Centos 6.5下squid 3.4 安装 (反向代理)
Centos 6.5下squid 3.4 安装 (反向代理)
类别:原创 服务器php
第一:说明,软件说明,和安装的目的
架设基于linux下的反向代理服务器,使用反向代理对网站进行加速。css
squid 3.* 和squid 2.7 在配置文件上有不少地方有变更,配置时请注意 html
第二:本例操做环境
所使用的系统环境为 Centos 6.5 64位操做系统
[root@jedy ~]# uname -a
Linux jedy.com 2.6.32-431.3.1.el6.x86_64 #1 SMP Fri Jan 3 21:39:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@jedy ~]# more /etc/redhat-release
CentOS release 6.5 (Final)
[root@jedy ~]#
第三:所须要的软件包以下
squid-3.4.2.tar.gz http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.2.tar.gz
第四:安装、配置
[root@jedy ~]# rpm –qa | grep squid
[root@jedy ~]# rpm –e squid
[root@jedy ~]# cd /usr/local/src
[root@jedy src]# tar zxvf /software/squid-3.4.2.tar.gz
[root@jedy src]# cd squid-3.4.2/
[root@jedy squid-3.4.2]# ./configure --prefix=/usr/local/squid --enable-dlmalloc --enable-snmp --with-pthreads --enable-epoll --disable-internal-dns --enable-removal-policies=heap,lru --enable-delay-pools --enable-storeio=aufs,diskd,ufs --with-maxfd=65535
[root@jedy src]# make
[root@jedy src]# make install
[root@jedy src]# useradd -r -s /sbin/nologin squid
[root@jedy src]#cd
[root@jedy ~]# ln –sv /usr/local/squid/etc /etc/squid
[root@jedy ~]# mkdir /var/cache/squid /var/log/squid
[root@jedy ~]# chmod 777 /var/cache
[root@jedy ~]# chmod 777 /var/log/squid
[root@jedy ~]# chown squid.squid /var/cache
[root@jedy ~]# chown squid.squid /var/log/squid
[root@jedy ~]# more /etc/squid/squid.conf | grep –v “#”| grep –v ^$
########## Base control ##########
cache_mgr admin@jedy.com \\ 管理员邮箱
visible_hostname squid.jedy.com \\ 主机名
http_port 0.0.0.0:80 accel vhost \\ 侦测的端口 注意 在squid 3.0中 这里是不能加 http11的
icp_port 0
cache_dir ufs /var/cache 2048 32 256 \\ 定义squid的cache存放路径 、cache目录容量(单位M)、一级缓存目录数量、二级缓存目录数量
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh \\ log文件日志格式
access_log /var/log/squid/access_log combined \\ log文件存放路径 和日志格式
cache_log /var/log/squid/cache_log
cache_store_log none
logfile_rotate 60 \\ log轮循 60天
error_directory /usr/local/squid/share/errors/zh-cn \\ 错误页面的语言
unlinkd_program /usr/local/squid/libexec/unlinkd \\ 指定文件删除进程的完整路径 我也没弄懂
strip_query_terms off \\在日志中记录URL的完整路径包含“?”后面的参数。
#cache_vary on \\支持http 1.1的动态压缩
acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache
########## Performance control ##########
cache_mem 1024 MB \\额外提供给squid使用的内存,squid的内存总占用为 X * 10+15+“cache_mem”其是 X为squid的cache占用的容量(以GB为单位)
cache_swap_low 90
cache_swap_high 95 \\ cache目录的限值,超过总容量的85%时会自动清理
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 2048 KB \\ 与内存有关的参数
ipcache_size 2048 \\ 缓存dns的正反向解析
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
#log_ip_on_direct on
log_mime_hdrs off
request_header_max_size 64 KB
request_body_max_size 0 KB
negative_ttl 5 minutes \\ 错误页面缓存时间
connect_timeout 1 minute
read_timeout 1 minutes
request_timeout 1 minutes
client_lifetime 30 minutes
half_closed_clients on
#maximum_single_addr_tries 1linux
设定每一个页面缓存的时间
<refresh_pattern> <页面类型> <最小时间> <百分比> <最大时间>
refresh_pattern -i \.htm$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.html$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.shtml$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.shtm$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.xml$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpeg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.gif$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.css$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.js$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.swf$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.doc$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.ppt$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.xls$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.pdf$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.cab$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.exe$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.zip$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.dll$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.rar$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.zip$ 1440 90% 129600 reload-into-ims
refresh_pattern . 0 0% 0
acl purge method PURGE
acl QUERY urlpath_regex cgi-bin .php .cgi .asp .jsp .do
##acl all src all \\squid 3.0后 默认设置好了,不用另加,不然起不来
acl testip src 127.0.0.1/32 192.168.10.0/24
acl testdst dstdomain jedy.com .baidu.com .sina.com
###### Reverse proxy###########
<cache_peer> <主机名称> <类别> <http_port> <icp_port> <其它参数>
cache_peer 192.168.10.10 parent 80 0 no-query originserver name=test1
cache_peer 192.168.10.20 parent 80 0 no-query originserver name=test2
cache_peer 192.168.10.30 parent 80 0 no-query originserver name=test3
cache_peer_domain test1 test.jedy.com bbs.jedy.com
cache_peer_domain test2 .baidu.com
cache_peer_domain test3 .sina.com
从客户端过来的请求,若是是访问test.jedy.com bbs.jedy.com, 则Squid向 Server 192.168.10.10的端口80发送请求
从客户端过来的请求,若是是访问 baidu.com, 则Squid向 Server 192.168.10.20的端口80发送请求
从客户端过来的请求,若是是访问 sina.com, 则Squid向 Server 192.168.10.30的端口80发送请求
<cache_peer_access> <上层 Proxy > <allow|deny> <acl名称>
cache_peer_access test1 allow all
cache_peer_access test2 allow all
cache_peer_access test3 allow testip
容许全部人访问 test1(192.168.10.10) test2 (192.168.10.20)
只容许 testip(192.168.10.0/24)访问test3 (192.168.10.30)
########## Access control ############
http_access allow QUERY
http_access allow purge master
http_access allow testdst \\ 容许testdst 使用squid进行代理
http_access deny all
cache deny QUERY
hierarchy_stoplist cgi-bin ?
acl CactiServer src 192.168.20.11
acl SNMP snmp_community public \\ 容许snmp经过
snmp_port 3401
snmp_access allow SNMP CactiServer
snmp_access deny all
[root@jedy ~]#
[root@jedy ~]# /usr/local/squid/sbin/squid –zX \\ 初始化 squid
[root@jedy ~]# /usr/local/squid/sbin/squid –s \\ 启动 squid
[root@jedy ~]# netstart –tlnp | grep 查看服务端口状态 若是有80 说明服务启动成功
[root@jedy ~]# echo “/usr/local/squid/sbin/squid –s &” >> /etc/rc.local \\ 开机自动启动,咱们后面会说到使用服务器进程启动squid,若是使用服务器进行启动 这一条能够不加
至此 关于squid的安装配置部分结束。
第五:测试测试链接和认证
# 更改本地测试机的hosts文件,加入准备测试的网站如:www.uc55.com 解析到squid服务器ip地址
若是在本机浏览器里能成功访问 www.uc55.com 并查看数据包头从squid请求的数据 那说明反向代理squid成功
修改dns服务器的A记录,将需代理的网站部分指向 此代理服务器。
第六:补充知识
1.使用服务器进程启动squid
新建squid 服务器进程
[root@jedy ~]# vim /etc/init.d/squid
################################脚本开始################################
#!/bin/bash
# squid This shell script takes care of starting and stopping
# Squid Internet Object Cache
#
# chkconfig: - 90 25
# description: Squid - Internet Object Cache. Internet object caching is \
# a way to store requested Internet objects (i.e., data available \
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
# requesting site than to the source. Web browsers can then use the \
# local Squid cache as a proxy HTTP server, reducing access time as \
# well as bandwidth consumption.
# pidfile: /usr/local/squid/var/logs/squid.pid
# config: /etc/squid/squid.conf
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-"-D"}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
# determine the name of the squid binary
[ -f /usr/local/squid/sbin/squid ] && SQUID=/usr/local/squid/sbin/squid
prog="$SQUID"
# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' /etc/squid/squid.conf | \
grep cache_dir | awk '{ print $3 }'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/spool/squid
RETVAL=0
start() {
ulimit -HSn 65535
#check if the squid conf file is present
if [ ! -f /etc/squid/squid.conf ]; then
echo "Configuration file /etc/squid/squid.conf missing" 1>&2
exit 6
fi
. /etc/sysconfig/squid.sh
# don't raise an error if the config file is incomplete.
# set defaults instead:
SQUID_OPTS="-s -f/etc/squid/squid.conf"
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
if [ -z "$SQUID" ]; then
echo "Insufficient privilege" 1>&2
exit 4
fi
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
$SQUID -z -F -D >> /var/log/squid/squid.out 2>&1
fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
timeout=0;
while : ; do
[ ! -f /usr/local/squid/var/logs/squid.pid ] || break
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
RETVAL=1
break
fi
sleep 1 && echo -n "."
timeout=$((timeout+1))
done
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/squid
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}
stop() {
. /etc/sysconfig/squid.sh
# don't raise an error if the config file is incomplete.
# set defaults instead:
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
echo -n $"Stopping $prog: "
$SQUID -k check >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
$SQUID -k shutdown &
rm -f /var/lock/subsys/squid
timeout=0
while : ; do
[ -f /usr/local/squid/var/logs/squid.pid ] || break
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
echo
return 1
fi
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo_success
echo
else
echo_failure
if [ ! -e /var/lock/subsys/squid ]; then
RETVAL=0
fi
echo
fi
return $RETVAL
}
reload() {
. /etc/sysconfig/squid.sh
# don't raise an error if the config file is incomplete.
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-"-D"}
$SQUID -k reconfigure -f /etc/squid/squid.conf
}
restart() {
stop
start
}
condrestart() {
[ -e /var/lock/subsys/squid ] && restart || :
}
rhstatus() {
status $SQUID && $SQUID -k check
}
probe() {
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
probe)
exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 2
esac
exit $?
################################脚本结束################################
2 .新建squid.sh 服务器进程
[root@jedy ~]# vim /etc/sysconfig/squid.sh 其实我也不知道这个脚本是作什么用的,可是若是没有这个脚本 启动squid时会报错
################################脚本开始################################
# default squid options
# -D disables initial dns checks. If you most likely will not to have an
# internet connection when you start squid, uncomment this
SQUID_OPTS="-D"
# Time to wait for Squid to shut down when asked. Should not be necessary
# most of the time.
SQUID_SHUTDOWN_TIMEOUT=100
################################脚本结束################################
3. 启动 squid
[root@jedy ~]#services squid start
4.加入开机自动启动
[root@jedy ~]#chkconfig –add squid
[root@jedy ~]#chkconfig –level 2345 squid on
5. 查看服务端口状态
[root@jedy ~]#netstart -tlnp | grep squid 若是有80 说明服务启动成功
6. 按期备份日志
[root@jedy ~]# mkdir /var/log/squid/bak
[root@jedy ~]# chmod 777 /var/log/squid/bak
[root@jedy ~]# chown squid.squid /var/log/squid/bak
新建备份脚本
[root@jedy ~]# vim /usr/local/squid/squidlogbak.sh
################################脚本开始################################
#!/bin/sh
date=`date +%Y%m%d`
cd /var/log/squid/
# rename the current log file without interrupting the logging process
mv access_log access_log.sz.$date
# tell Squid to close the current logs and open new ones
/usr/local/squid/sbin/squid -k rotate
# give Squid some time to finish writing swap.state files
sleep 5
mv access_log.sz.$date /var/log/squid/bak/
gzip -9 /var/log/squid/bak/access_log.sz.$date
################################脚本结束###############################
[root@jedy ~]#crontab -e
58 23 * * * /usr/local/squid/squidlogbak.sh
[root@jedy ~]#
至此 关于squid的安装配置所有结束。shell
- 1. Squid反向代理
- 2. CentOS 6.5上安装squid 3.0
- 3. squid反向代理
- 4. squid 反向代理
- 5. CentOS 6.6编译安装Squid 配置反向代理服务器
- 6. Squid代理服务---反向代理
- 7. windows平台下 反向代理 squid
- 8. squid配置 反向代理
- 9. squid的正反向代理
- 10. Centos 6.5 下安装socket5代理
- 更多相关文章...
- • Docker 安装 CentOS - Docker教程
- • CentOS Docker 安装 - Docker教程
- • IntelliJ IDEA安装代码格式化插件
- • Composer 安装与使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. vs2019运行opencv图片显示代码时,窗口乱码
- 2. app自动化 - 元素定位不到?别慌,看完你就能解决
- 3. 在Win8下用cisco ××× Client连接时报Reason 422错误的解决方法
- 4. eclipse快速补全代码
- 5. Eclipse中Java/Html/Css/Jsp/JavaScript等代码的格式化
- 6. idea+spring boot +mabitys(wanglezapin)+mysql (1)
- 7. 勒索病毒发生变种 新文件名将带有“.UIWIX”后缀
- 8. 【原创】Python 源文件编码解读
- 9. iOS9企业部署分发问题深入了解与解决
- 10. 安装pytorch报错CondaHTTPError:******