Configure Squid reverse proxy server under Windows

Source: Internet
Author: User
Tags to domain

Squid is a very popular server software under a UNIX-like system, and its most important function is to establish a cache between the client and the service. So squid can be used as a reverse proxy, deploy multilevel caches or build CDNs, whatever the name is, essentially the same. Currently there is also a ported version of Squid in Windows that can be used for scenarios that use Windows environments. Here is the documentation and if you need to know more about SQUID technical details you can look at the translated version of the book "Squid:the Definitive Guide".

First, install Squid

If you download the binaries version, unzip it directly to the c:\squid. This is the default installation path of the software, if you need to install to another path, you need to modify more configuration files about the path of the configuration items, and the installation path can not have spaces, the official recommendation in the configuration file for the path is configured in the slash "/" instead of "\" (because the Unix-like system uses "/"), That is, the configuration file for path C:\squid should be written as c:/squid.

Next find the C:\squid\etc directory, Copy cachemgr.conf.default,mime.conf.default,squid.conf.default three files to cachemgr.conf,mime.conf,squid.conf. These are squid profiles, where squid.conf is the base, and the later work is more about modifying this file.

Use the command c:\squid\sbin\squid-i-n ServerName in cmd (of course you can add c:\squid\sbin to the system's environment variables to avoid entering that long command path). where "ServerName" can be customized, use double quotation marks if the name contains spaces. For example: C:\squid\sbin\squid-i-n "Server Name". You can use C:\squid\sbin\squid-h to view Help on command parameters at any time in CMD.

For the default configuration file, we first command net start Squidproxy start squid to see (Squidproxy is the name when installing the Squid service, Can be viewed in services.msc), but there are some problems that the service cannot start, which is a problem that can be viewed through c:\squid\sbin\squid.exe.log and C:\squid\var\cache.log logs.

In general, the C:\squid\var\cache directory is not established, can be manually created under the directory, or swap directories is not established, you can use the command c:\squid\sbin\squid-z to establish. At this point the service can start normally.

Second, configure Squid

Next, the main configuration c:\squid\etc\squid.conf this file. It is highly recommended to use text tools such as notepad++ for editing (you can easily make a high appearance with the same vocabulary) in order to ease the difficulty of finding configuration items.

Before the configuration needs to clear the requirements and set up to meet the needs of the network environment, the following to configure the Web reverse proxy server as an example to discuss the configuration of squid: The reverse proxy Server will act as the proxy and cache layer of the Web server, assuming that the extranet address is 222.0.0.0/24 (client access), The intranet address is 172.16.0.0/24 (used to communicate between the Squid service and the Web site or between squid services, where squid services and Web sites are used, rather than squid servers and Web servers, The reason is that there may be more than one Squid service or Web site on a single server, and we assume that there is only one Squid service or Web site on a single server.

Consider the following scenarios:

Scenario 1: Single site agent, squid Service A (222.0.0.10, 172.16.0.10) provides reverse proxy services for Web site A (172.16.0.20), which is the simplest scenario, and the squid.conf configuration key can be as simple as:

#建立一个名称为 (All), the client address (SRC) is an access control list (ACL) of any (all).
ACL all src all
#允许 (allow) name of (All) control list Access Squid service http_access allow all# set 80 port for Squid service listening for client access ports
80
#建立一个名称为 (ABC) cache point whose ancestor (parent) is Web site A (172.16.0.20:80), which is the source server (originserver)172.16.0.20 Parent 80 0 No-query Originserver NAME=ABC

Scenario 2: Multi-site agent, squid Service A (222.0.0.10, 172.16.0.10) provides reverse proxy services for both Web site A (172.16.0.20) and Web site B (172.16.0.30), assuming that the Web site a domain name www.a.com and the Web site B domain www.b.com all point to 222.0.0.10,SQUID.C The ONF configuration key is as follows:

#建立一个名称为 (Aclweba), the access control list (ACL) for the service-side domain name (dstdomain) is (www.a.com)
ACL Aclweba dstdomain www.a.comacl Aclwebb dstdomain www.b.com
#设置80端口为Squid服务监听客户端访问的端口, Acceleration Mode (vhost), forwards the host header to the backend server    vhost# Build a cache point called (Weba), whose ancestor (parent) For Web Site A (172.16.0.20:80), the Web site is a data server (Originserver  )
172.16. 0.20  the 0 no-query originserver name=172.16. 0.30  the 0 no-query originserver name=webb# limit the cache point (Weba) to Domain name (www.a.com) access, that is, use www.a.com to access Web site A, a bit of the meaning of host header names in IIS 
Cache_peer_domain Weba Www.a.comcache_peer_domain Webb www.b.com# allows (allow) access Control list access cache point (Aclweba) with name (Weba)
1024x768 mb# Set storage path, storage format (UFS), total cache Size (10240MB), primary cache (16MB), Level two cache (253MB)
cache_dir ufs C: 10240  -  the

Scenario 3: Implement Web site load Balancing, squid service A (222.0.0.10, 172.16.0.10) provides reverse proxy services for multiple Web sites a:web site A1 (172.16.0.20) and Web site A2 (172.16.0.30) deployed on different servers for load balancing, assuming that the Web site a domain www.a.com points to 222.0.0.10, The squid.conf configuration key is as follows:

#建立一个名称为 (Aclweba), the access control list (ACL) for the service-side domain name (dstdomain) is (www.a.com)
ACL Aclweba Dstdomain www.a.com# can also establish access control lists (ACLs) that allow everyone access, and can establish access control lists for such things as source IP (SRC), Destination IP (DST), destination domain name (dstdomain), and so on.
#acl Aclweba src All
#允许 (allow) name (ACLWEBA) Access Control list access http_access allow Aclweba
#设置80端口为Squid服务监听客户端访问的端口, the acceleration mode (vhost), forwards the host header to the backend   Server vhost# establish a cache point named (WEBA1, Weba2), by polling ( Round-robin) access their ancestor (parent) Web site A1 (172.16.0.20:80) or Web site A2 (172.16.0.20:80), which are source servers (originserver)  
172.16. 0.20  the 0 no-query originserver round-robin name=172.16. 0.30  the 0 no-query originserver round-robin name=weba21024x768  mb# Set storage path, storage format ( UFS), total cache Size (10240MB), level cache (16MB), Level two cache (253MB)
cache_dir ufs C: 10240  -  the

Scenario 4: Add squid service A2 (222.0.0.11, 172.16.0.11) on the basis of scene 3, with squid service A to achieve load balancing (simple via DNS polling mechanism), two Squid service configuration basically consistent, It is also necessary to add squid service A and squid service A2 to each other in the configuration and open the relevant ports.

#建立一个名称为 (Aclweba), the access control list (ACL) for the service-side domain name (dstdomain) is (www.a.com)
ACL Aclweba Dstdomain www.a.com# can also establish access control lists (ACLs) that allow everyone access, and can establish access control lists for such things as source IP (SRC), Destination IP (DST), destination domain name (dstdomain), and so on.
#acl Aclweba src All
#建立一个名称为 (localnet), an access control list (ACL) for the source IP (172.16.0.0/24) for internal communication
ACL localnet src 172.16.0.0/24
#允许 (allow) name is (ACLWEBA) Access Control List HTTP access http_access allow Aclweba
#允许 (allow) name of the Access Control List (localnet) for ICP Access
Icp_access Allow LocalNet
#设置80端口为Squid服务监听客户端访问的端口, Acceleration Mode (vhost), forwards the host header to the backend server    vhost
#设置3130为Squid服务器将的通讯端口
Icp_port 3130
#Squid服务互为邻居, use ICP to check for other squid services not in their own cache
Cache_peer 172.16.0.10 Sibling 80 3130
Cache_peer 172.16.0.11 Sibling 80 3130
A cache point for the #建立名称分别为 (WEBA1, WEBA2) to access its parent Web site A1 (172.16.0.20:80) or Web site A2 (172.16.0.20:80) by polling (Round-robin), These web sites are source servers (Originserver)
172.16. 0.20  the 0 no-query originserver round-robin name=weba1
172.16. 0.30 the 0 no-query originserver round-robin name=weba2
#设置缓存使用内存大小
1024x768 MB
#设置存储路径, storage format (UFS), total cache Size (10240MB), primary cache (16MB), Level two cache (253MB)
cache_dir ufs C: 10240  -  the

Each time you finish modifying the configuration without restarting the service, use the command c:\squid\sbin\squid-k reconfigure-n Squidproxy to make the service effective.

To forcibly uninstall the service, you can net stop squidproxy after you stop the service sc delete squidproxy uninstall.

Configure Squid reverse proxy server under Windows

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.