木吉他版超级玛莉奥
crontab 的格式备忘
Squid反向代理实现Web缓存加速
--Config Web Cache Acceleration with Squid Transparent Proxy
Step I - Downloading and compiling Squid
wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE3-20060823.tar.gz
[root@localhost software]# tar zxvf squid-2.6.STABLE3-20060823.tar.gz
[root@localhost software]# cd squid-2.6.STABLE3-20060823
[root@localhost squid-2.6.STABLE3-20060823]# vi config.sh
写入内容如下:
#!/bin/bash
SQUID_ROOT="/Data/apps/squid"
./configure --prefix=$SQUID_ROOT \
--enable-useragent-log \
--enable-referer-log \
--enable-default-err-language=Simplify_Chinese \
--enable-err-languages="Simplify_Chinese English" \
--disable-internal-dns \
--enable-dlmalloc \
--with-pthreads \
--enable-poll \
--enable-stacktrace \
--enable-removal-policies="heap,lru" \
--enable-delay-pools \
--enable-storeio="aufs,coss,diskd,ufs"
[root@localhost squid-2.6.STABLE3-20060823]# sh config.sh
[root@localhost squid-2.6.STABLE3-20060823]# make
[root@localhost squid-2.6.STABLE3-20060823]# make install
Step II - Basic Configuration
[root@localhost squid-2.6.STABLE3-20060823]# cd /Data/apps/squid/
[root@localhost squid-2.6.STABLE3-20060823]# mkdir cache
[root@localhost squid-2.6.STABLE3-20060823]# chown squid.squid *
在/etc/hosts中:加入内部的DNS解析,比如:
211.100.99.100 longrujun.name
211.100.100.101 blog.hanlei.name
61.135.100.100 www.liuren.com
60.195.200.159 www.keso.cn
B、vi /Data/apps/squid/etc/squid.conf
squid.conf
Step III - Starting Squid
A、创建缓存目录
[root@redhatas4 sbin]# ./squid –z
B、测试Squid运行状况
[root@redhatas4 sbin]# ./squid –NCd1
成功后将出现"Ready to serve requests".否则请检查配置文件
C、
启动Squid
/Data/apps/squid/sbin/squid
停止 Squid
/Data/apps/squid/sbin/squid –k shutdown
启用新配置:
/Data/apps/squid/sbin/squid -k reconfig
通过crontab每天0点截断/轮循日志:
0 0 * * * (/Data/apps/squid/sbin/squid -k rotate)
配置文档 - squid.conf
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 211.211.211.211:80 transparent vhost vport
#
#cache_peer 211.100.59.59 parent 80 0 no-query originserver
#cache_peer 61.235.170.133 parent 80 3130 no-query no-netdb-exchange proxy-only
#cache_peer 211.101.21.114 parent 80 0 no-query originserver
#cache_peer 211.100.23.242 parent 80 0 no-query originserver
#cache_peer 61.135.120.233 parent 80 0 no-query originserver
#cache_peer 219.246.145.145 parent 80 0 no-query originserver
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
collapsed_forwarding on
# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 80 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------
#cache_dir ufs /Data/apps/squid/var/cache 1024 56 256
cache_dir ufs /Data/apps/squid/cache 4096 56 256
#access_log /Data/apps/squid/var/logs/access.log squid
cache_log /Data/apps/squid/var/logs/cache.log
emulate_httpd_log on
#cache_store_log /Data/apps/squid/var/logs/store.log
# pid_filename /Data/apps/squid/var/logs/squid.pid
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------
dns_children 5
#Recommended minimum configuration per scheme:
#auth_param negotiate program <uncomment and complete this line to activate>
#auth_param negotiate children 5
#auth_param negotiate keep_alive on
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm keep_alive on
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param basic program <uncomment and complete this line>
#auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
# request_header_max_size 20 KB
# request_body_max_size 0 KB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
# quick_abort_pct 95
# read_ahead_gap 16 KB
# negative_ttl 5 minutes
# refresh_stale_hit 0 seconds
# TIMEOUTS
# -----------------------------------------------------------------------------
forward_timeout 20 seconds
connect_timeout 15 seconds
# peer_connect_timeout 30 seconds
read_timeout 3 minutes
request_timeout 1 minutes
persistent_request_timeout 15 seconds
client_lifetime 15 minutes
half_closed_clients off
# pconn_timeout 120 seconds
# ident_timeout 10 seconds
shutdown_lifetime 5 seconds
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
cache_mgr longrujun@gmail.com
cache_effective_user squid
cache_effective_group squid
# httpd_suppress_version_string off
visible_hostname longrujun.name
# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# ----------------------------------------------------------------------------
# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------
# httpd_accel_no_pmtu_disc off
# MISCELLANEOUS
# -----------------------------------------------------------------------------
logfile_rotate 0
tcp_recv_bufsize 65535 bytes
# memory_pools on
# memory_pools_limit 5 MB
# via on
# forwarded_for on
# log_icp_queries on
# icp_hit_stale off
# minimum_direct_hops 4
# minimum_direct_rtt 400
# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# client_db on
# netdb_low 900
# netdb_high 1000
# netdb_ping_period 5 minutes
# query_icmp off
# buffered_logs off
# reload_into_ims off
# global_internal_static on
# short_icon_urls off
error_directory /Data/apps/squid/share/errors/Simplify_Chinese
# maximum_single_addr_tries 1
# retry_on_error off
# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------
# delay_initial_bucket_level 50
# max_open_disk_fds 0
# offline_mode off
# uri_whitespace strip
# nonhierarchical_direct on
# prefer_direct off
# coredump_dir none
coredump_dir /Data/apps/squid/cache
# redirector_bypass off
# ignore_unknown_nameservers on
# digest_generation on
# digest_bits_per_entry 5
# digest_rebuild_period 1 hour
# digest_swapout_chunk_size 4096 bytes
# digest_rebuild_chunk_percentage 10
client_persistent_connections off
server_persistent_connections on
# persistent_connection_after_error off
# detect_broken_pconn off
# balance_on_multiple_ip on
# pipeline_prefetch off
# request_entities off
# high_response_time_warning 0
# high_page_fault_warning 0
# high_memory_warning 0
# store_dir_select_algorithm least-load
# ie_refresh off
vary_ignore_expire on
# sleep_after_fork 0
# minimum_expiry_time 60 seconds
# relaxed_header_parser on
strip_query_terms on
# ACCESS CONTROLS
#---------------------------------------------------
acl OverConnLimit maxconn 20
http_access deny OverConnLimit
#acl AntiGoogle req_header User-Agent Googlespider
#http_access deny AntiGoogle
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255 10.10.10.0/24
acl Srvip dst 211.100.99.0/24 211.100.100.0/24 61.135.100.0/24 60.195.200.159.0/24
acl Srvdm dstdomain .longrujun.name .hanlei.name .liuren.com .keso.cn
acl to_localhost dst 127.0.0.0/8 61.135.170.231/255.255.255.255
acl purgehost src 127.0.0.0/8 61.135.170.231/255.255.255.255
acl purgemethod method PURGE
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl CONNECT method CONNECT
always_direct allow Srvdm
never_direct allow !Srvdm
http_access allow manager localhost
http_access deny manager
http_access allow purgemethod purgehost
http_access deny !Safe_ports
http_access deny CONNECT all
http_access allow localhost
http_access allow Srvip
http_access allow Srvdm
http_access deny all
http_reply_access allow all
icp_access deny all
icp_port 0
--Config Web Cache Acceleration with Squid Transparent Proxy
Step I - Downloading and compiling Squid
wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE3-20060823.tar.gz
[root@localhost software]# tar zxvf squid-2.6.STABLE3-20060823.tar.gz
[root@localhost software]# cd squid-2.6.STABLE3-20060823
[root@localhost squid-2.6.STABLE3-20060823]# vi config.sh
写入内容如下:
#!/bin/bash
SQUID_ROOT="/Data/apps/squid"
./configure --prefix=$SQUID_ROOT \
--enable-useragent-log \
--enable-referer-log \
--enable-default-err-language=Simplify_Chinese \
--enable-err-languages="Simplify_Chinese English" \
--disable-internal-dns \
--enable-dlmalloc \
--with-pthreads \
--enable-poll \
--enable-stacktrace \
--enable-removal-policies="heap,lru" \
--enable-delay-pools \
--enable-storeio="aufs,coss,diskd,ufs"
[root@localhost squid-2.6.STABLE3-20060823]# sh config.sh
[root@localhost squid-2.6.STABLE3-20060823]# make
[root@localhost squid-2.6.STABLE3-20060823]# make install
Step II - Basic Configuration
[root@localhost squid-2.6.STABLE3-20060823]# cd /Data/apps/squid/
[root@localhost squid-2.6.STABLE3-20060823]# mkdir cache
[root@localhost squid-2.6.STABLE3-20060823]# chown squid.squid *
在/etc/hosts中:加入内部的DNS解析,比如:
211.100.99.100 longrujun.name
211.100.100.101 blog.hanlei.name
61.135.100.100 www.liuren.com
60.195.200.159 www.keso.cn
B、vi /Data/apps/squid/etc/squid.conf
squid.conf
Step III - Starting Squid
A、创建缓存目录
[root@redhatas4 sbin]# ./squid –z
B、测试Squid运行状况
[root@redhatas4 sbin]# ./squid –NCd1
成功后将出现"Ready to serve requests".否则请检查配置文件
C、
启动Squid
/Data/apps/squid/sbin/squid
停止 Squid
/Data/apps/squid/sbin/squid –k shutdown
启用新配置:
/Data/apps/squid/sbin/squid -k reconfig
通过crontab每天0点截断/轮循日志:
0 0 * * * (/Data/apps/squid/sbin/squid -k rotate)
配置文档 - squid.conf
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 211.211.211.211:80 transparent vhost vport
#
#cache_peer 211.100.59.59 parent 80 0 no-query originserver
#cache_peer 61.235.170.133 parent 80 3130 no-query no-netdb-exchange proxy-only
#cache_peer 211.101.21.114 parent 80 0 no-query originserver
#cache_peer 211.100.23.242 parent 80 0 no-query originserver
#cache_peer 61.135.120.233 parent 80 0 no-query originserver
#cache_peer 219.246.145.145 parent 80 0 no-query originserver
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
collapsed_forwarding on
# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 80 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------
#cache_dir ufs /Data/apps/squid/var/cache 1024 56 256
cache_dir ufs /Data/apps/squid/cache 4096 56 256
#access_log /Data/apps/squid/var/logs/access.log squid
cache_log /Data/apps/squid/var/logs/cache.log
emulate_httpd_log on
#cache_store_log /Data/apps/squid/var/logs/store.log
# pid_filename /Data/apps/squid/var/logs/squid.pid
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------
dns_children 5
#Recommended minimum configuration per scheme:
#auth_param negotiate program <uncomment and complete this line to activate>
#auth_param negotiate children 5
#auth_param negotiate keep_alive on
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm keep_alive on
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param basic program <uncomment and complete this line>
#auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
# request_header_max_size 20 KB
# request_body_max_size 0 KB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
# quick_abort_pct 95
# read_ahead_gap 16 KB
# negative_ttl 5 minutes
# refresh_stale_hit 0 seconds
# TIMEOUTS
# -----------------------------------------------------------------------------
forward_timeout 20 seconds
connect_timeout 15 seconds
# peer_connect_timeout 30 seconds
read_timeout 3 minutes
request_timeout 1 minutes
persistent_request_timeout 15 seconds
client_lifetime 15 minutes
half_closed_clients off
# pconn_timeout 120 seconds
# ident_timeout 10 seconds
shutdown_lifetime 5 seconds
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
cache_mgr longrujun@gmail.com
cache_effective_user squid
cache_effective_group squid
# httpd_suppress_version_string off
visible_hostname longrujun.name
# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# ----------------------------------------------------------------------------
# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------
# httpd_accel_no_pmtu_disc off
# MISCELLANEOUS
# -----------------------------------------------------------------------------
logfile_rotate 0
tcp_recv_bufsize 65535 bytes
# memory_pools on
# memory_pools_limit 5 MB
# via on
# forwarded_for on
# log_icp_queries on
# icp_hit_stale off
# minimum_direct_hops 4
# minimum_direct_rtt 400
# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# client_db on
# netdb_low 900
# netdb_high 1000
# netdb_ping_period 5 minutes
# query_icmp off
# buffered_logs off
# reload_into_ims off
# global_internal_static on
# short_icon_urls off
error_directory /Data/apps/squid/share/errors/Simplify_Chinese
# maximum_single_addr_tries 1
# retry_on_error off
# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------
# delay_initial_bucket_level 50
# max_open_disk_fds 0
# offline_mode off
# uri_whitespace strip
# nonhierarchical_direct on
# prefer_direct off
# coredump_dir none
coredump_dir /Data/apps/squid/cache
# redirector_bypass off
# ignore_unknown_nameservers on
# digest_generation on
# digest_bits_per_entry 5
# digest_rebuild_period 1 hour
# digest_swapout_chunk_size 4096 bytes
# digest_rebuild_chunk_percentage 10
client_persistent_connections off
server_persistent_connections on
# persistent_connection_after_error off
# detect_broken_pconn off
# balance_on_multiple_ip on
# pipeline_prefetch off
# request_entities off
# high_response_time_warning 0
# high_page_fault_warning 0
# high_memory_warning 0
# store_dir_select_algorithm least-load
# ie_refresh off
vary_ignore_expire on
# sleep_after_fork 0
# minimum_expiry_time 60 seconds
# relaxed_header_parser on
strip_query_terms on
# ACCESS CONTROLS
#---------------------------------------------------
acl OverConnLimit maxconn 20
http_access deny OverConnLimit
#acl AntiGoogle req_header User-Agent Googlespider
#http_access deny AntiGoogle
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255 10.10.10.0/24
acl Srvip dst 211.100.99.0/24 211.100.100.0/24 61.135.100.0/24 60.195.200.159.0/24
acl Srvdm dstdomain .longrujun.name .hanlei.name .liuren.com .keso.cn
acl to_localhost dst 127.0.0.0/8 61.135.170.231/255.255.255.255
acl purgehost src 127.0.0.0/8 61.135.170.231/255.255.255.255
acl purgemethod method PURGE
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl CONNECT method CONNECT
always_direct allow Srvdm
never_direct allow !Srvdm
http_access allow manager localhost
http_access deny manager
http_access allow purgemethod purgehost
http_access deny !Safe_ports
http_access deny CONNECT all
http_access allow localhost
http_access allow Srvip
http_access allow Srvdm
http_access deny all
http_reply_access allow all
icp_access deny all
icp_port 0
系统:redhat as 4
apache :httpd-2.0.52-9.ent
squid :squid-2.5.STABLE6-3.4E.3
1.安装
安装squid很简单:
# yum -y install squid
配置squid
修改:/etc/squid/squid.conf成下面的
http_port 80
icp_port 0
acl QUERY urlpath_regex cgi-bin
no_cache deny QUERY
cache_mem 16 MB
cache_dir ufs /tmp 256 16 256
log_icp_queries off
buffered_logs on
emulate_httpd_log on
redirect_rewrites_host_header off
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
http_access allow all
cache_mgr admin
cache_effective_user squid
cache_effective_group squid
httpd_accel_host virtual
httpd_accel_uses_host_header on
httpd_accel_port 81
这里解释一下
http_port”参数指定Squid监听浏览器客户请求的端口号,这里当然是80了
cache_dir ufs /tmp 256 16 256
cache_dir参数设定使用的存储系统的类型。一般情况下都类型应该是ufs,目录应该是“/tmp”,在该目录下使用的缓冲值为256MB,允许在“/tmp”下创建的第一级子目录数为16,每个第一级子目录下可以创建的第二级子目录数量为256
选项“httpd_accel_host”和“httpd_accel_port”定义了真正的Web服务器的主机名和端口号。在这里的配置中,真正的HTTP服务器运行的状况是虚拟主机:virtual而运行的端口是:81。
选项“httpd_accel_uses_host_header”是什么意思就不清楚了,还没看说明
3.修改apache的配置文档
这里就不说apache的安装了!
注意3个地方:
(1)
Port 80这里改成:Port 81
(2)
NameVirtualHost 221.6.145.41:81
如何没有这句,就加上这句!
(3)虚拟主机:
<VirtualHost 221.6.145.41:81>
ServerAdmin webmaster@ourlinux.net
DocumentRoot /var/www/yum.ourlinux.net
ServerName apt.ourlinux.net
ErrorLog logs/yum.ourlinux.net-error_log
CustomLog logs/yum.ourlinux.net-access_log common
</VirtualHost>
<VirtualHost 221.6.145.41:81>
ServerAdmin webmaster@ourlinux.net
DocumentRoot /var/www/apt.ourlinux.net
ServerName apt.ourlinux.net
ErrorLog logs/yum.ourlinux.net-error_log
CustomLog logs/yum.ourlinux.net-access_log common
</VirtualHost>
ip部分要一致!
4.启动!
先启动httpd
再启动squid
apache :httpd-2.0.52-9.ent
squid :squid-2.5.STABLE6-3.4E.3
1.安装
安装squid很简单:
# yum -y install squid
配置squid
修改:/etc/squid/squid.conf成下面的
http_port 80
icp_port 0
acl QUERY urlpath_regex cgi-bin
no_cache deny QUERY
cache_mem 16 MB
cache_dir ufs /tmp 256 16 256
log_icp_queries off
buffered_logs on
emulate_httpd_log on
redirect_rewrites_host_header off
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
http_access allow all
cache_mgr admin
cache_effective_user squid
cache_effective_group squid
httpd_accel_host virtual
httpd_accel_uses_host_header on
httpd_accel_port 81
这里解释一下
http_port”参数指定Squid监听浏览器客户请求的端口号,这里当然是80了
cache_dir ufs /tmp 256 16 256
cache_dir参数设定使用的存储系统的类型。一般情况下都类型应该是ufs,目录应该是“/tmp”,在该目录下使用的缓冲值为256MB,允许在“/tmp”下创建的第一级子目录数为16,每个第一级子目录下可以创建的第二级子目录数量为256
选项“httpd_accel_host”和“httpd_accel_port”定义了真正的Web服务器的主机名和端口号。在这里的配置中,真正的HTTP服务器运行的状况是虚拟主机:virtual而运行的端口是:81。
选项“httpd_accel_uses_host_header”是什么意思就不清楚了,还没看说明
3.修改apache的配置文档
这里就不说apache的安装了!
注意3个地方:
(1)
Port 80这里改成:Port 81
(2)
NameVirtualHost 221.6.145.41:81
如何没有这句,就加上这句!
(3)虚拟主机:
<VirtualHost 221.6.145.41:81>
ServerAdmin webmaster@ourlinux.net
DocumentRoot /var/www/yum.ourlinux.net
ServerName apt.ourlinux.net
ErrorLog logs/yum.ourlinux.net-error_log
CustomLog logs/yum.ourlinux.net-access_log common
</VirtualHost>
<VirtualHost 221.6.145.41:81>
ServerAdmin webmaster@ourlinux.net
DocumentRoot /var/www/apt.ourlinux.net
ServerName apt.ourlinux.net
ErrorLog logs/yum.ourlinux.net-error_log
CustomLog logs/yum.ourlinux.net-access_log common
</VirtualHost>
ip部分要一致!
4.启动!
先启动httpd
再启动squid
说明:粉红色标注是运行命令,红色标注关键的参数,蓝色标注是配置文件的代码;
Setp 1 – Download file and compiling Squid
1. 首先卸载自带的squid程序,使用命令如下
#rpm –q squid #检测是否已安装了squid
# rpm –e squid全文件名 #卸载系统自带已安装上的squid
2.下载最新稳定版squid以及编译安装
Address: http://www.squid-cache.org/Version ... -2.5.STABLE13.tar.gz
# tar zxvf squid-2.5.STABLE13.tar.gz
# cd squid-2.5.STABLE13
# vi config.sh #新建此配置文件
代码如下:
#!/bin/bash
SQUID_ROOT="/Data/apps/squid"
./configure --prefix=$SQUID_ROOT \
--enable-useragent-log \
--enable-referer-log \
--enable-default-err-language=Simplify_Chinese \
--enable-err-languages="Simplify_Chinese English" \
--disable-internal-dns #停止本地的dns解析
# sh config.sh
# make
# make install
Setp 2 – Basic Configuration
# cd /Data/apps/squid/
# mkdir cache
# chown squid.squid *
# chmod 777 -R var #目的是为了增加日志文件的写入权限
Setp 3 –Particular Configuration
# cd /Data/apps/squid/etc
# mv squid.conf squid.conf.bak #备份原文件
# vi squid.conf #新建文件
A. 模式1:Squid对应多台web服务器
A1。在vi /etc/hosts中:加入内部的DNS解析,比如:
192.168.0.9 www.5538.com
192.168.0.66 bbs.5538.com
A2。#vi /Data/apps/squid/etc/squid.conf
代码如下:
# visible name
visible_hostname cache.5538.com
# cache config: space use 1G and memory use 256M
cache_dir ufs /Data/apps/squid/cache 1024 16 256
cache_mem 256 MB
cache_effective_user squid #设置运行时的用户和组权限
cache_effective_group squid
# 反向加速配置
http_port 80 # squid监听的端口,客户访问网站的端口
httpd_accel_host virtual # WEB服务器的IP地址,此模式下设置为:virtual
httpd_accel_single_host off # 设置on时缓冲请求到单台Server,off对应virtual
httpd_accel_port 80 # WEB服务器的端口(对于多台web服务器,端口必须一致)
httpd_accel_uses_host_header on # 完成多个WEB服务器的反向代理功能
httpd_accel_with_proxy off # 停用代理本地上网
# accelerater my domain only
acl acceleratedHostA dstdomain www.5538.com
acl acceleratedHostB dstdomain bbs.5538.com
# accelerater http protocol on port 80
acl acceleratedProtocol protocol HTTP
acl acceleratedPort port 80
# access arc
acl all src 0.0.0.0/0.0.0.0
# Allow requests when they are to the accelerated machine AND to the right port with right protocol
http_access allow acceleratedProtocol acceleratedPort acceleratedHostA
http_access allow acceleratedProtocol acceleratedPort acceleratedHostB
http_access allow all
# logging
emulate_httpd_log on
cache_store_log none
# manager
acl manager proto cache_object
http_access allow manager all
cachemgr_passwd pass all
cache_mgr admin@5538.com
#swap 性能微调
half_closed_clients off
cache_swap_high 100%
cache_swap_low 95%
maximum_object_size 1024 KB
# 控制对象的超时时间 (S_Data-Data)<Min+(Max-Min)*90%
refresh_pattern -i .html 60 90% 10080 reload-into-ims
#refresh_pattern -i \.html$ 60 90% 10080 reload-into-ims
refresh_pattern -i .png 60 90% 10080 reload-into-ims
refresh_pattern -i .jpg 1440 90% 129600 reload-into-ims
refresh_pattern -i .gif 1440 90% 129600 reload-into-ims
refresh_pattern -i .js 1440 90% 10080 reload-into-ims
refresh_pattern -i .swf 1440 90% 129600 reload-into-ims
refresh_pattern -i .bmp 1440 90% 129600 reload-into-ims
# refresh_pattern -i .shtml 1440 90% 129600 reload-into-ims
# refresh_pattern -i .hml 1440 90% 129600 reload-into-ims
# 禁止缓存
hierarchy_stoplist cgi-bin ?
hierarchy_stoplist -i ^https:\\ ?
acl QUERY urlpath_regex -i cgi-bin \? \.php \.xml
acl denyssl urlpath_regex -i ^https:\\
no_cache deny QUERY
no_cache deny denyssl
#logfile_rotate 可以用logfile_rotate 0来取消自动操作
logfile_rotate 4[/quote]
B.模式2:Squid 与 web是单独两台服务器
# vi /Data/apps/squid/etc/squid.conf 代码如下:
# visible name
visible_hostname cache.5538.com
# cache config: space use 1G and memory use 256M
cache_dir ufs /Data/apps/squid/cache 1024 16 256
cache_mem 256 MB
cache_effective_user squid #设置运行时的用户和组权限
cache_effective_group squid
# 反向加速配置
http_port 80 # squid监听的端口,客户访问网站的端口
httpd_accel_host ip_address # WEB服务器的IP地址
httpd_accel_single_host on # 设置转发为缓冲的请求到一台单独的机器
httpd_accel_port 80 # WEB服务器的端口
httpd_accel_uses_host_header off # 完成单台WEB服务器的反向代理功能
httpd_accel_with_proxy off # 停用代理本地上网
# accelerater my domain only
acl acceleratedHostA dst ip_address # WEB服务器的IP地址
# accelerater http protocol on port 80
acl acceleratedProtocol protocol HTTP
acl acceleratedPort port 80
# access arc
acl all src 0.0.0.0/0.0.0.0
# Allow requests when they are to the accelerated machine AND to the right port with right protocol
http_access allow acceleratedProtocol acceleratedPort acceleratedHostA
http_access allow all
# logging
emulate_httpd_log on
cache_store_log none
# manager
acl manager proto cache_object
http_access allow manager all
cachemgr_passwd pass all
cache_mgr admin@5538.com
#swap 性能微调
half_closed_clients off
cache_swap_high 100%
cache_swap_low 95%
maximum_object_size 1024 KB
# 控制对象的超时时间 (S_Data-Data)<Min+(Max-Min)*90%
refresh_pattern -i .html 60 90% 10080 reload-into-ims
refresh_pattern -i .png 60 90% 10080 reload-into-ims
refresh_pattern -i .jpg 1440 90% 129600 reload-into-ims
refresh_pattern -i .gif 1440 90% 129600 reload-into-ims
refresh_pattern -i .js 1440 90% 10080 reload-into-ims
refresh_pattern -i .swf 1440 90% 129600 reload-into-ims
refresh_pattern -i .bmp 1440 90% 129600 reload-into-ims
# refresh_pattern -i .shtml 1440 90% 129600 reload-into-ims
# refresh_pattern -i .hml 1440 90% 129600 reload-into-ims
# 禁止缓存
hierarchy_stoplist cgi-bin ?
hierarchy_stoplist -i ^https:\\ ?
acl QUERY urlpath_regex -i cgi-bin \? \.php \.xml
acl denyssl urlpath_regex -i ^https:\\
no_cache deny QUERY
no_cache deny denyssl
#logfile_rotate 可以用logfile_rotate 0来取消自动操作
logfile_rotate 4[/quote]
C.模式3:Squid 与 Web是同一台服务器
# vi /Data/apps/squid/etc/squid.conf 代码如下:
# visible name
visible_hostname cache.5538.com
# cache config: space use 1G and memory use 256M
cache_dir ufs /Data/apps/squid/cache 1024 16 256
cache_mem 256 MB
cache_effective_user squid #设置运行时的用户和组权限
cache_effective_group squid
# 反向加速配置
http_port 80 # squid监听的端口,客户访问网站的端口
httpd_accel_host ip_address # WEB服务器的IP地址
httpd_accel_single_host on # 设置转发为缓冲的请求到一台单独的机器
httpd_accel_port 81 # WEB服务器的端口
httpd_accel_uses_host_header off # 完成单台WEB服务器的反向代理功能
httpd_accel_with_proxy off # 停用代理本地上网
# accelerater my domain only
acl acceleratedHostA dst ip_address # WEB服务器的IP地址
# accelerater http protocol on port 80
acl acceleratedProtocol protocol HTTP
acl acceleratedPort port 80
# access arc
acl all src 0.0.0.0/0.0.0.0
# Allow requests when they are to the accelerated machine AND to the right port with right protocol
http_access allow acceleratedProtocol acceleratedPort acceleratedHostA
http_access allow all
# logging
emulate_httpd_log on
cache_store_log none
# manager
acl manager proto cache_object
http_access allow manager all
cachemgr_passwd pass all
cache_mgr admin@5538.com
#swap 性能微调
half_closed_clients off
cache_swap_high 100%
cache_swap_low 95%
maximum_object_size 1024 KB
# 控制对象的超时时间 (S_Data-Data)<Min+(Max-Min)*90%
refresh_pattern -i .html 60 90% 10080 reload-into-ims
refresh_pattern -i .png 60 90% 10080 reload-into-ims
refresh_pattern -i .jpg 1440 90% 129600 reload-into-ims
refresh_pattern -i .gif 1440 90% 129600 reload-into-ims
refresh_pattern -i .js 1440 90% 10080 reload-into-ims
refresh_pattern -i .swf 1440 90% 129600 reload-into-ims
refresh_pattern -i .bmp 1440 90% 129600 reload-into-ims
# refresh_pattern -i .shtml 1440 90% 129600 reload-into-ims
# refresh_pattern -i .hml 1440 90% 129600 reload-into-ims
# 禁止缓存
hierarchy_stoplist cgi-bin ?
hierarchy_stoplist -i ^https:\\ ?
acl QUERY urlpath_regex -i cgi-bin \? \.php \.xml
acl denyssl urlpath_regex -i ^https:\\
no_cache deny QUERY
no_cache deny denyssl
# logfile_rotate 可以用logfile_rotate 0来取消自动操作
logfile_rotate 4[/quote]
Setp 3 –Starting Squid
1、 创建缓存目录
# cd /Data/apps/squid/sbin
#./squid –z # 出现Creating Swap Directories提示,表示建立成功
2、 运行Squid
# cd /Data/apps/squid/sbin
#./squid –NCd1 # 成功后将出现"Ready to serve requests".否则请检查配置文件
说明,用squid -NCd1来以debug模式启动,这样如果有错误会报出来,一般如果是ADSL拨号的,那么在没有拨号之前就启动squid的话是会出错的(FATAL: ipcache_init: DNS name lookup tests failed),因为squid启动时会去检查一些常用的DNS,但是这时候你并没有接入internet,自然就出错了,所以我们需要在启动的时候不检查DNS,这就需要用加上-D选项来启动squid,命令如下:
#./squid –NCDd1 # 参数Dd1的目的是禁止测试DNS的连通性并且把squid在开始运行后的一些提示信息显示在屏幕上)
三、 注意事项:
1、Squid的配置文件squid.conf更改后必须重新运行squid;
2、Squid服务器的hosts文件更改后必须重新运行squid;
Setp 1 – Download file and compiling Squid
1. 首先卸载自带的squid程序,使用命令如下
#rpm –q squid #检测是否已安装了squid
# rpm –e squid全文件名 #卸载系统自带已安装上的squid
2.下载最新稳定版squid以及编译安装
Address: http://www.squid-cache.org/Version ... -2.5.STABLE13.tar.gz
# tar zxvf squid-2.5.STABLE13.tar.gz
# cd squid-2.5.STABLE13
# vi config.sh #新建此配置文件
代码如下:
#!/bin/bash
SQUID_ROOT="/Data/apps/squid"
./configure --prefix=$SQUID_ROOT \
--enable-useragent-log \
--enable-referer-log \
--enable-default-err-language=Simplify_Chinese \
--enable-err-languages="Simplify_Chinese English" \
--disable-internal-dns #停止本地的dns解析
# sh config.sh
# make
# make install
Setp 2 – Basic Configuration
# cd /Data/apps/squid/
# mkdir cache
# chown squid.squid *
# chmod 777 -R var #目的是为了增加日志文件的写入权限
Setp 3 –Particular Configuration
# cd /Data/apps/squid/etc
# mv squid.conf squid.conf.bak #备份原文件
# vi squid.conf #新建文件
A. 模式1:Squid对应多台web服务器
A1。在vi /etc/hosts中:加入内部的DNS解析,比如:
192.168.0.9 www.5538.com
192.168.0.66 bbs.5538.com
A2。#vi /Data/apps/squid/etc/squid.conf
代码如下:
# visible name
visible_hostname cache.5538.com
# cache config: space use 1G and memory use 256M
cache_dir ufs /Data/apps/squid/cache 1024 16 256
cache_mem 256 MB
cache_effective_user squid #设置运行时的用户和组权限
cache_effective_group squid
# 反向加速配置
http_port 80 # squid监听的端口,客户访问网站的端口
httpd_accel_host virtual # WEB服务器的IP地址,此模式下设置为:virtual
httpd_accel_single_host off # 设置on时缓冲请求到单台Server,off对应virtual
httpd_accel_port 80 # WEB服务器的端口(对于多台web服务器,端口必须一致)
httpd_accel_uses_host_header on # 完成多个WEB服务器的反向代理功能
httpd_accel_with_proxy off # 停用代理本地上网
# accelerater my domain only
acl acceleratedHostA dstdomain www.5538.com
acl acceleratedHostB dstdomain bbs.5538.com
# accelerater http protocol on port 80
acl acceleratedProtocol protocol HTTP
acl acceleratedPort port 80
# access arc
acl all src 0.0.0.0/0.0.0.0
# Allow requests when they are to the accelerated machine AND to the right port with right protocol
http_access allow acceleratedProtocol acceleratedPort acceleratedHostA
http_access allow acceleratedProtocol acceleratedPort acceleratedHostB
http_access allow all
# logging
emulate_httpd_log on
cache_store_log none
# manager
acl manager proto cache_object
http_access allow manager all
cachemgr_passwd pass all
cache_mgr admin@5538.com
#swap 性能微调
half_closed_clients off
cache_swap_high 100%
cache_swap_low 95%
maximum_object_size 1024 KB
# 控制对象的超时时间 (S_Data-Data)<Min+(Max-Min)*90%
refresh_pattern -i .html 60 90% 10080 reload-into-ims
#refresh_pattern -i \.html$ 60 90% 10080 reload-into-ims
refresh_pattern -i .png 60 90% 10080 reload-into-ims
refresh_pattern -i .jpg 1440 90% 129600 reload-into-ims
refresh_pattern -i .gif 1440 90% 129600 reload-into-ims
refresh_pattern -i .js 1440 90% 10080 reload-into-ims
refresh_pattern -i .swf 1440 90% 129600 reload-into-ims
refresh_pattern -i .bmp 1440 90% 129600 reload-into-ims
# refresh_pattern -i .shtml 1440 90% 129600 reload-into-ims
# refresh_pattern -i .hml 1440 90% 129600 reload-into-ims
# 禁止缓存
hierarchy_stoplist cgi-bin ?
hierarchy_stoplist -i ^https:\\ ?
acl QUERY urlpath_regex -i cgi-bin \? \.php \.xml
acl denyssl urlpath_regex -i ^https:\\
no_cache deny QUERY
no_cache deny denyssl
#logfile_rotate 可以用logfile_rotate 0来取消自动操作
logfile_rotate 4[/quote]
B.模式2:Squid 与 web是单独两台服务器
# vi /Data/apps/squid/etc/squid.conf 代码如下:
# visible name
visible_hostname cache.5538.com
# cache config: space use 1G and memory use 256M
cache_dir ufs /Data/apps/squid/cache 1024 16 256
cache_mem 256 MB
cache_effective_user squid #设置运行时的用户和组权限
cache_effective_group squid
# 反向加速配置
http_port 80 # squid监听的端口,客户访问网站的端口
httpd_accel_host ip_address # WEB服务器的IP地址
httpd_accel_single_host on # 设置转发为缓冲的请求到一台单独的机器
httpd_accel_port 80 # WEB服务器的端口
httpd_accel_uses_host_header off # 完成单台WEB服务器的反向代理功能
httpd_accel_with_proxy off # 停用代理本地上网
# accelerater my domain only
acl acceleratedHostA dst ip_address # WEB服务器的IP地址
# accelerater http protocol on port 80
acl acceleratedProtocol protocol HTTP
acl acceleratedPort port 80
# access arc
acl all src 0.0.0.0/0.0.0.0
# Allow requests when they are to the accelerated machine AND to the right port with right protocol
http_access allow acceleratedProtocol acceleratedPort acceleratedHostA
http_access allow all
# logging
emulate_httpd_log on
cache_store_log none
# manager
acl manager proto cache_object
http_access allow manager all
cachemgr_passwd pass all
cache_mgr admin@5538.com
#swap 性能微调
half_closed_clients off
cache_swap_high 100%
cache_swap_low 95%
maximum_object_size 1024 KB
# 控制对象的超时时间 (S_Data-Data)<Min+(Max-Min)*90%
refresh_pattern -i .html 60 90% 10080 reload-into-ims
refresh_pattern -i .png 60 90% 10080 reload-into-ims
refresh_pattern -i .jpg 1440 90% 129600 reload-into-ims
refresh_pattern -i .gif 1440 90% 129600 reload-into-ims
refresh_pattern -i .js 1440 90% 10080 reload-into-ims
refresh_pattern -i .swf 1440 90% 129600 reload-into-ims
refresh_pattern -i .bmp 1440 90% 129600 reload-into-ims
# refresh_pattern -i .shtml 1440 90% 129600 reload-into-ims
# refresh_pattern -i .hml 1440 90% 129600 reload-into-ims
# 禁止缓存
hierarchy_stoplist cgi-bin ?
hierarchy_stoplist -i ^https:\\ ?
acl QUERY urlpath_regex -i cgi-bin \? \.php \.xml
acl denyssl urlpath_regex -i ^https:\\
no_cache deny QUERY
no_cache deny denyssl
#logfile_rotate 可以用logfile_rotate 0来取消自动操作
logfile_rotate 4[/quote]
C.模式3:Squid 与 Web是同一台服务器
# vi /Data/apps/squid/etc/squid.conf 代码如下:
# visible name
visible_hostname cache.5538.com
# cache config: space use 1G and memory use 256M
cache_dir ufs /Data/apps/squid/cache 1024 16 256
cache_mem 256 MB
cache_effective_user squid #设置运行时的用户和组权限
cache_effective_group squid
# 反向加速配置
http_port 80 # squid监听的端口,客户访问网站的端口
httpd_accel_host ip_address # WEB服务器的IP地址
httpd_accel_single_host on # 设置转发为缓冲的请求到一台单独的机器
httpd_accel_port 81 # WEB服务器的端口
httpd_accel_uses_host_header off # 完成单台WEB服务器的反向代理功能
httpd_accel_with_proxy off # 停用代理本地上网
# accelerater my domain only
acl acceleratedHostA dst ip_address # WEB服务器的IP地址
# accelerater http protocol on port 80
acl acceleratedProtocol protocol HTTP
acl acceleratedPort port 80
# access arc
acl all src 0.0.0.0/0.0.0.0
# Allow requests when they are to the accelerated machine AND to the right port with right protocol
http_access allow acceleratedProtocol acceleratedPort acceleratedHostA
http_access allow all
# logging
emulate_httpd_log on
cache_store_log none
# manager
acl manager proto cache_object
http_access allow manager all
cachemgr_passwd pass all
cache_mgr admin@5538.com
#swap 性能微调
half_closed_clients off
cache_swap_high 100%
cache_swap_low 95%
maximum_object_size 1024 KB
# 控制对象的超时时间 (S_Data-Data)<Min+(Max-Min)*90%
refresh_pattern -i .html 60 90% 10080 reload-into-ims
refresh_pattern -i .png 60 90% 10080 reload-into-ims
refresh_pattern -i .jpg 1440 90% 129600 reload-into-ims
refresh_pattern -i .gif 1440 90% 129600 reload-into-ims
refresh_pattern -i .js 1440 90% 10080 reload-into-ims
refresh_pattern -i .swf 1440 90% 129600 reload-into-ims
refresh_pattern -i .bmp 1440 90% 129600 reload-into-ims
# refresh_pattern -i .shtml 1440 90% 129600 reload-into-ims
# refresh_pattern -i .hml 1440 90% 129600 reload-into-ims
# 禁止缓存
hierarchy_stoplist cgi-bin ?
hierarchy_stoplist -i ^https:\\ ?
acl QUERY urlpath_regex -i cgi-bin \? \.php \.xml
acl denyssl urlpath_regex -i ^https:\\
no_cache deny QUERY
no_cache deny denyssl
# logfile_rotate 可以用logfile_rotate 0来取消自动操作
logfile_rotate 4[/quote]
Setp 3 –Starting Squid
1、 创建缓存目录
# cd /Data/apps/squid/sbin
#./squid –z # 出现Creating Swap Directories提示,表示建立成功
2、 运行Squid
# cd /Data/apps/squid/sbin
#./squid –NCd1 # 成功后将出现"Ready to serve requests".否则请检查配置文件
说明,用squid -NCd1来以debug模式启动,这样如果有错误会报出来,一般如果是ADSL拨号的,那么在没有拨号之前就启动squid的话是会出错的(FATAL: ipcache_init: DNS name lookup tests failed),因为squid启动时会去检查一些常用的DNS,但是这时候你并没有接入internet,自然就出错了,所以我们需要在启动的时候不检查DNS,这就需要用加上-D选项来启动squid,命令如下:
#./squid –NCDd1 # 参数Dd1的目的是禁止测试DNS的连通性并且把squid在开始运行后的一些提示信息显示在屏幕上)
三、 注意事项:
1、Squid的配置文件squid.conf更改后必须重新运行squid;
2、Squid服务器的hosts文件更改后必须重新运行squid;
=====安装部分=====
加大描述符(默认为1024)
ulimit -HSn 8192
下载最新版
wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE9.tar.bz2 -P /tmp
cd /tmp
tar jxf squid-2.6.STABLE9.tar.bz2
cd squid-2.6.STABLE9
./configure –prefix=/app/squid2.6.9 –enable-snmp && make && make install
#也可以在./configure 时加入–with-maxfd=
=====配置文件=====
cache_swap_low 90
cache_swap_high 95
maximum_object_size 20000 KB #超过这个值则不缓存
maximum_object_size_in_memory 4096 KB #装入内存缓存的文件大小,默认值是8K,超过8K的文件都不装入内存,可以在这里设成4M.
cache_dir ufs /tmp1 10000 16 256 #磁盘缓存的类型和目录,大小,一二级目录的设置,这里磁盘缓存大小是10G
acl QUERY urlpath_regex cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe
cache deny QUERY #设置不想缓存的目录或者文件类型
###相关日志记录,可以设为none成不记录日志####
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log combined
###设置防图片盗链,其中aaa.com和bbb.com分别是虚拟主机的域名,referer中必须包含有aaa.com或bbb.com的域名才能访问图片####
acl picurl url_regex -i \.bmp$ \.png$ \.jpg$ \.gif$ \.jpeg$
acl mystie1 referer_regex -i aaa
http_access allow mystie1 picurl
acl mystie2 referer_regex -i bbb
http_access allow mystie2 picurl
#考虑有些referer为空的情况
acl nullref referer_regex -i ^$
http_access allow nullref
#其它referer,直接拒绝访问
acl hasref referer_regex -i .+
http_access deny hasref picurl
###反向代理###
cache_peer xx.xx.xx.xx parent 81 0 no-query originserver
###squid使用的用户组和用户名###
cache_effective_user squid
cache_effective_group squid
=====其它=====
++遇到故障,runcache发现频繁重启后停止服务:
:./bin/RunCache Running: squid -sY >> /usr/local/squid//var/squid.out 2>&1
./bin/RunCache: line 35: 20000 File size limit exceededsquid -NsY $conf >>$logdir/squid.out 2>&1
..中间省去几行….
./bin/RunCache: line 35: 20177 File size limit exceededsquid -NsY $conf >>$logdir/squid.out 2>&1
RunCache: EXITING DUE TO REPEATED, FREQUENT FAILURES
故障原因: log超过了ext3文件系统最大支持容量2G导致,解决办法:
1)每天轮循一次日志0 0 * * * /usr/local/squid/sbin/squid -k rotate
2)直接在配置文件中禁用日志
access_log none
cache_store_log none
++启动参数
用squid -NCd1来以debug模式启动,
加-D选项来用不检查DNS启动squid
++查看信息
1)squidclient -h 218.85.132.65 -p 80 mgr:info #也可看到描述符
2)看cache.log,如果能看到很多的TCP_MEM_HIT,这说明该文件是从内存缓存读取的,其它如TCP_HIT等等,这些是从磁盘读取的,这个只不过能缓解apache的压力而已.
++apache的log显示ip来源都是127.0.0.1,修改配置文件使其可以正常记录来访IP
将CustomLog的%h改为%{X-Forwarded-For}i,其它不变.
++ 限制外网电脑使用代理,只允许IP为192.168.0.2~192.168.0.255的机器访问。
acl our_clients src 192.168.0.0/255.255.255.0
acl other_clients src 0.0.0.0/0.0.0.0
http_access allow our_clines
http_access deny other_clients (禁止其他用户通过本机上网)
加大描述符(默认为1024)
ulimit -HSn 8192
下载最新版
wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE9.tar.bz2 -P /tmp
cd /tmp
tar jxf squid-2.6.STABLE9.tar.bz2
cd squid-2.6.STABLE9
./configure –prefix=/app/squid2.6.9 –enable-snmp && make && make install
#也可以在./configure 时加入–with-maxfd=
=====配置文件=====
cache_swap_low 90
cache_swap_high 95
maximum_object_size 20000 KB #超过这个值则不缓存
maximum_object_size_in_memory 4096 KB #装入内存缓存的文件大小,默认值是8K,超过8K的文件都不装入内存,可以在这里设成4M.
cache_dir ufs /tmp1 10000 16 256 #磁盘缓存的类型和目录,大小,一二级目录的设置,这里磁盘缓存大小是10G
acl QUERY urlpath_regex cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe
cache deny QUERY #设置不想缓存的目录或者文件类型
###相关日志记录,可以设为none成不记录日志####
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log combined
###设置防图片盗链,其中aaa.com和bbb.com分别是虚拟主机的域名,referer中必须包含有aaa.com或bbb.com的域名才能访问图片####
acl picurl url_regex -i \.bmp$ \.png$ \.jpg$ \.gif$ \.jpeg$
acl mystie1 referer_regex -i aaa
http_access allow mystie1 picurl
acl mystie2 referer_regex -i bbb
http_access allow mystie2 picurl
#考虑有些referer为空的情况
acl nullref referer_regex -i ^$
http_access allow nullref
#其它referer,直接拒绝访问
acl hasref referer_regex -i .+
http_access deny hasref picurl
###反向代理###
cache_peer xx.xx.xx.xx parent 81 0 no-query originserver
###squid使用的用户组和用户名###
cache_effective_user squid
cache_effective_group squid
=====其它=====
++遇到故障,runcache发现频繁重启后停止服务:
:./bin/RunCache Running: squid -sY >> /usr/local/squid//var/squid.out 2>&1
./bin/RunCache: line 35: 20000 File size limit exceededsquid -NsY $conf >>$logdir/squid.out 2>&1
..中间省去几行….
./bin/RunCache: line 35: 20177 File size limit exceededsquid -NsY $conf >>$logdir/squid.out 2>&1
RunCache: EXITING DUE TO REPEATED, FREQUENT FAILURES
故障原因: log超过了ext3文件系统最大支持容量2G导致,解决办法:
1)每天轮循一次日志0 0 * * * /usr/local/squid/sbin/squid -k rotate
2)直接在配置文件中禁用日志
access_log none
cache_store_log none
++启动参数
用squid -NCd1来以debug模式启动,
加-D选项来用不检查DNS启动squid
++查看信息
1)squidclient -h 218.85.132.65 -p 80 mgr:info #也可看到描述符
2)看cache.log,如果能看到很多的TCP_MEM_HIT,这说明该文件是从内存缓存读取的,其它如TCP_HIT等等,这些是从磁盘读取的,这个只不过能缓解apache的压力而已.
++apache的log显示ip来源都是127.0.0.1,修改配置文件使其可以正常记录来访IP
将CustomLog的%h改为%{X-Forwarded-For}i,其它不变.
++ 限制外网电脑使用代理,只允许IP为192.168.0.2~192.168.0.255的机器访问。
acl our_clients src 192.168.0.0/255.255.255.0
acl other_clients src 0.0.0.0/0.0.0.0
http_access allow our_clines
http_access deny other_clients (禁止其他用户通过本机上网)
分页: 1/1 
1 
1
