access deny CONNECT !SSL_ports

acl OverConnLimit maxconn 300      

http_access deny OverConnLimit

http_access deny myip      

http_access allow all              

acl_uses_indirect_client  on        

follow_x_forwarded_for allow all    

allow_underscore on                

half_closed_clients off            

http_port 192.168.1.108:80 accel vhost vport  #透明代理配置

icp_port 0

#源服务器ip:port,即www站点地址和端口

cache_peer 192.168.1.108 parent 8080 0 no-query originserver name=web

cache_peer_domain web www.bbs.linuxblind.com

http_access allow all

forwarded_for on

acl QUERY urlpath_regex cgi-bin   .cgi .php .avi .wmv .rm .ram .mpg .mpeg .zip .exe .asp .aspx

cache deny QUERY

#缓存设置,这里我没有对其严格划分,其中应根据各类型资源的特点有针对性的选择缓存对象。

reload_into_ims on

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern .               0       20%     4320

refresh_pattern -i \.html 1440 100% 129600 ignore-reload override-lastmod

refresh_pattern -i \.shtml 1440 100% 129600 ignore-reload override-lastmod

refresh_pattern -i \.htm 1440 100% 129600 ignore-reload override-lastmod

refresh_pattern -i \.gif 1440 100% 129600 reload-into-ims

refresh_pattern -i \.jpg 1440 100% 129600 reload-into-ims

refresh_pattern -i \.png 1440 100% 129600 reload-into-ims

refresh_pattern -i \.bmp 1440 100% 129600 reload-into-ims

refresh_pattern -i \.swf 1440 100% 129600 reload-into-ims

refresh_pattern -i \.flv 129600 100% 129600 reload-into-ims

refresh_pattern -i \.js 1440 100% 129600 reload-into-ims

refresh_pattern -i \.css 1440 100% 129600 reload-into-ims

pid_filename /usr/local/squid/var/logs/squid.pid

#日志格式的设定

logformat squid_custom_log %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt "%{Referer}>h" "%{User-Agent}>h" %{Cookie}>h

cache_log /usr/local/squid/var/logs/cache.log

access_log /usr/local/squid/var/logs/access.log

cache_store_log /usr/local/squid/var/logs/store.log

#error_directory /usr/local/squid/var/logs/errors

cache_mem 256 MB

cache_swap_low 90

cache_swap_high 95

memory_pools_limit 312 MB

maximum_object_size 4096 KB

maximum_object_size_in_memory 4096 KB

memory_replacement_policy lru

ipcache_low 90

ipcache_high 95

fqdncache_size 1024

cache_replacement_policy lru

cache_dir ufs /u1/cache 1024 16 256  #cache目录

#cache_dir null /tmp

negative_ttl 0 second


四、启动与关闭:

生成cache目录:/usr/local/squid/sbin/squid -z

启动:/usr/local/squid/sbin/squid -NCdl &

关闭:/usr/local/squid/sbin/squid -k shutdown

配置重新加载:/usr/local/squid/sbin/squid -k reconfigure

squid访问日志分割:/usr/local/squid/sbin/squid -k rotate

其他工具:/usr/local/squid/bin目录下

eg:check cache informations

problem:client: ERROR: Cannot connect to [::1]:80: Connection refused

resolve:/usr/local/squid/bin/squidclient -h 192.168.1.108 -p 80 mgr:info


/usr/local/squid/bin/squidclient -h 192.168.1.108 -p 80 mgr:mem


***小提示:

echo "1" > /proc/sys/net/ipv4/ip_forward   #打开ip转发功能,在上面的步骤中也需要执行。

iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0.0.0.0/0.0.0.0 --dport 80 -j REDIRECT --sport 3128   #这里是将所有后端的80端口都通过3128(squid默认端口)代理出去。


五、测试:

190726337.jpg


阅读拓展:http://home.arcor.de/pangj/squid/chap01.html (squid权威指南)