squid2.7 Installation and Configuration

Clevercode recently studied the installation and configuration of squid. Now summarize. Share to everyone.

1 Introduction 

Proxy Server English full name is proxy server, its function is proxy network users to obtain network information.

Squid is a software that caches Internet data, receives a user's download request, and automatically processes the downloaded data. When a user wants to download a homepage, they can send a request to squid to download it instead, then squid connects to the requested website and requests the homepage, and then passes the page to the user while keeping a backup, and when other users apply for the same page, squid The saved backups are immediately passed on to the user, making the user feel quite fast. Squid can proxy http, FTP, GOPHER, SSL and WAIS protocols and squid can be processed automatically, you can set the squid according to their own needs, so that they filter out the unwanted things.

1.1 Work FlowWhen there is data required by the client in the proxy server:
A. The client sends data requests to the proxy server;
B. The proxy server checks its own data cache;
C. The proxy server finds the user's desired data in the cache and extracts the data;
D. The proxy server returns the data obtained from the cache to the client.

When there is no data required by the client in the proxy server:
1. The client sends data requests to the proxy server;
2. The proxy server checks its own data cache;
3. The proxy server does not find the data that the user wants in the cache;
4. The proxy server sends data requests to remote servers on the Internet;
5. Remote server response, return the corresponding data;
6. The proxy server obtains data from the remote server, returns it to the client, and retains a copy of the data in its own cache.




Squid Proxy Server works in the application layer of TCP/IP.




1.2 Squid categoryAccording to the different types of agents, squid agent can be divided into a forward proxy and reverse proxy, the forward proxy, according to the implementation of different ways, but also can be divided into ordinary agents and transparent agents.

Normal Proxy: Requires the client to specify the address and port of the proxy server in the browser;

Transparent proxy: The gateway host for the enterprise (shared access to the Internet), the client does not need to specify the proxy server address, port and other information, the proxy server needs to set a firewall policy to transfer the client's Web Access data to the agent service process;

Reverse proxy: Refers to the proxy server to accept the connection request on the Internet, and then forward the request to the server on the internal network, and the results obtained from the server to the Internet to request the connection of the client, when the proxy server appears as a server.

2 system EnvironmentOperating system: CentOS release 6.5 (Final)
Squid version: squid-2.7.stable9-20101125.tar.gz
This installs Squid software:

http://download.csdn.net/detail/clevercode/9337437.

3 Installation StepsMake sure to install the Linux Standing Support library before installation, otherwise there will be a variety of errors! Installation details of the necessary common support libraries in Linux: http://blog.csdn.net/clevercode/article/details/45438401.

1) Unzip the squid-2.7.stable9-20101125.tar.gz
# Cd/usr/local/src/squid
# tar ZXVF squid-2.7.stable9-20101125.tar.gz

2) Enter the extracted directory
# CD squid-2.7.stable9-20101125

3) configuration
#./configure--prefix=/usr/local/squid \
--enable-gnuregex--disable-carp--enable-async-io=240 \
--with-pthreads--ENABLE-STOREIO=UFS,AUFS,DISKD \
--DISABLE-WCCP--enable-icmp--enable-kill-parent-hack \
--enable-cachemgr-hostname=localhost \
--enable-default-err-language=simplify_chinese \
--with-maxfd=65535--enable-epoll \
--enable-linux-netfilter--enable-large-cache-files \
--enable-default-hostsfile=/etc/hosts--with-dl \
--with-large-files--enable-delay-pools--enable-snmp \
--enable-arp-acl--prefix=/usr/local/squid

4) Compiling
# make

5) Installation
# make Install

6) Configure user-owned groups to create and initialize directories:
# Groupadd www #添加www组
# useradd-g www www-s/bin/false #创建nginx运行账户www并加入到www组, www users are not allowed to log in directly to the system

# mkdir-p/data0/cache/logs/
# chmod 755/data0/cache/-R
# chown Www.www/data0/cache-R

4 Practical Application
4.1 General Agent ServicesThe standard, traditional proxy service requires the client to specify the address and port of the proxy server in the browser.
Please refer to: http://www.cnblogs.com/mchina/p/3812190.html.

4.2 Transparent Proxy serviceThe gateway host for the enterprise, the client does not need to specify the proxy server address, port and other information, through Iptables the client's Web Access data to the agent service program processing.
Please refer to: http://www.cnblogs.com/mchina/p/3812190.html.

4.3 reverse proxy serviceProvides cache acceleration for Internet users to access enterprise Web sites.

4.3.1 requirements BackgroundThe following experiment will simulate the use of different domain names to access different machines, simple to achieve load balancing in enterprise applications.
The client enters pic.domain.com,pic2.domain.com in the browser address bar and will access the 192.168.142.130 machine,
Visit res.domain.com res2.domain.com, which will access 192.168.142.131 this machine.

Squid server: 192.168.142.133.

Web server: 192.168.142.130 and 192.168.142.131.

4.3.2 Configuration squid.conf

# cd/usr/local/squid/etc/
# MV Squid.conf Squid.conf.bak

# vi/usr/local/squid/etc/squid.conf

#主机名visible_hostname static.squid-133# set the listening IP and port number http_port Vhost vport# extra memory for squid, squid memory is always X * 10+15+ " Cache_mem ", where x is the capacity (in gigabytes) of the cache occupied by Squid #比如下面的cache大小是100M, or 0.1GB, the total memory occupied is 0.1*10+15+64=80m, the recommended size is 1/3-1/2 or more of physical memory. Cache_mem 4096 mb# set squid disk cache Max file, files over 2M not saved to hard drive maximum_object_size_in_memory 2048 kb# Using LRU means that it replaces only objects that have not been accessed for a long time memory_replacement_policy lru# This record file is used to record the addition of the buffer object, which can generally be set to: Cache_store_log none,# To reduce the amount of disk space used by log files, please pay special attention to this. ) cache_store_log none#log file log format Logformat combined%>a%ui%un [%tl] "%rm%ru http/%rv"%Hs%<st "%{referer}>h" "% {USER-AGENT}&GT;H "%ss:%sh# defines the cache storage path for squid, cache directory capacity (unit m), number of cache directories, level two cache directory Cache_dir Aufs/data0/cache 20480 32 256# Close the Access log access_log none# This file records information about squid proxy startup, shutdown, and proxy server systems, including system activity records cache_log/data0/cache/logs/cache.log# Process ID Save file pid_filename/data0/cache/logs/squid.pid# allow maximum number of open files, 0 unrestricted Max_open_disk_fds 0# minimum file request body size minimum_object_ Size 0 kb# Maximum file request body size maximum_object_size 32768 kb#add for gzipserver_http11 oncache_vary onacl Nginx reP_header Server ^nginx ^fybroken_vary_encoding allow nginxincoming_rate 10reload_into_ims onacl PURGE method PURGE# Ipacl localhost src 127.0.0.1 192.168.142.0/24# allows localhost to use the proxy http_access allow PURGE localhost#http_access deny purge# is used to determine when a page enters the cache, the time it stays in the cache (Refresh_pattern [-i] regexp min percent max [options]) Refresh_pattern-i \.swf$ 1440 50% 129600 reload-into-imsrefresh_pattern-i \.css$ 1440 50% 129600 reload-into-ims#ignore-reload override-expire IG Nore-no-cache ignore-private override-lastmodrefresh_pattern-i \.xml$ 1440 50% 129600 Reload-into-imsrefresh_pattern- I \.shtml$ 1440 90% 129600 reload-into-ims#refresh_pattern-i \.jpg$ 1440 90% 129600 ignore-reload override-expire ignore- No-cache ignore-private override-lastmodrefresh_pattern-i \.jpg$ 1440 90% 129600 reload-into-imsrefresh_pattern-i \.pn g$ 1440 90% 129600 ignore-reload override-expire ignore-no-cache ignore-private override-lastmod#refresh_pattern-i \.pn g$ 1440 90% 129600 Reload-into-imsrefresh_paTtern-i \.gif$ 1440 90% 129600 ignore-reload override-expire ignore-no-cache ignore-private Override-lastmodrefresh_pat Tern-i \.bmp$ 1440 90% 129600 ignore-reload override-expire ignore-no-cache ignore-private Override-lastmodrefresh_patt Ern-i \.js$ 1440 90% 129600 ignore-reload override-expire ignore-no-cache ignore-private Override-lastmod#refresh_patte Rn-i \.js$ 1440 90% 129600 reload-into-ims# requests coming from the client, and if it is pic.domain.com,pic2.domain.com then squid to the Server 192.168.142.130 Port 80 sends the request; Cache_peer 192.168.142.130 parent 0 no-query no-digest Originserver name=piccache_peer_ Domain pic pic.domain.com pic2.domain.com# requests from the client, if it is res.domain.com,res2.domain.com squid to the Server 192.168.142.131 Port 80 sends the request; Cache_peer 192.168.142.131 parent 0 no-query no-digest Originserver name=rescache_peer_ Domain Res res.domain.com res2.domain.com# allows all IP access to ACL all SRC 0.0.0.0/0.0.0.0http_access allows all# all HTTP headers header_ Access Via deny all# this flag setting Snmp_port port to 3401 allows the MRTG monitoring service to run the state ACL cactiserver SRC 192.168.142.93acl SNMP snmp_community [email protected]snmp_port 3401snmp_access allow SNMP cactiserversnmp_access deny  all# above means that there are URLs containing Cgi-bin and ending with Avi and so on do not cache, ACL QUERY Urlpath_regex cgi-bin. cgi$. avi$. wmv$, rm$. ram$. mpg$ . Exe$cache deny QUERY #acl PURGE method purge#acl localhost src 172.16.218.0/32#http_access allow PURGE localhost# no cache with question mark Refresh_pattern \?  0 100% 0 ignore-reload#5hrefresh_pattern \.php\?keyword 50% 720refresh_pattern \.php\?housetag 3 50% 6refresh_pattern \.html 5 50% 30# starts squid with root and does not add cache_effective_user lines, squid defaults to nobody user Cache_effective_user www cache_ Effective_group www

4.3.3 Initialization Configuration#/usr/local/squid/sbin/squid-z

See the following prompt to initialize properly.
2015/12/08 04:03:34| Creating Swap Directories

4.3.4 Start

# Background Boot

#/usr/local/squid/sbin/squid-s

4.3.5 Access

1) by visiting Http://res.domain.com/comm.js. Can to see res.domain.com is pointing to 192.168.142.133. However, the actual removal of the JS file is obtained from the 192.168.142.131 server.

2) Modify Comm.js to become the following content. However, the discovery of access to comm.js content has not changed.

#vi Comm.js

This was from 192.168.142.131 js! I am change!

3) Clear the 133 cache, and then access the data will change.

#/usr/local/squid/bin/squidclient-m Purge-p "Http://res.domain.com/comm.js"

4) Changing the URL can also be a data change. The Squid cache key can be understood as the MD5 of the URL. As long as the URL has changed, the data will be numbered.

Visit: http://res.domain.com/comm.js?r=123456.

5) Access to images

5 Squid Common management commands

#/usr/local/squid/sbin/squid-z Initializing Cache space
#/usr/local/squid/sbin/squid foreground boot (for output debugging)
#/usr/local/squid/sbin/squid-s Background Boot
#/usr/local/squid/sbin/squid-k Shutdown stop
#/usr/local/squid/sbin/squid-k Reconfigure Reload configuration file
#/usr/local/squid/sbin/squid-k Parse Check conf
#/usr/local/squid/sbin/squid-k Rotate Optimized fragmentation

#/usr/local/squid/bin/squidclient-p Mgr:info View squid hit situation
#/usr/local/squid/bin/squidclient-m Purge-p "Http://res.domain.com/comm.js" deletes the specified URL cache

squid2.7 Installation and Configuration