Centos 6.5下squid 3.4 安裝 (反向代理)
Centos 6.5下squid 3.4 安裝 (反向代理)
類別:原創 服務器php
第一:說明,軟件說明,和安裝的目的
架設基於linux下的反向代理服務器,使用反向代理對網站進行加速。css
squid 3.* 和squid 2.7 在配置文件上有不少地方有變更,配置時請注意 html
第二:本例操做環境
所使用的系統環境爲 Centos 6.5 64位操做系統
[root@jedy ~]# uname -a
Linux jedy.com 2.6.32-431.3.1.el6.x86_64 #1 SMP Fri Jan 3 21:39:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@jedy ~]# more /etc/redhat-release
CentOS release 6.5 (Final)
[root@jedy ~]#
第三:所須要的軟件包以下
squid-3.4.2.tar.gz http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.2.tar.gz
第四:安裝、配置
[root@jedy ~]# rpm –qa | grep squid
[root@jedy ~]# rpm –e squid
[root@jedy ~]# cd /usr/local/src
[root@jedy src]# tar zxvf /software/squid-3.4.2.tar.gz
[root@jedy src]# cd squid-3.4.2/
[root@jedy squid-3.4.2]# ./configure --prefix=/usr/local/squid --enable-dlmalloc --enable-snmp --with-pthreads --enable-epoll --disable-internal-dns --enable-removal-policies=heap,lru --enable-delay-pools --enable-storeio=aufs,diskd,ufs --with-maxfd=65535
[root@jedy src]# make
[root@jedy src]# make install
[root@jedy src]# useradd -r -s /sbin/nologin squid
[root@jedy src]#cd
[root@jedy ~]# ln –sv /usr/local/squid/etc /etc/squid
[root@jedy ~]# mkdir /var/cache/squid /var/log/squid
[root@jedy ~]# chmod 777 /var/cache
[root@jedy ~]# chmod 777 /var/log/squid
[root@jedy ~]# chown squid.squid /var/cache
[root@jedy ~]# chown squid.squid /var/log/squid
[root@jedy ~]# more /etc/squid/squid.conf | grep –v 「#」| grep –v ^$
########## Base control ##########
cache_mgr admin@jedy.com \\ 管理員郵箱
visible_hostname squid.jedy.com \\ 主機名
http_port 0.0.0.0:80 accel vhost \\ 偵測的端口 注意 在squid 3.0中 這裏是不能加 http11的
icp_port 0
cache_dir ufs /var/cache 2048 32 256 \\ 定義squid的cache存放路徑 、cache目錄容量(單位M)、一級緩存目錄數量、二級緩存目錄數量
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh \\ log文件日誌格式
access_log /var/log/squid/access_log combined \\ log文件存放路徑 和日誌格式
cache_log /var/log/squid/cache_log
cache_store_log none
logfile_rotate 60 \\ log輪循 60天
error_directory /usr/local/squid/share/errors/zh-cn \\ 錯誤頁面的語言
unlinkd_program /usr/local/squid/libexec/unlinkd \\ 指定文件刪除進程的完整路徑 我也沒弄懂
strip_query_terms off \\在日誌中記錄URL的完整路徑包含「?」後面的參數。
#cache_vary on \\支持http 1.1的動態壓縮
acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache
########## Performance control ##########
cache_mem 1024 MB \\額外提供給squid使用的內存,squid的內存總佔用爲 X * 10+15+「cache_mem」其是 X爲squid的cache佔用的容量(以GB爲單位)
cache_swap_low 90
cache_swap_high 95 \\ cache目錄的限值,超過總容量的85%時會自動清理
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 2048 KB \\ 與內存有關的參數
ipcache_size 2048 \\ 緩存dns的正反向解析
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
#log_ip_on_direct on
log_mime_hdrs off
request_header_max_size 64 KB
request_body_max_size 0 KB
negative_ttl 5 minutes \\ 錯誤頁面緩存時間
connect_timeout 1 minute
read_timeout 1 minutes
request_timeout 1 minutes
client_lifetime 30 minutes
half_closed_clients on
#maximum_single_addr_tries 1linux
設定每一個頁面緩存的時間
<refresh_pattern> <頁面類型> <最小時間> <百分比> <最大時間>
refresh_pattern -i \.htm$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.html$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.shtml$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.shtm$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.xml$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpeg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.gif$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.css$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.js$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.swf$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.doc$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.ppt$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.xls$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.pdf$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.cab$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.exe$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.zip$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.dll$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.rar$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.zip$ 1440 90% 129600 reload-into-ims
refresh_pattern . 0 0% 0
acl purge method PURGE
acl QUERY urlpath_regex cgi-bin .php .cgi .asp .jsp .do
##acl all src all \\squid 3.0後 默認設置好了,不用另加,不然起不來
acl testip src 127.0.0.1/32 192.168.10.0/24
acl testdst dstdomain jedy.com .baidu.com .sina.com
###### Reverse proxy###########
<cache_peer> <主機名稱> <類別> <http_port> <icp_port> <其它參數>
cache_peer 192.168.10.10 parent 80 0 no-query originserver name=test1
cache_peer 192.168.10.20 parent 80 0 no-query originserver name=test2
cache_peer 192.168.10.30 parent 80 0 no-query originserver name=test3
cache_peer_domain test1 test.jedy.com bbs.jedy.com
cache_peer_domain test2 .baidu.com
cache_peer_domain test3 .sina.com
從客戶端過來的請求,若是是訪問test.jedy.com bbs.jedy.com, 則Squid向 Server 192.168.10.10的端口80發送請求
從客戶端過來的請求,若是是訪問 baidu.com, 則Squid向 Server 192.168.10.20的端口80發送請求
從客戶端過來的請求,若是是訪問 sina.com, 則Squid向 Server 192.168.10.30的端口80發送請求
<cache_peer_access> <上層 Proxy > <allow|deny> <acl名稱>
cache_peer_access test1 allow all
cache_peer_access test2 allow all
cache_peer_access test3 allow testip
容許全部人訪問 test1(192.168.10.10) test2 (192.168.10.20)
只容許 testip(192.168.10.0/24)訪問test3 (192.168.10.30)
########## Access control ############
http_access allow QUERY
http_access allow purge master
http_access allow testdst \\ 容許testdst 使用squid進行代理
http_access deny all
cache deny QUERY
hierarchy_stoplist cgi-bin ?
acl CactiServer src 192.168.20.11
acl SNMP snmp_community public \\ 容許snmp經過
snmp_port 3401
snmp_access allow SNMP CactiServer
snmp_access deny all
[root@jedy ~]#
[root@jedy ~]# /usr/local/squid/sbin/squid –zX \\ 初始化 squid
[root@jedy ~]# /usr/local/squid/sbin/squid –s \\ 啓動 squid
[root@jedy ~]# netstart –tlnp | grep 查看服務端口狀態 若是有80 說明服務啓動成功
[root@jedy ~]# echo 「/usr/local/squid/sbin/squid –s &」 >> /etc/rc.local \\ 開機自動啓動,咱們後面會說到使用服務器進程啓動squid,若是使用服務器進行啓動 這一條能夠不加
至此 關於squid的安裝配置部分結束。
第五:測試測試鏈接和認證
# 更改本地測試機的hosts文件,加入準備測試的網站如:www.uc55.com 解析到squid服務器ip地址
若是在本機瀏覽器裏能成功訪問 www.uc55.com 並查看數據包頭從squid請求的數據 那說明反向代理squid成功
修改dns服務器的A記錄,將需代理的網站部分指向 此代理服務器。
第六:補充知識
1.使用服務器進程啓動squid
新建squid 服務器進程
[root@jedy ~]# vim /etc/init.d/squid
################################腳本開始################################
#!/bin/bash
# squid This shell script takes care of starting and stopping
# Squid Internet Object Cache
#
# chkconfig: - 90 25
# description: Squid - Internet Object Cache. Internet object caching is \
# a way to store requested Internet objects (i.e., data available \
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
# requesting site than to the source. Web browsers can then use the \
# local Squid cache as a proxy HTTP server, reducing access time as \
# well as bandwidth consumption.
# pidfile: /usr/local/squid/var/logs/squid.pid
# config: /etc/squid/squid.conf
PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-"-D"}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
# determine the name of the squid binary
[ -f /usr/local/squid/sbin/squid ] && SQUID=/usr/local/squid/sbin/squid
prog="$SQUID"
# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' /etc/squid/squid.conf | \
grep cache_dir | awk '{ print $3 }'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/spool/squid
RETVAL=0
start() {
ulimit -HSn 65535
#check if the squid conf file is present
if [ ! -f /etc/squid/squid.conf ]; then
echo "Configuration file /etc/squid/squid.conf missing" 1>&2
exit 6
fi
. /etc/sysconfig/squid.sh
# don't raise an error if the config file is incomplete.
# set defaults instead:
SQUID_OPTS="-s -f/etc/squid/squid.conf"
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
if [ -z "$SQUID" ]; then
echo "Insufficient privilege" 1>&2
exit 4
fi
for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
$SQUID -z -F -D >> /var/log/squid/squid.out 2>&1
fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
timeout=0;
while : ; do
[ ! -f /usr/local/squid/var/logs/squid.pid ] || break
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
RETVAL=1
break
fi
sleep 1 && echo -n "."
timeout=$((timeout+1))
done
fi
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/squid
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}
stop() {
. /etc/sysconfig/squid.sh
# don't raise an error if the config file is incomplete.
# set defaults instead:
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
echo -n $"Stopping $prog: "
$SQUID -k check >> /var/log/squid/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
$SQUID -k shutdown &
rm -f /var/lock/subsys/squid
timeout=0
while : ; do
[ -f /usr/local/squid/var/logs/squid.pid ] || break
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
echo
return 1
fi
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo_success
echo
else
echo_failure
if [ ! -e /var/lock/subsys/squid ]; then
RETVAL=0
fi
echo
fi
return $RETVAL
}
reload() {
. /etc/sysconfig/squid.sh
# don't raise an error if the config file is incomplete.
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-"-D"}
$SQUID -k reconfigure -f /etc/squid/squid.conf
}
restart() {
stop
start
}
condrestart() {
[ -e /var/lock/subsys/squid ] && restart || :
}
rhstatus() {
status $SQUID && $SQUID -k check
}
probe() {
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
condrestart)
condrestart
;;
status)
rhstatus
;;
probe)
exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 2
esac
exit $?
################################腳本結束################################
2 .新建squid.sh 服務器進程
[root@jedy ~]# vim /etc/sysconfig/squid.sh 其實我也不知道這個腳本是作什麼用的,可是若是沒有這個腳本 啓動squid時會報錯
################################腳本開始################################
# default squid options
# -D disables initial dns checks. If you most likely will not to have an
# internet connection when you start squid, uncomment this
SQUID_OPTS="-D"
# Time to wait for Squid to shut down when asked. Should not be necessary
# most of the time.
SQUID_SHUTDOWN_TIMEOUT=100
################################腳本結束################################
3. 啓動 squid
[root@jedy ~]#services squid start
4.加入開機自動啓動
[root@jedy ~]#chkconfig –add squid
[root@jedy ~]#chkconfig –level 2345 squid on
5. 查看服務端口狀態
[root@jedy ~]#netstart -tlnp | grep squid 若是有80 說明服務啓動成功
6. 按期備份日誌
[root@jedy ~]# mkdir /var/log/squid/bak
[root@jedy ~]# chmod 777 /var/log/squid/bak
[root@jedy ~]# chown squid.squid /var/log/squid/bak
新建備份腳本
[root@jedy ~]# vim /usr/local/squid/squidlogbak.sh
################################腳本開始################################
#!/bin/sh
date=`date +%Y%m%d`
cd /var/log/squid/
# rename the current log file without interrupting the logging process
mv access_log access_log.sz.$date
# tell Squid to close the current logs and open new ones
/usr/local/squid/sbin/squid -k rotate
# give Squid some time to finish writing swap.state files
sleep 5
mv access_log.sz.$date /var/log/squid/bak/
gzip -9 /var/log/squid/bak/access_log.sz.$date
################################腳本結束###############################
[root@jedy ~]#crontab -e
58 23 * * * /usr/local/squid/squidlogbak.sh
[root@jedy ~]#
至此 關於squid的安裝配置所有結束。shell
- 1. Squid反向代理
- 2. CentOS 6.5上安裝squid 3.0
- 3. squid反向代理
- 4. squid 反向代理
- 5. CentOS 6.6編譯安裝Squid 配置反向代理服務器
- 6. Squid代理服務---反向代理
- 7. windows平臺下 反向代理 squid
- 8. squid配置 反向代理
- 9. squid的正反向代理
- 10. Centos 6.5 下安裝socket5代理
- 更多相關文章...
- • Docker 安裝 CentOS - Docker教程
- • CentOS Docker 安裝 - Docker教程
- • IntelliJ IDEA安裝代碼格式化插件
- • Composer 安裝與使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。