Squid 反向代理服務器配置

簡介：

Squid 反向代理經常使用於服務器端，客戶端訪問 Squid 代理服務器的 80 端口，Squid 代理服務器根據配置去請求後端的 web 服務器，

而後將請求到的信息保存在本地並回傳給客戶端，當又有客戶端請求相同資源時，Squid 代理服務器直接將緩存中的信息回傳給客戶端。

1、安裝 Squid

shell > ulimit -n  # 默認打開文件描述符爲 1024 ，要增大它
1024
shell > vim /etc/security/limits.conf

* - nofile 65535

## 定義單個用戶的最大打開文件數爲 65535 ，要重啓服務器生效 ，若是線上服務器不方便重啓，那麼就使用 ulimit -n 65535 來臨時修改

shell > vim /etc/selinux/config

SELINUX=enforcing  # 將 enforcing 改成 disabled ，一樣要重啓服務器生效，不方便的話可使用 setenforce 0 來臨時關閉 SELinux

shell > reboot

shell > ulimit -n
65535

shell > getenforce
Disabled

## 再次確認已經修改爲功

shell > yum -y install squid

shell > rpm -qa squid
squid-3.1.10-29.el6.x86_64

2、配置反向代理

shell > mkdir /opt/squid_cache  # 建立緩存目錄

shell > chown -R squid.squid /opt/squid_cache  # 更改屬主、屬組

shell > > /etc/squid/squid.conf  # 清空默認配置文件

shell > vim /etc/squid/squid.conf

cache_effective_user squid
cache_effective_group squid

## 啓動 Squid 用戶、組

http_port 192.168.1.88:80 accel vhost

## 將端口監聽在 192.168.1.88 上,accel 指加速模式，vhost 用於轉發請求

dns_nameservers 8.8.8.8

## 爲了使 Squid 能解析域名需定義真實 DNS 地址

visible_hostname study.localhost.localdomain

## 計算機名，能夠爲 IP 地址，用於錯誤頁面的顯示

cache_mgr wangxiaoqiang888@163.com

## 管理員郵箱地址，用於錯誤頁面上的顯示

cache_mem 300 MB

## 內存緩存大小，指定可使用多少物理內存做爲高速緩存。若是此服務器就是專門的緩存服務器，能夠指定爲物理內存的一半。不然不該大於三分之一

cache_dir ufs /opt/squid_cache 4096 16 256

## 緩存目錄大小爲 4G ，這個能夠按實際磁盤大小來定，有 16 二級目錄，每一個二級目錄下有 256 個子目錄

maximum_object_size 4 MB

## 最大緩存文件大小爲 4MB ，超過的直接傳給用戶，不做緩存

cache_access_log /var/log/squid/access.log

## 訪問日誌文件路徑，記錄了用戶訪問 Internet 的詳細信息，能夠查看每用戶的上網記錄

cache_log /var/log/squid/cache.log

## 緩存日誌文件路徑，記錄了緩存相關的日誌信息

cache_store_log /var/log/squid/store.log

## 網頁緩存日誌文件路徑，記錄了網頁在緩存中調用狀況

logfile_rotate 7

## 日誌輪轉，7 表明保留 6 箇舊的日誌跟 1 個新日誌（ 需配合 crond 來使用 ）

cache_swap_high 90

## 緩存磁盤空間大於 90% 時自動清理

cache_swap_low 80

## 清理到 80% 時中止

cache_peer 192.168.1.80 parent 80 0 originserver name=sina
cache_peer 192.168.1.80 parent 80 0 originserver name=baidu

## cache_peer 指定後端服務器地址，80 爲後端服務端口，0 爲 ICP 端口號（多個 Squid 時用）,originserver 指定資源服務器，name 指定一個別名

cache_peer_domain sina sina.com www.sina.com
cache_peer_domain baidu baidu.com www.baidu.com

## 指定對應關係，當用戶請求 baidu.com 或 www.baidu.com 時，轉發到別名爲 baidu 的真實服務器上

http_access allow all

## 容許全部人訪問代理服務器（必須開啓）

3、初始化 Squid

shell > squid -z
2015/01/06 17:31:14| Creating Swap Directories
2015/01/06 17:31:14| /opt/squid_cache exists
2015/01/06 17:31:14| Making directories in /opt/squid_cache/00
2015/01/06 17:31:14| Making directories in /opt/squid_cache/01
2015/01/06 17:31:14| Making directories in /opt/squid_cache/02
2015/01/06 17:31:14| Making directories in /opt/squid_cache/03
2015/01/06 17:31:14| Making directories in /opt/squid_cache/04
2015/01/06 17:31:14| Making directories in /opt/squid_cache/05
2015/01/06 17:31:14| Making directories in /opt/squid_cache/06
2015/01/06 17:31:14| Making directories in /opt/squid_cache/07
2015/01/06 17:31:14| Making directories in /opt/squid_cache/08
2015/01/06 17:31:14| Making directories in /opt/squid_cache/09
2015/01/06 17:31:14| Making directories in /opt/squid_cache/0A
2015/01/06 17:31:14| Making directories in /opt/squid_cache/0B
2015/01/06 17:31:14| Making directories in /opt/squid_cache/0C
2015/01/06 17:31:14| Making directories in /opt/squid_cache/0D
2015/01/06 17:31:14| Making directories in /opt/squid_cache/0E
2015/01/06 17:31:14| Making directories in /opt/squid_cache/0F

4、啓動 Squid

shell > service squid start
正在啓動 squid：.                                          [肯定]
shell > chkconfig --add squid
shell > chkconfig --level 35 squid on
shell > netstat -anpt | grep squid
tcp        0      0 192.168.1.88:3128           0.0.0.0:*                   LISTEN      2988/(squid)

5、測試

shell > cat /var/log/squid/access.log | grep TCP_MISS

1420537525.011     34 192.168.1.110 TCP_MISS/404 561 GET http://alabo.com/favicon.ico - FIRST_UP_PARENT/www text/html
1420537527.279   1124 192.168.1.110 TCP_MISS/200 2028 GET http://alabo.com/ - FIRST_UP_PARENT/www text/html
1420537527.571    137 192.168.1.110 TCP_MISS/200 3271 GET http://alabo.com/images/css.css - FIRST_UP_PARENT/www text/css
1420537528.193    621 192.168.1.110 TCP_MISS/200 140767 GET http://alabo.com/images/benner6.jpg - FIRST_UP_PARENT/www image/jpeg
1420537528.205    770 192.168.1.110 TCP_MISS/200 68852 GET http://alabo.com/images/benner1.jpg - FIRST_UP_PARENT/www image/jpeg
1420537528.599   1151 192.168.1.110 TCP_MISS/200 232817 GET http://alabo.com/images/benner2.jpg - FIRST_UP_PARENT/www image/jpeg
1420537528.606    377 192.168.1.110 TCP_MISS/200 101177 GET http://alabo.com/images/benner8.jpg - FIRST_UP_PARENT/www image/jpeg
1420537528.832   1381 192.168.1.110 TCP_MISS/200 210193 GET http://alabo.com/images/benner4.jpg - FIRST_UP_PARENT/www image/jpeg
1420537529.101   1652 192.168.1.110 TCP_MISS/200 281791 GET http://alabo.com/images/benner3.jpg - FIRST_UP_PARENT/www image/jpeg
1420537529.139    947 192.168.1.110 TCP_MISS/200 75526 GET http://alabo.com/images/benner7.jpg - FIRST_UP_PARENT/www image/jpeg
1420537529.198   1747 192.168.1.110 TCP_MISS/200 244311 GET http://alabo.com/images/benner5.jpg - FIRST_UP_PARENT/www image/jpeg
1420537529.572    959 192.168.1.110 TCP_MISS/200 287741 GET http://alabo.com/images/bj1.jpg - FIRST_UP_PARENT/www image/jpeg
1420537530.190      2 192.168.1.110 TCP_MISS/404 561 GET http://alabo.com/favicon.ico - FIRST_UP_PARENT/www text/html
1420537531.790    200 192.168.1.110 TCP_MISS/200 2028 GET http://alabo.com/ - FIRST_UP_PARENT/www text/html

## TCP_MISS 表明沒有被 Squid 緩存，而是從原始服務器取出的並返回給用戶的數據

shell > cat /var/log/squid/access.log | grep TCP_MEM_HIT

1420537531.980      0 192.168.1.110 TCP_MEM_HIT/200 3277 GET http://alabo.com/images/css.css - NONE/- text/css
1420537532.009     16 192.168.1.110 TCP_MEM_HIT/200 68858 GET http://alabo.com/images/benner1.jpg - NONE/- image/jpeg
1420537532.050     31 192.168.1.110 TCP_MEM_HIT/200 232823 GET http://alabo.com/images/benner2.jpg - NONE/- image/jpeg
1420537532.108     66 192.168.1.110 TCP_MEM_HIT/200 281797 GET http://alabo.com/images/benner3.jpg - NONE/- image/jpeg
1420537532.199    139 192.168.1.110 TCP_MEM_HIT/200 210199 GET http://alabo.com/images/benner4.jpg - NONE/- image/jpeg
1420537532.201    102 192.168.1.110 TCP_MEM_HIT/200 244317 GET http://alabo.com/images/benner5.jpg - NONE/- image/jpeg
1420537532.326     61 192.168.1.110 TCP_MEM_HIT/200 75532 GET http://alabo.com/images/benner7.jpg - NONE/- image/jpeg
1420537532.330    112 192.168.1.110 TCP_MEM_HIT/200 140773 GET http://alabo.com/images/benner6.jpg - NONE/- image/jpeg
1420537532.376     71 192.168.1.110 TCP_MEM_HIT/200 101183 GET http://alabo.com/images/benner8.jpg - NONE/- image/jpeg
1420537532.393    128 192.168.1.110 TCP_MEM_HIT/200 287747 GET http://alabo.com/images/bj1.jpg - NONE/- image/jpeg

## TCP_MEM_HIT 表明被 Squid 緩存到內存中並返回給用戶的數據

shell > cat /var/log/squid/access.log | grep TCP_HIT

## TCP_HIT 表明被 Squid 緩存到 cache 目錄（磁盤）中並返回給用戶的數據