Configure the Squid Proxy Server in Linux
Configure the Squid Proxy Server in Linux
1. What is squid?
Squid cache (Squid for short) is a popular free software (GNU General Public License) proxy server and Web cache Server. Squid has a wide range of uses, from cache-related requests as front cache servers of Web servers to improving the speed of Web servers, to cache the World Wide Web for a group of people to share network resources, domain Name System and other network search, to help network security by filtering traffic, to the LAN through the proxy to access the Internet. Squid is designed to run in Unix systems.
Squid has a long history and has complete functions. In addition to HTTP, FTP and HTTPS support is also quite good, and IPv6 is also supported in Beta 3.0.
Squid can be used as a proxy or cache;
Squid caching not only saves valuable bandwidth resources, but also greatly reduces the I/O of servers.
Squid can be both a forward proxy and a reverse proxy.
Forward proxy, squid is followed by the client, and the client needs to go online through Squid; reverse proxy, squid is followed by the server, and the server needs to go through squid to return data to the user.
Forward proxy is used in enterprise office environments. Employees need to use squid proxy to access the Internet, which can save network bandwidth resources. Reverse Proxy is used to build a cache server for static website items (images, html, streaming media, js, css, etc.). It is used in the website architecture.
2. Build a forward squid Proxy
Official Website for http://www.squid-cache.org/
Installation command: yum install-y squid
Squid-v view Version and compilation parameters (Squid Cache: Version 3.1.10)
>/Etc/squid. conf clears the configuration file;
Vim/etc/squid. conf
Add the following Configuration:
Http_port 3128
Acl manager proto cache_object
Acl localhost src 127.0.0.1/32: 1
Acl to_localhost dst 127.0.0.0/8 0.0.0.0/32: 1
Acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
Acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
Acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
Acl SSL_ports port 443
Acl Safe_ports port 80 8080
Acl Safe_ports port 21
Acl Safe_ports port 443
Acl CONNECT method CONNECT
Http_access allow manager localhost
Http_access deny manager
Http_access deny! Safe_ports
Http_access deny CONNECT! SSL_ports
Http_access allow localnet
Http_access allow localhost
Http_access allow all
Cache_dir aufs/data/cache 1024 16 256
Cache_mem 128 MB
Hierarchy_stoplist cgi-bin?
Coredump_dir/var/spool/squid
Refresh_pattern ^ ftp: 1440 20% 10080
Refresh_pattern ^ gopher: 1440 0% 1440
Refresh_pattern-I (/cgi-bin/| \?) 0 0% 0
Refresh_pattern \. (jpg | png | gif | mp3 | xml) 1440 50% 2880 ignore-reload
Refresh_pattern. 0 20% 4320
######################################## ################# This is the end
Configuration explanation:
Acl Safe_ports port 80 8080 # http port
Acl Safe_ports port 21 # ftp port
Acl Safe_ports port 443 # https port
Cache_dir aufs/data/cache 1024 16 256 #16 level-1 Directories With a cache space of 256 MB and subdirectories
Cache_mem 128 MB # memory size available for caching; fast data access in memory;
Mkdir/data/cache # create a cache directory
Chown-R squid: squid/data/cache # Change cache directory permissions
Squid-z # initialize the cache directory. The new squid version 3.1 can be omitted.
/Etc/init. d/squid start # start the squid service
Squid-k check # check whether the configuration file is incorrect. It can be abbreviated to-kche.
Squid-k rec # reload the configuration, short for reconfig;
Service squid restart # restart the squid service. Frequent restart is slow. You can killall squid to start the service first;
Check the configuration file and report the following error: cocould not determine this machines public hostname. please configure one or set 'visible _ hostname '. no public host name is defined. You need to configure the visible_hostname visual host name. (The squid will display the squid host name in the browser if something goes wrong)
Add visible_hostname yonglinux to the configuration file and no error is reported;
1234 [root @ yonglinux ~] # Squid-k check
03:09:18 | WARNING: cocould not determine this machines public hostname. Please configure one or set 'visible _ hostname '.
03:09:18 | WARNING: cocould not determine this machines public hostname. Please configure one or set 'visible _ hostname '.
Squid: ERROR: No running copy
Test in another linux: curl-x192.168.22.30: 3128 www.qq.com
Specify port 3128 of proxy server 192.168.22.30 to access the website;
The role of the proxy server is to allow users in the LAN to access the website quickly. On the other hand, it can control which websites users access. Employees are prohibited from watching videos and shopping during work;
Access images, test Cache, and Cache time. If X-Cache is HIT by HIT, the squid Cache takes effect. The first time is MISS;
[Root @ localhost ~] # Curl-x192.168.22.30: 100'
Squid: high-speed Web Access
CentOS 6.2 compilation and installation Squid configuration Reverse Proxy Server
Simple configuration of Squid proxy and reverse proxy
Build high-availability Web servers using DNS + Squid + Nginx + MySQL in CentOS 6.4
Squid details: click here
Squid: click here
This article permanently updates the link address: