1. What is squid
Squid cache( squid) is a popular free software (GNU general Public License) proxy Server and Web cache server. Squid has a wide range of uses, from caching related requests to the cache server as a Web server to improve the speed of Web servers, to share network resources for a group of people and cache the World Wide Web, domain name systems and other web searches, To help network security through filtering traffic, to the LAN through proxy Internet. Squid is primarily designed to operate on Unix -type systems.
Squid 's development history is quite long, the function is also quite perfect. In addition to HTTP , for FTP and HTTPS support is also very good, in the 3.0 Beta version also support the IPv6.
Squid can do proxies can also do cache;
Squid cache can not only save valuable bandwidth resources, but also can greatly reduce the server I/O
Squid can not only do the forward proxy, but also can do reverse proxy.
forward agent,squid behind is the client, the client Internet to go through squid ; reverse proxy,squid is behind the server, the server returned to the user data need to go squid .
positive agents used in the enterprise's office environment, employees need to access the Internet through Squid agent to the Internet, which can save network bandwidth resources. And the reverse proxy is used to build the site static items ( images,html, streaming media,js,CSS, etc. ) cache server, which is used in the site architecture.
2, to build squid forward agent
official website for http://www.squid-cache.org/
Install command:yum install-y squid
Squid-v View version and compilation parameters (Squid cache:version 3.1.10)
>/etc/squid/squid.conf emptying the configuration file;
Vim/etc/squid/squid.conf
Add the following configuration:
Http_port 3128
Visible_hostname Changjiangyun
ACL manager Proto Cache_object
Acllocalhost src 127.0.0.1/32:: 1
Aclto_localhost DST 127.0.0.0/8 0.0.0.0/32:: 1
acllocalnet SRC 10.0.0.0/8 # rfc1918possible Internal network
acllocalnet SRC 172.16.0.0/12 # rfc1918possible Internal network
acllocalnet src 192.168.0.0/16 # RFC1918 possible Internal network
Aclssl_ports Port 443
Aclsafe_ports Port 80 8080
Aclsafe_ports Port 21
Aclsafe_ports Port 443
Aclconnect Method CONNECT
Http_access allow manager localhost
Http_access Deny Manager
Http_access Deny! Safe_ports
Http_access Deny CONNECT! Ssl_ports
Http_access Allow LocalNet
http_access allow localhost
Http_access Allow all
Cache_dir Aufs/data/cache 1024 16 256
Cache_mem MB
Hierarchy_stoplist Cgi-bin?
Coredump_dir/var/spool/squid
Refresh_pattern ^ftp:1440 20% 10080
Refresh_pattern ^gopher:1440 0% 1440
Refresh_pattern-i (/cgi-bin/|\?) 0 0% 0
Refresh_pattern \. (jpg|png|gif|mp3|xml) 1440 50% 2880 ignore-reload
Refresh_pattern. 0 20% 4320
############################## to this end
Configuration explanation:
ACL safe_ports Port 8080 # http Ports
ACL safe_ports Port # FTP ports
ACLS safe_ports Port 443 # HTTPS ports
Cache_dir aufs/data/cache 1024M size of cache space One-level directory,
Cache_mem MB # The amount of memory that the cache can use, and the speed at which data is accessed in memory ;
Mkdir/data/cache # Creating a cache directory
Chown-r Squid:squid/data/cache # Change Cache directory Permissions
SQUID-Z # Initialize cache directory,squid new version 3.1 can be omitted
/etc/init.d/squid Start # starts squid service
Squid-k Check # can detect if the configuration file is wrong; can be shortened to -kche
Squid-k Rec # can reload configuration,reconfig shorthand;
Service Squid Restart # restart Squid services; Restart regular very slow, you can first killall squid, in the start service;
detection configuration file, error: Could not determine this machines public hostname. Please configureone or set ' Visible_hostname '. There is no public hostname defined, the Visible_hostname visual hostnameneeds to be configured; (squid problem, the host name of squid will be displayed in the browser )
in the configuration file, add:visible_hostname yonglinux will not error;
[Email protected] ~]# squid-k Check
2015/05/25 03:09:18| Warning:could Notdetermine this machines public hostname. Please configure one or set ' Visible_hostname '.
2015/05/25 03:09:18| Warning:could Notdetermine this machines public hostname. Please configure one or set ' Visible_hostname '.
Squid:ERROR:No Running Copy
Test on another Linux :curl-x192.168.22.30:3128 www.qq.com
Specify the proxy server 192.168.22.30 the 3128 port to access the website, provided that the proxy server can access the website;
The role of the proxy server is to allow local users to access the site quickly, on the other hand can control the user access to which websites; During work prohibit employees to watch video, shopping;
access pictures, test cache, cache time, X-cache for hit, indicating that the squid cache is in effect; first time for MISS;
[Email protected] ~]# curl-x192.168.22.30:3128 ' http://www.51cto.com/images/home/images/logo.jpg '-I
http/1.0 OK
Server:tengine
Date:sun, 13:42:43 GMT
Content-type:image/jpeg
content-length:5309
last-modified:wed, 07:55:12 GMT
Expires:sun, 13:42:43 GMT
cache-control:max-age=604800
Load-balancing:web39
Accept-ranges:bytes
age:29661
X-cache:hit from Yonglinux
X-cache-lookup:hit from yonglinux:3128
via:1.0 Yonglinux (squid/3.1.10)
Connection:keep-alive
set up squid proxy server to proxy only a few domain names
set the domain name whitelist, allow Baidu Sohu can access, others are refused;
Vim/etc/squid/squid.conf The following content is added to the Squid config file acl below;
ACL http Proto http
ACL Good_domain dstdomain. baidu.com.sohu.com
Http_access Allow HTTP Good_domain
Http_access deny HTTP!good_domain
use Curl test white list,Baidu,Sohu return status code is OK,QQ is not whitelist return 403;
[Email protected] ~]# curl-x192.168.22.30:3128www.sohu.com-i
http/1.0 OK
Content-type:text/html
Date:sun, 13:57:32 GMT
Server:sws
Vary:accept-encoding
Cache-control:no-transform, max-age=120
Expires:sun, 13:59:32 GMT
Last-modified:sun, 13:57:21 GMT
x-rs:11172604.20347654.12509576
Fss-cache:hit from 9861864.17726194.11198816
X-cache:miss from Yonglinux
X-cache-lookup:miss from yonglinux:3128
via:1.0 Yonglinux (squid/3.1.10)
Connection:keep-alive
[Email protected] ~]# curl-x192.168.22.30:3128www.qq.com-i
http/1.0 403 Forbidden
server:squid/3.1.10
mime-version:1.0
Date:sun, 22:04:30 GMT
Content-type:text/html
content-length:3254
X-squid-error:err_access_denied 0
Vary:accept-language
Content-language:en
X-cache:miss from Yonglinux
X-cache-lookup:none from yonglinux:3128
via:1.0 Yonglinux (squid/3.1.10)
Connection:keep-alive
Restrict certain domain names from being accessed by proxy
set the domain name blacklist, do not allow access to taobao.com JD.com;
Vim/etc/squid/squid.conf Add the following to the Squid config file ACL
ACL http Proto http
ACL Bad_domain dstdomain. taobao.com.jd.com
Http_access deny HTTP Bad_domain
use Curl test blacklist,Taobao,JD return status code is 403,51cto not blacklist return OK;
[Email protected] ~]# curl-x192.168.22.30:3128www.taobao.com-i
http/1.0 403 Forbidden
server:squid/3.1.10
mime-version:1.0
Date:sun, 21:35:22 GMT
Content-type:text/html
content-length:3266
X-squid-error:err_access_denied 0
Vary:accept-language
Content-language:en
X-cache:miss from Yonglinux
X-cache-lookup:none from yonglinux:3128
via:1.0 Yonglinux (squid/3.1.10)
Connection:keep-alive
[Email protected] ~]# curl-x192.168.22.30:3128www.jd.com-i
http/1.0 403 Forbidden
server:squid/3.1.10
mime-version:1.0
Date:sun, 21:35:32 GMT
Content-type:text/html
content-length:3254
X-squid-error:err_access_denied 0
Vary:accept-language
Content-language:en
X-cache:miss from Yonglinux
X-cache-lookup:none from yonglinux:3128
via:1.0 Yonglinux (squid/3.1.10)
Connection:keep-alive
[Email protected] ~]# curl-x192.168.22.30:3128 Www.51cto.com-I
http/1.0 OK
Server:tengine
Date:sun, 13:31:21 GMT
Content-type:text/html
Vary:accept-encoding
Load-balancing:web39
X-cache:miss from Yonglinux
X-cache-lookup:miss from yonglinux:3128
via:1.0 Yonglinux (squid/3.1.10)
Connection:keep-alive
Use IE Browser Test, you need to set up a proxy server, menu bar--Tools--Internet options--Connect-LAN settings, check proxy server-Advanced, fill the Squid Proxy server address and port number;
Configure squid under Linux (detailed configuration)