squid安装配置笔记(反向代理)
作者: Jeffrey
出处: http://blog.zhangjianfeng.com/article/531
=====安装部分=====
下载最新版
wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE9.tar.bz2 -P /tmp
cd /tmp
tar jxf squid-2.6.STABLE9.tar.bz2
cd squid-2.6.STABLE9
./configure –prefix=/app/squid2.6.9 –enable-snmp –with-maxfd=65536 –with-large-files && make && make install
=====配置文件=====
cache_swap_low 90
cache_swap_high 95
cache_mem 1024 MB
maximum_object_size 20000 KB
maximum_object_size_in_memory 4096 KB #装入内存缓存的文件大小,默认值是8K,超过8K的文件都不装入内存,可以在这里设成4M.
cache_dir ufs /tmp1 10000 16 256 #磁盘缓存的类型和目录,大小,一二级目录的设置,这里磁盘缓存大小是10G
acl QUERY urlpath_regex cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe
cache deny QUERY #设置不想缓存的目录或者文件类型
###相关日志记录,可以设为none成不记录日志####
logfile_rotate 5 #表示保存5个轮循日志
cache_mgr admin@zhangjianfeng.com
emulate_httpd_log on
logformat combined %>a %ui %un [%tl] “%rm %ru HTTP/%rv” %Hs %<st “%{Referer}>h” “%{User-Agent}>h” %Ss:%Sh
pid_filename /jeffrey/app/squid/var/logs/squid.pid
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log combined
###设置防图片盗链,其中aaa.com和bbb.com分别是虚拟主机的域名,referer中必须包含有aaa.com或bbb.com的域名才能访问图片####
acl picurl url_regex -i \.bmp$ \.png$ \.jpg$ \.gif$ \.jpeg$
acl mystie1 referer_regex -i aaa
http_access allow mystie1 picurl
acl mystie2 referer_regex -i bbb
http_access allow mystie2 picurl
#考虑有些referer为空的情况
acl nullref referer_regex -i ^$
http_access allow nullref
#其它referer,直接拒绝访问
acl hasref referer_regex -i .+
http_access deny hasref picurl
###反向代理###
http_port xxx.xxx.xxx.:81 vhost vport
cache_peer xx.xx.xx.xx parent 81 0 no-query originserver
###squid使用的用户组和用户名###
cache_effective_user squid
cache_effective_group squid
#### 各种文件控制,注意位置 ####
refresh_pattern -i .html 10 90% 2160 reload-into-ims
refresh_pattern -i .shtml 10 90% 2160 reload-into-ims
refresh_pattern -i .htm 10 90% 2160 reload-into-ims
refresh_pattern -i .gif 60 90% 2160 reload-into-ims
refresh_pattern -i .swf 60 90% 2160 reload-into-ims
refresh_pattern -i .jpg 60 90% 2160 reload-into-ims
refresh_pattern -i .png 60 90% 2160 reload-into-ims
refresh_pattern -i .bmp 60 90% 2160 reload-into-ims
refresh_pattern -i .js 10 90% 2160 reload-into-ims
#限制同一IP客户端的最大连接数
acl OverConnLimit maxconn 16
http_access deny OverConnLimit
#防止被人利用为HTTP代理,设置允许访问的IP地址
acl myip dst 192.168.1.1
http_access deny !myip
#Squid信息设置
visible_hostname http://www.zhangjianfeng.com/
cache_mgr webmaster@zhangjianfeng.com
#错误文档
#error_directory ../squid/share/errors/Simplify_Chinese
#虚拟主机反向代理
#cache_peer w1.aa.com parent 80 0 no-query originserver
cache_peer 192.168.0.10 parent 80 0 no-query originserver name=testserver80
cache_peer_domain testserver80 http://www.testserver81.com/
cache_peer 192.168.0.11 parent 81 0 no-query originserver name=testserver81
cache_peer_domain testserver81 www.testserver82.com
cache_peer_domain testserver81 www.test182.com
####squid.conf 结束####
++启动
squid -z
echo “65535″ > /proc/sys/fs/file-max
ulimit -HSn 65535
squid -NCd1 #来以debug模式启动,加-D选项来可不检查DNS启动squid
=====其它=====
++遇到故障,runcache发现频繁重启后停止服务:
:./bin/RunCache Running: squid -sY >> /usr/local/squid//var/squid.out 2>&1
./bin/RunCache: line 35: 20000 File size limit exceededsquid -NsY $conf >>$logdir/squid.out 2>&1
..中间省去几行….
./bin/RunCache: line 35: 20177 File size limit exceededsquid -NsY $conf >>$logdir/squid.out 2>&1
RunCache: EXITING DUE TO REPEATED, FREQUENT FAILURES
故障原因: log超过了ext3文件系统最大支持容量2G导致,解决办法:
1)每天轮循一次日志0 0 * * * /usr/local/squid/sbin/squid -k rotate
2)直接在配置文件中禁用日志
access_log none
cache_store_log none
++查看信息
1)squidclient -h 218.85.132.65 -p 80 mgr:info #也可看到描述符
2)看cache.log,如果能看到很多的TCP_MEM_HIT,这说明该文件是从内存缓存读取的,其它如TCP_HIT等等,这些是从磁盘读取的,这个只不过能缓解apache的压力而已.
++apache的log显示ip来源都是127.0.0.1,修改配置文件使其可以正常记录来访IP
将CustomLog的%h改为%{X-Forwarded-For}i,其它不变.
++ 限制外网电脑使用代理,只允许IP为192.168.0.2~192.168.0.255的机器访问。
acl our_clients src 192.168.0.0/255.255.255.0
acl other_clients src 0.0.0.0/0.0.0.0
http_access allow our_clines
http_access deny other_clients (禁止其他用户通过本机上网)
++快速清空cache
echo ” ” > $CachePath/caches/swap.state
ps:用squid做代理网关的学习笔记 http://blog.zhangjianfeng.com/?p=630
Last modified at: Thursday, July 24th, 2008 09:48:42 amTrackback URL: http://blog.zhangjianfeng.com/article/531/trackback
(No Ratings Yet)
Loading ...
.text:''):(d.getSelection?d.getSelection():'');void(keyit=window.open('http://my.poco.cn/fav/storeIt.php?t='+escape(d.title)+'&u='+escape(d.location.href)+'&c='+escape(t)+'&img=http://www.h-strong.com/blog/logo.gif','keyit','scrollbars=no,width=475,height=575,status=no,resizable=yes'));keyit.focus(); "添加到POCO网摘"){kind=logo}
0 Responses to “squid安装配置笔记(反向代理)”