Centos 5.6下squid 2.7 安装 (反向代理)
类别:原创 服务器
第一:说明,软件说明,和安装的目的
架设基于linux下的反向代理服务器,使用反向代理对网站进行加速。
第二:本例操作环境
所使用的系统环境为 Centos 5.6 64位操作系统
[root@jedy ~]# uname -a
Linux jedy.com 2.6.18-238.el5 #1 SMP Thu Jan 13 15:51:15 EST 2011 x86_64 x86_64 x86_64 GNU/Linux [root@jedy ~]# more /etc/redhat-release CentOS release 5.6 (Final) [root@jedy ~]#
第三:所需要的软件包如下
squid-2.7.STABLE9.tar.gz
第四:安装、配置
[root@jedy ~]# rpm –qa | grep squid
[root@jedy ~]# rpm –e squid
[root@jedy ~]# cd /usr/local/src
[root@jedy src]# tar zxvf /software/squid-2.7.STABLE9.tar.gz
[root@jedy src]# cd squid-2.7.STABLE9/
[root@jedy squid-2.7.STABLE9]# ./configure --prefix=/usr/local/squid --enable-dlmalloc --enable-snmp --with-pthreads --enable-epoll --disable-internal-dns --enable-removal-policies=heap,lru --enable-delay-pools --enable-storeio=aufs,coss,diskd,ufs,null --with-maxfd=65535
[root@jedy src]# make
[root@jedy src]# make install
[root@jedy src]# useradd -r -s /sbin/nologin squid
[root@jedy src]#cd
[root@jedy ~]# ln –sv /usr/local/src/squid/etc /etc/squid
[root@jedy ~]# mkdir /var/cache/
[root@jedy ~]# mkdir /var/log/squid
[root@jedy ~]# chmod 777 /var/cache
[root@jedy ~]# chmod 777 /var/log/squid
[root@jedy ~]# chown squid.squid /var/cache
[root@jedy ~]# chown squid.squid /var/log/squid
[root@jedy ~]# more /etc/squid/squid.conf | grep –v “#”| grep –v ^$
# generate by trncman on 2012-05-04 13:29:58 by 192.168.19.63
########## Base control ##########
cache_mgr admin@jedy.com \\ 管理员邮箱
visible_hostname squid.jedy.com \\ 主机名
http_port 0.0.0.0:80 accel vhost http11 \\ 侦测的端口 注意 在squid 3.0中 这里是不能加 http11的
icp_port 0
cache_dir ufs /var/cache 2048 32 256 \\ 定义squid的cache存放路径 、cache目录容量(单位M)、一级缓存目录数量、二级缓存目录数量
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh \\ log文件日志格式
access_log /var/log/squid/access_log combined \\ log文件存放路径 和日志格式
cache_log /var/log/squid/cache_log
cache_store_log none
logfile_rotate 60 \\ log轮循 60天
error_directory /usr/local/squid/share/errors/Simplify_Chinese \\ 错误页面的语言
unlinkd_program /usr/local/squid/libexec/unlinkd \\ 指定文件删除进程的完整路径 我也没弄懂
strip_query_terms off \\在日志中记录URL的完整路径包含“?”后面的参数。
cache_vary on \\支持http 1.1的动态压缩
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
########## Performance control ##########
cache_mem 1024 MB \\额外提供给squid使用的内存,squid的内存总占用为 X * 10+15+“cache_mem”其是 X为squid的cache占用的容量(以GB为单位)
cache_swap_low 90
cache_swap_high 95 \\ cache目录的限值,超过总容量的85%时会自动清理
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 2048 KB \\ 与内存有关的参数
ipcache_size 2048 \\ 缓存dns的正反向解析
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
log_ip_on_direct on
log_mime_hdrs off
request_header_max_size 64 KB
request_body_max_size 0 KB
negative_ttl 5 minutes \\ 错误页面缓存时间
connect_timeout 1 minute
read_timeout 1 minutes
request_timeout 1 minutes
client_lifetime 30 minutes
half_closed_clients on
maximum_single_addr_tries 1
设定每个页面缓存的时间
<refresh_pattern> <页面类型> <最小时间> <百分比> <最大时间>
refresh_pattern -i \.htm$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.html$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.shtml$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.shtm$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.xml$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpeg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.gif$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.css$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.js$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.swf$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.doc$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.ppt$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.xls$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.pdf$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.cab$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.exe$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.zip$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.dll$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.rar$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.zip$ 1440 90% 129600 reload-into-ims
refresh_pattern . 0 0% 0
acl purge method PURGE
acl QUERY urlpath_regex cgi-bin .php .cgi .asp .jsp .do
acl all src all
acl testip src 127.0.0.1/32 192.168.10.0/24
acl testdst dstdomain jedy.com .baidu.com .sina.com
###### Reverse proxy###########
<cache_peer> <主机名称> <类别> <http_port> <icp_port> <其它参数>
cache_peer 192.168.10.10 parent 80 0 no-query originserver name=test1
cache_peer 192.168.10.20 parent 80 0 no-query originserver name=test2
cache_peer 192.168.10.30 parent 80 0 no-query originserver name=test3
cache_peer_domain test1 test.jedy.com bbs.jedy.com
cache_peer_domain test2 .baidu.com
cache_peer_domain test3 .sina.com
从客户端过来的请求,如果是访问test.jedy.com bbs.jedy.com, 则Squid向 Server 192.168.10.10的端口80发送请求
从客户端过来的请求,如果是访问 baidu.com, 则Squid向 Server 192.168.10.20的端口80发送请求
从客户端过来的请求,如果是访问 sina.com, 则Squid向 Server 192.168.10.30的端口80发送请求
<cache_peer_access> <上层 Proxy > <allow|deny> <acl名称>
cache_peer_access test1 allow all
cache_peer_access test2 allow all
cache_peer_access test3 allow testip
允许所有人访问 test1(192.168.10.10) test2 (192.168.10.20)
只允许 testip(192.168.10.0/24)访问test3 (192.168.10.30)
########## Access control ############
http_access allow QUERY
http_access allow purge master
http_access allow testdst \\ 允许testdst 使用squid进行代理
http_access deny all
cache deny QUERY
hierarchy_stoplist cgi-bin ?
acl CactiServer src 192.168.20.11
acl SNMP snmp_community public \\ 允许snmp通过
snmp_port 3401
snmp_access allow SNMP CactiServer
snmp_access deny all
[root@jedy ~]#
[root@jedy ~]# /usr/local/squid/sbin/squid –zX \\ 初始化 squid
[root@jedy ~]# /usr/local/squid/sbin/squid –s \\ 启动 squid
[root@jedy ~]# netstart –tlnp | grep 查看服务端口状态 如果有80 说明服务启动成功
[root@jedy ~]# echo “/usr/local/squid/sbin/squid –s” >> /etc/rc.local \\ 开机自动启动,我们后面会说到使用服务器进程启动squid,如果使用服务器进行启动 这一条可以不加
至此 关于squid的安装配置部分结束。
第五:测试测试连接和认证
# 更改本地测试机的hosts文件,加入准备测试的网站如:test.jedy.com 解析到squid服务器ip地址
如果在本机浏览器里能成功访问 test.jedy.com 并查看数据包头从squid请求的数据 那说明反向代理squid成功
修改dns服务器的A记录,将需代理的网站部分指向 此代理服务器。
第六:补充知识
1.使用服务器进程启动squid
新建squid 服务器进程
[root@jedy ~]# vim /etc/init.d/squid
################################脚本开始################################
#!/bin/bash
# squid This shell script takes care of starting and stopping
# Squid Internet Object Cache
#
# chkconfig: - 90 25
# description: Squid - Internet Object Cache. Internet object caching is \
# a way to store requested Internet objects (i.e., data available \
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
# requesting site than to the source. Web browsers can then use the \
# local Squid cache as a proxy HTTP server, reducing access time as \
# well as bandwidth consumption.
# pidfile: /usr/local/squid/var/logs/squid.pid
# config: /etc/squid/squid.conf
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-"-D"}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
# determine the name of the squid binary
[ -f /usr/local/squid/sbin/squid ] && SQUID=/usr/local/squid/sbin/squid
prog="$SQUID"
# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' /etc/squid/squid.conf | \
grep cache_dir | awk '{ print $3 }'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/spool/squid
RETVAL=0
start() {
ulimit -HSn 65535
#check if the squid conf file is present
if [ ! -f /etc/squid/squid.conf ]; then
echo "Configuration file /etc/squid/squid.conf missing" 1>&2
exit 6
fi
. /etc/sysconfig/squid.sh
# don't raise an error if the config file is incomplete.
# set defaults instead:
SQUID_OPTS="-s -f/etc/squid/squid.conf"
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
if [ -z "$SQUID" ]; then
echo "Insufficient privilege" 1>&2
exit 4
fi
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
$SQUID -z -F -D >> /var/log/squid/squid.out 2>&1
fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
timeout=0;
while : ; do
[ ! -f /usr/local/squid/var/logs/squid.pid ] || break
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
RETVAL=1
break
fi
sleep 1 && echo -n "."
timeout=$((timeout+1))
done
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/squid
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}
stop() {
. /etc/sysconfig/squid.sh
# don't raise an error if the config file is incomplete.
# set defaults instead:
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
echo -n $"Stopping $prog: "
$SQUID -k check >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
$SQUID -k shutdown &
rm -f /var/lock/subsys/squid
timeout=0
while : ; do
[ -f /usr/local/squid/var/logs/squid.pid ] || break
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
echo
return 1
fi
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo_success
echo
else
echo_failure
if [ ! -e /var/lock/subsys/squid ]; then
RETVAL=0
fi
echo
fi
return $RETVAL
}
reload() {
. /etc/sysconfig/squid.sh
# don't raise an error if the config file is incomplete.
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-"-D"}
$SQUID -k reconfigure -f /etc/squid/squid.conf
}
restart() {
stop
start
}
condrestart() {
[ -e /var/lock/subsys/squid ] && restart || :
}
rhstatus() {
status $SQUID && $SQUID -k check
}
probe() {
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
probe)
exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 2
esac
exit $?
################################脚本结束################################
2 .新建squid.sh 服务器进程
[root@jedy ~]# vim /etc/sysconfig/squid.sh 其实我也不知道这个脚本是做什么用的,但是如果没有这个脚本 启动squid时会报错
################################脚本开始################################
# default squid options
# -D disables initial dns checks. If you most likely will not to have an
# internet connection when you start squid, uncomment this
SQUID_OPTS="-D"
# Time to wait for Squid to shut down when asked. Should not be necessary
# most of the time.
SQUID_SHUTDOWN_TIMEOUT=100
################################脚本结束################################
3. 启动 squid
[root@jedy ~]#services squid start
4.加入开机自动启动
[root@jedy ~]#chkconfig –add squid
[root@jedy ~]#chkconfig –level 2345 squid on
5. 查看服务端口状态
[root@jedy ~]#netstart -tlnp | grep squid 如果有80 说明服务启动成功
6. 定期备份日志
[root@jedy ~]# mkdir /var/log/squid/bak
[root@jedy ~]# chmod 777 /var/log/squid/bak
[root@jedy ~]# chown squid.squid /var/log/squid/bak
新建备份脚本
[root@jedy ~]# vim /usr/local/squid/squidlogbak.sh
################################脚本开始################################
#!/bin/sh
date=`date +%Y%m%d`
cd /var/log/squid/
# rename the current log file without interrupting the logging process
mv access_log access_log.sz.$date
# tell Squid to close the current logs and open new ones
/usr/local/squid/sbin/squid -k rotate
# give Squid some time to finish writing swap.state files
sleep 5
mv access_log.sz.$date /var/log/squid/bak/
gzip -9 /var/log/squid/bak/access_log.sz.$date
################################脚本结束###############################
[root@jedy ~]#crontab -e
58 23 * * * /usr/local/squid/squidlogbak.sh
[root@jedy ~]#
至此 关于squid的安装配置全部结束。