Squid 反向代理配置

Squid 反向代理配置

1、刪除主配置文件重寫寫入配置

rm -f /etc/squid/squid.conf

2、從新寫入配置反向代理

vim /etc/squid/squid.conf

# 監聽端口
# 修改端口80 accel vhost vport 爲反向代理
http_port 80  accel vhost vport
# cache_peer 代理IP 端口 0 originserver  name=a "a"表明一個域名
cache_peer 123.125.119.147 parent 80 0 originserver name=a
cache_peer 61.135.169.125 parent 80 0 originserver name=b
# 設置a的域名爲 www.qq.com
cache_peer_domain a www.qq.com
cache_peer_domain b www.baidu.com
# acl權限控制
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 8080         # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow all
# 緩存文件格式 aufs 緩存路徑 目錄1024大小MB 16子目錄 256子子目錄   
cache_dir aufs /data/cache 1024 16 256
# 內存佔用大小
cache_mem 128 MB
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
# 以某個字符開頭的進行緩存緩存10080秒
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
# 以某個字符結尾的進行緩存 緩存2880秒
refresh_pattern \.(jpg|png|gif|mp3|xml) 1440    50%     2880    ignore-reload
refresh_pattern .               0       20%     4320

反向代理/單個添加IP

# 監聽端口
# 修改端口80 accel vhost vport 爲反向代理
http_port 80  accel vhost vport
# cache_peer 服務器IP 端口 originserver代理該服務端全部域名
cache_peer 61.135.169.125 parent 80 0 originserver
# acl權限控制
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 8080         # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow all
# 緩存文件格式 aufs 緩存路徑 目錄1024大小MB 16子目錄 256子子目錄   
cache_dir aufs /data/cache 1024 16 256
# 內存佔用大小
cache_mem 128 MB
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
# 以某個字符開頭的進行緩存緩存10080秒
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
# 以某個字符結尾的進行緩存 緩存2880秒
refresh_pattern \.(jpg|png|gif|mp3|xml) 1440    50%     2880    ignore-reload
refresh_pattern .               0       20%     4320

反向代理/單服務器上全部IP

3、查看語法是否有錯

squid -kcheck

報錯

4、添加目錄權限

# 建立緩存目錄
mkdir /data/cache
# 該目錄賦予squid用戶所屬權限
chown -R squid:squid /data/cache/
# 初始化目錄
squid -z

5、重啓服務

/etc/init.d/squid stop
/etc/init.d/squid start

6、查看啓動狀況

查看啓動進程

---

Squid 反向代理測試

1、訪問未代理域名，503錯誤

curl -xlocalhost:80 www.qqfdsfds.com -I
HTTP/1.0 503 Service Unavailable

2、訪問已代理域名，200正常

curl -xlocalhost:80 www.baidu.com -I
HTTP/1.0 200 OK