I. What is Squid?
Squid is a software used to buffer Internet data. In this way, it implements its function by accepting requests from the target (object) that people need to download and processing these requests as appropriate. That is to say, if a person wants to download a web page, he requests Squid to get it for him. Squid then connects to the remote server and sends a request to this page. Then, Squid explicitly aggregates data to the client machine and copies the data at the same time. When someone needs the same page, Squid can simply read it from the disk, and the data will be transmitted to the client immediately. The current Squid can process HTTP, FTP, GOPHER, SSL, WAIS, and other protocols. However, it cannot process POP, NNTP, RealAudio, and other types of things.
Definitions of squid proxies
Forward proxy
A. Standard Proxy Buffer Server
A standard Proxy Buffer service is used to cache static web pages (such as html files and image files) to a host on a local network (that is, a proxy server ). When the cached page is accessed for the second time, the browser will directly obtain the request data from the local proxy server instead of requesting data from the original web site. This saves valuable network bandwidth and increases the access speed. However, to implement this method, you must specify the IP address and port number of the proxy server in the browser of each internal host. Each time a client accesses the Internet, the request is sent to the proxy server for processing. The proxy server determines whether to connect to the remote web server to obtain data based on the request. If a target file exists in the local buffer, you can directly pass the file to the user. If not, retrieve the file first, save a buffer locally, and then send the file to the client browser.
B. Transparent Proxy Buffer server (usually installed on LAN gateway and used with Firewall reject)
The transparent Proxy Buffer service and standard proxy server have the same functions. However, proxy operations are transparent to the client browser (that is, you do not need to specify the IP address and port of the proxy server ). The transparent Proxy Server blocks network communication and filters outbound HTTP (port 80) traffic. If the client request is buffered locally, the buffered data is directly sent to the user. If there is no buffer locally, the request is sent to the remote web server. The remaining operations are identical to the standard proxy server. For Linux operating systems, transparent proxy is implemented using Iptables or Ipchains. Because you do not need to make any settings on the browser, transparent proxy is particularly useful for ISP (Internet server provider.
Reverse Proxy
A. Reverse Proxy Buffer Server
Reverse Proxy is a proxy service that is completely different from the first two proxies. It can reduce the load of the original WEB server. The reverse proxy server undertakes the request for the static page of the original WEB server to prevent the original server from being overloaded. It is located between the local WEB server and the Internet. It processes all requests to the WEB server and organizes direct communication between the WEB server and the Internet. If the webpage requested by an Internet user is buffered on the proxy server, the proxy server directly sends the buffered content to the user. If there is no buffer, a request is sent to the WEB server first to retrieve the data, and then the local cache is sent to the user. This method reduces the number of requests sent to the WEB server and the load on the WEB server.
Ii. System Architecture
1. Principles
DNS round robin technology is used to distribute requests from clients to one of the Squid reverse proxy servers for processing. If this Squid caches the user's request resources, the requested resource is directly returned to the user. Otherwise, Squid sends the request to the neighbor Squid and the background WEB server for processing according to the configured rules, which reduces the load on the background WEB server, it also improves the performance and security of the entire website.
2. Host allocation:
DNS server: Enable two NICs and connect two network segments
Eth0: 10.10.54.150
Eth1: 172.16.54.254 (as the gateway of 172.16.54.0/24)
Two squid reverse proxy servers
Squid1: 172.16.54.150
Squid2: 172.16.54.151
Two webserver (install discuz_x3.0_ SC _utf8.zip)
Web1: 172.16.54.200
Web2: 172.16.54.201
Three mysql servers (one master and two slave servers)
Master: 172.16.54.203
Slave1: 172.16.54.204
Slave2: 172.16.54.205
Iii. Memory Optimization
Edit the sysctl. conf file and add the following content:
Shell> vi/etc/sysctl. conf
Net. ipv4.tcp _ rmem = 4096 87380 4194304
Net. ipv4.tcp _ wmem = 4096 65536 4194304
Net. core. wmem_default = 8388608
Net. core. rmem_default = 8388608
Net. core. rmem_max = 16777216
Net. core. wmem_max = 16777216
Net. core. netdev_max_backlog = 262144
Net. core. somaxconn = 262144
Net. ipv4.tcp _ max_orphans = 3276800
Net. ipv4.tcp _ max_syn_backlog = 8192
Net. ipv4.tcp _ max_tw_buckets = 5000
Net. ipv4.tcp _ timestamps = 0
Net. ipv4.tcp _ synack_retries = 1
Net. ipv4.tcp _ syn_retries = 1
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ mem = 786432 1048576 1572864
Net. ipv4.tcp _ fin_timeout = 30
Net. ipv4.tcp _ keepalive_time = 1200
Net. ipv4.ip _ local_port_range = 1024 65000
# Description of configuration options:
Net. ipv4.tcp _ rmem = 4096 87380 4194304: TCP read buffer. The recommended value is 32768 436600 873200.
Net. ipv4.tcp _ wmem = 4096 65536 4194304: TCP write buffer. The recommended value is 8192 436600 873200.
Net. core. wmem_default: the default value of the buffer size of the sending socket (in bytes)
Net. core. rmem_default: the default value of the buffer size of the received socket (in bytes)
Net. core. rmem_max: Maximum buffer size of the received socket (in bytes)
Net. core. wmem_max: Maximum buffer size of the sending socket (in bytes)
Net. core. netdev_max_backlog = 262144: Maximum number of packets that can be sent to the queue when each network interface receives packets at a rate faster than the rate at which the kernel processes these packets.
Net. core. somaxconn = 262144: the backlog of the listen function in the web application will give us the net. core. somaxconn is limited to 128, while NGX_LISTEN_BACKLOG defined by nginx is 511 by default, so it is necessary to adjust this value.
Net. ipv4.tcp _ max_orphans = 3276800: the maximum number of TCP sockets in the system is not associated with any user file handle.
Net. ipv4.tcp _ max_syn_backlog = 8192: the length of the SYN queue. The default value is 1024. The length of the queue is 8192, which can accommodate more network connections waiting for connection.
Net. ipv4.tcp _ max_tw_buckets = 5000: indicates the maximum number of TIME_WAIT sockets that the system maintains at the same time. If this number is exceeded, the TIME_WAIT socket is immediately cleared and warning information is printed. Reduce the maximum number of Squid servers to prevent them from being dragged to death by a large number of TIME_WAIT sockets.
Net. ipv4.tcp _ timestamps = 0: The timestamp can avoid serial number winding. A 1 Gbit/s link will certainly encounter a previously used serial number. The timestamp allows the kernel to accept such "abnormal" packets, and it needs to be switched off here.
Net. ipv4.tcp _ tw_recycle = 1: enables fast TIME-WAIT sockets recovery in TCP connections.
Net. ipv4.tcp _ tw_reuse = 1: enables reuse and allows TIME-WAIT sockets to be reused for New TCP connections.
Net. ipv4.tcp _ mem = 786432 1048576 1572864: there are also three values, net. ipv4.tcp _ mem [0]: lower than this value, TCP has no memory pressure; net. ipv4.tcp _ mem [1]: Enter the memory Pressure Stage under this value; net. ipv4.tcp _ mem [2]: higher than this value, TCP rejects socket allocation. It can be adjusted based on the physical memory size. If the memory is large enough, it can be adjusted accordingly. 94500000 915000000 927000000 is recommended.
Net. ipv4.tcp _ fin_timeout = 30: indicates that if the socket is disabled by the local end, this parameter determines the time it remains in the FIN-WAIT-2 state.
Net. ipv4.tcp _ keepalive_time = 1200: indicates the frequency of keepalive messages sent by TCP when keepalive is in use. The default value is 2 hours, which is changed to 20 minutes.
Net. ipv4.ip _ local_port_range = 1024 65000: indicates the port range used for external connection. The default value is small: 32768 to 61000, Which is changed to 1024 to 65000.
# Make the configuration take effect immediately:
/Sbin/sysctl-p
Squid details: click here
Squid: click here
Recommended reading:
Configure Squid proxy http and rsync
Squid: high-speed Web Access
CentOS 6.2 compilation and installation Squid configuration Reverse Proxy Server
Application of Squid in Enterprise Network