Configure squid under Linux (detailed configuration)

1. What is squid

Squid cache( squid) is a popular free software (GNU general Public License) proxy Server and Web cache server. Squid has a wide range of uses, from caching related requests to the cache server as a Web server to improve the speed of Web servers, to share network resources for a group of people and cache the World Wide Web, domain name systems and other web searches, To help network security through filtering traffic, to the LAN through proxy Internet. Squid is primarily designed to operate on Unix -type systems.

Squid 's development history is quite long, the function is also quite perfect. In addition to HTTP , for FTP and HTTPS support is also very good, in the 3.0 Beta version also support the IPv6.

Squid can do proxies can also do cache;

Squid cache can not only save valuable bandwidth resources, but also can greatly reduce the server I/O

Squid can not only do the forward proxy, but also can do reverse proxy.

forward agent,squid behind is the client, the client Internet to go through squid ; reverse proxy,squid is behind the server, the server returned to the user data need to go squid .

positive agents used in the enterprise's office environment, employees need to access the Internet through Squid agent to the Internet, which can save network bandwidth resources. And the reverse proxy is used to build the site static items ( images,html, streaming media,js,CSS, etc. ) cache server, which is used in the site architecture.

2, to build squid forward agent

official website for http://www.squid-cache.org/

Install command:yum install-y squid

Squid-v View version and compilation parameters (Squid cache:version 3.1.10)

>/etc/squid/squid.conf emptying the configuration file;

Vim/etc/squid/squid.conf

Add the following configuration:

Http_port 3128

Visible_hostname Changjiangyun

ACL manager Proto Cache_object

Acllocalhost src 127.0.0.1/32:: 1

Aclto_localhost DST 127.0.0.0/8 0.0.0.0/32:: 1

acllocalnet SRC 10.0.0.0/8 # rfc1918possible Internal network

acllocalnet SRC 172.16.0.0/12 # rfc1918possible Internal network

acllocalnet src 192.168.0.0/16 # RFC1918 possible Internal network

Aclssl_ports Port 443

Aclsafe_ports Port 80 8080

Aclsafe_ports Port 21

Aclsafe_ports Port 443

Aclconnect Method CONNECT

Http_access allow manager localhost

Http_access Deny Manager

Http_access Deny! Safe_ports

Http_access Deny CONNECT! Ssl_ports

Http_access Allow LocalNet

http_access allow localhost

Http_access Allow all

Cache_dir Aufs/data/cache 1024 16 256

Cache_mem MB

Hierarchy_stoplist Cgi-bin?

Coredump_dir/var/spool/squid

Refresh_pattern ^ftp:1440 20% 10080

Refresh_pattern ^gopher:1440 0% 1440

Refresh_pattern-i (/cgi-bin/|\?) 0 0% 0

Refresh_pattern \. (jpg|png|gif|mp3|xml) 1440 50% 2880 ignore-reload

Refresh_pattern. 0 20% 4320

############################## to this end

Configuration explanation:

ACL safe_ports Port 8080 # http Ports

ACL safe_ports Port # FTP ports

ACLS safe_ports Port 443 # HTTPS ports

Cache_dir aufs/data/cache 1024M size of cache space One-level directory,

Cache_mem MB # The amount of memory that the cache can use, and the speed at which data is accessed in memory ;

Mkdir/data/cache # Creating a cache directory

Chown-r Squid:squid/data/cache # Change Cache directory Permissions

SQUID-Z # Initialize cache directory,squid new version 3.1 can be omitted

/etc/init.d/squid Start # starts squid service

Squid-k Check # can detect if the configuration file is wrong; can be shortened to -kche

Squid-k Rec # can reload configuration,reconfig shorthand;

Service Squid Restart # restart Squid services; Restart regular very slow, you can first killall squid, in the start service;

detection configuration file, error: Could not determine this machines public hostname. Please configureone or set ' Visible_hostname '. There is no public hostname defined, the Visible_hostname visual hostnameneeds to be configured; (squid problem, the host name of squid will be displayed in the browser )

in the configuration file, add:visible_hostname yonglinux will not error;

[Email protected] ~]# squid-k Check

2015/05/25 03:09:18| Warning:could Notdetermine this machines public hostname. Please configure one or set ' Visible_hostname '.

2015/05/25 03:09:18| Warning:could Notdetermine this machines public hostname. Please configure one or set ' Visible_hostname '.

Squid:ERROR:No Running Copy

Test on another Linux :curl-x192.168.22.30:3128 www.qq.com

Specify the proxy server 192.168.22.30 the 3128 port to access the website, provided that the proxy server can access the website;

The role of the proxy server is to allow local users to access the site quickly, on the other hand can control the user access to which websites; During work prohibit employees to watch video, shopping;

access pictures, test cache, cache time, X-cache for hit, indicating that the squid cache is in effect; first time for MISS;

[Email protected] ~]# curl-x192.168.22.30:3128 ' http://www.51cto.com/images/home/images/logo.jpg '-I

http/1.0 OK

Server:tengine

Date:sun, 13:42:43 GMT

Content-type:image/jpeg

content-length:5309

last-modified:wed, 07:55:12 GMT

Expires:sun, 13:42:43 GMT

cache-control:max-age=604800

Load-balancing:web39

Accept-ranges:bytes

age:29661

X-cache:hit from Yonglinux

X-cache-lookup:hit from yonglinux:3128

via:1.0 Yonglinux (squid/3.1.10)

Connection:keep-alive

set up squid proxy server to proxy only a few domain names

set the domain name whitelist, allow Baidu Sohu can access, others are refused;

Vim/etc/squid/squid.conf The following content is added to the Squid config file acl below;

ACL http Proto http

ACL Good_domain dstdomain. baidu.com.sohu.com

Http_access Allow HTTP Good_domain

Http_access deny HTTP!good_domain

use Curl test white list,Baidu,Sohu return status code is OK,QQ is not whitelist return 403;

[Email protected] ~]# curl-x192.168.22.30:3128www.sohu.com-i

http/1.0 OK

Content-type:text/html

Date:sun, 13:57:32 GMT

Server:sws

Vary:accept-encoding

Cache-control:no-transform, max-age=120

Expires:sun, 13:59:32 GMT

Last-modified:sun, 13:57:21 GMT

x-rs:11172604.20347654.12509576

Fss-cache:hit from 9861864.17726194.11198816

X-cache:miss from Yonglinux

X-cache-lookup:miss from yonglinux:3128

via:1.0 Yonglinux (squid/3.1.10)

Connection:keep-alive

[Email protected] ~]# curl-x192.168.22.30:3128www.qq.com-i

http/1.0 403 Forbidden

server:squid/3.1.10

mime-version:1.0

Date:sun, 22:04:30 GMT

Content-type:text/html

content-length:3254

X-squid-error:err_access_denied 0

Vary:accept-language

Content-language:en

X-cache:miss from Yonglinux

X-cache-lookup:none from yonglinux:3128

via:1.0 Yonglinux (squid/3.1.10)

Connection:keep-alive

Restrict certain domain names from being accessed by proxy

set the domain name blacklist, do not allow access to taobao.com JD.com;

Vim/etc/squid/squid.conf Add the following to the Squid config file ACL

ACL http Proto http

ACL Bad_domain dstdomain. taobao.com.jd.com

Http_access deny HTTP Bad_domain

use Curl test blacklist,Taobao,JD return status code is 403,51cto not blacklist return OK;

[Email protected] ~]# curl-x192.168.22.30:3128www.taobao.com-i

http/1.0 403 Forbidden

server:squid/3.1.10

mime-version:1.0

Date:sun, 21:35:22 GMT

Content-type:text/html

content-length:3266

X-squid-error:err_access_denied 0

Vary:accept-language

Content-language:en

X-cache:miss from Yonglinux

X-cache-lookup:none from yonglinux:3128

via:1.0 Yonglinux (squid/3.1.10)

Connection:keep-alive

[Email protected] ~]# curl-x192.168.22.30:3128www.jd.com-i

http/1.0 403 Forbidden

server:squid/3.1.10

mime-version:1.0

Date:sun, 21:35:32 GMT

Content-type:text/html

content-length:3254

X-squid-error:err_access_denied 0

Vary:accept-language

Content-language:en

X-cache:miss from Yonglinux

X-cache-lookup:none from yonglinux:3128

via:1.0 Yonglinux (squid/3.1.10)

Connection:keep-alive

[Email protected] ~]# curl-x192.168.22.30:3128 Www.51cto.com-I

http/1.0 OK

Server:tengine

Date:sun, 13:31:21 GMT

Content-type:text/html

Vary:accept-encoding

Load-balancing:web39

X-cache:miss from Yonglinux

X-cache-lookup:miss from yonglinux:3128

via:1.0 Yonglinux (squid/3.1.10)

Connection:keep-alive

Use IE Browser Test, you need to set up a proxy server, menu bar--Tools--Internet options--Connect-LAN settings, check proxy server-Advanced, fill the Squid Proxy server address and port number;

Configure squid under Linux (detailed configuration)