Configure the squid service

Configure the squid service

Chapter 4 configure the squid service

【What is squid?]

Squid is a well-known Agent software. It can not only run on linux, but also on windows and Unix, and its technology is very mature. Squid is widely used. Compared with other agent software in Linux, such as Apache, Socks, tis fwtk, and delegate, Squid is easy to download and install, simple and flexible in configuration, and supports caching and multiple protocols.

The Squid cache function is quite easy to use. It not only reduces bandwidth usage, but also greatly reduces the disk I/O pressure on the WEB server in the background. Squid receives the user's download application and automatically processes the downloaded data. That is to say, when a user wants to download a home page, it sends an application to Squid to download it for it, and then Squid connects to the requested website and requests the home page, the home page is sent to the user and a backup is retained at the same time. When other users apply for the same page, Squid immediately transmits the saved backup to the user, making the user feel that the speed is quite fast.

Squid caches data elements in the memory and DNS query results. In addition, Squid also supports non-modular DNS queries to negatively cache failed requests. Squid supports SSL and access control. Because of the use of ICP, Squid can implement overlapping proxy arrays to maximize bandwidth savings.

Squid's requirement on hardware is that the memory must be large and should not be less than 128 M. The faster the hard disk speed, the better. It is best to use the dedicated server SCSI hard disk, the less demanding processor, more than MH can be used.

【Install squid]

Wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE20.tar.gz

Tar zxvf squid-2.6.STABLE20.tar.gz

Cd squid-2.6.STABLE20
Ulimit-HSn 65535

Useradd squid
Compile Parameters
./Configure -- prefix =/usr/local/squid \
-- Disable-dependency-tracking \
-- Enable-dlmalloc \
-- Enable-gnuregex \
-- Disable-carp \
-- Enable-async-io = 240 \
-- With-pthreads \
-- Enable-storeio = ufs, aufs, diskd, null \
-- Disable-wccp \
Disable-wccpv2 \
-- Enable-kill-parent-hack \
-- Enable-cachemgr-hostname = localhost \
-- Enable-default-err-language = Simplify_Chinese \
-- With-build-environment = POSIX_V6_ILP32_OFFBIG \
-- With-maxfd= 65535 \
-- With-aio \
-- Disable-poll \
-- Enable-epoll \
-- Enable-linux-netfilter \
-- Enable-large-cache-files \
-- Disable-ident-lookups \
-- Enable-default-hostsfile =/etc/hosts \
-- With-dl \
-- With-large-files \
-- Enable-removal-policies = heap, lru \
-- Enable-delay-pools \
-- Enable-snmp \
-- Disable-internal-dns

Make & make install

For the squid version, it is necessary to mention that the latest version of squid has reached 3.1, But I think version 2.6 is quite useful. If you are interested, you can study version 3.1.

【Squid Configuration]

Edit the configuration file/usr/local/squid/etc/squid. conf

Delete the original configuration file and replace it:

Http_port 80 transparent

Cache_replacement_policy lru # If there are multiple (the following two rows) cache directories, you need to write this parameter
Cache_dir aufs/cache1 8192 16 256 # cache directory 1/cache1 with a size of 8 GB
Cache_dir aufs/cache2 4096 16 256 # cache directory 2/cache2 4 GB

# The preceding two rows define the cache directory, which can have only one or more.
Cache_mem 2048 MB # How much memory is allocated to squid. We recommend that you leave at least MB to the system. If the memory of your VM is small and only used for testing, you should allocate half of the memory to squid.
Maximum_object_size 2048 KB # The cached file cannot exceed 2 MB
Maximum_object_size_in_memory 512 KB # the maximum size of files cached in the memory cannot exceed 512 KB
Visible_hostname cache.example.com # host name displayed to the user
Client_persistent_connections off # disconnect a persistent connection from the client
Server_persistent_connections on # enable persistent connections on the server
Memory_pools on
Memory_pools_limit 1024 MB
Forwarded_for on
Log_icp_queries off
Cache_mgr cache@example.com # define the Administrator's mail as a cache@example.com
Via on
Httpd_suppress_version_string off
Cache_inclutive_user squid # define to run squid as the squid user
Cache_paitive_group squid
Error_directory/usr/local/squid/share/errors/Simplify_Chinese
Icon_directory/usr/local/squid/share/icons
Mime_table/usr/local/squid/etc/mime. conf
Ie_refresh off
Tcp_recv_bufsize 32 KB

Acl all src 0.0.0.0/0.0.0.0
Acl localhost src 127.0.0.0/8
Acl Mgr_ip src 127.0.0.0/8
Acl allow_ip dst 127.0.0.0/8 192.168.0.0/16 # define the web IP address or IP address segment that allows proxy
Acl PURGE method PURGE
Acl Safe_ports port 80 8080
Acl CONNECT method CONNECT
Acl manager proto cache_object
Acl HTTP proto HTTP

Http_access allow allow_ip
Http_access allow manager Mgr_ip
Http_access deny manager
Http_access deny PURGE
Http_access deny! Safe_ports
Http_access deny all
Icp_access deny all
Ipcache_size 1024
Ipcache_low 90
Ipcache_high 95
Memory_replacement_policy lru
Hosts_file/etc/hosts
Request_header_max_size 128 KB
Hierarchy_stoplist cgi-bin? \. Php \. html
Acl QUERY urlpath_regex cgi-bin \? \. Php \. html
Cache deny QUERY
Quick_abort_min-1 KB
Quick_abort_max 32 KB
Quick_abort_pct 95
# Error page
# Error_map http://www.92csz.com/404.html 403
# Deny_info http://www.92csz.com/error.html cctv_Domain
# Timeout
Peer_connect_timeout 20 seconds
Connect_timeout 20 seconds
Read_timeout 60 seconds
Request_timeout 20 seconds
Pconn_timeout 20 seconds
Shutdown_lifetime 5 seconds
Strip_query_terms off
Icp_port 0
# Logfile
Emulate_httpd_log on
Logformat combined %> a % ui % un [% tl] "% rm % ru HTTP/% rv" % Hs % # Access_log/log/squid-log/access. log combined
Cache_store_log/dev/null
Cache_log/var/log/squid/cache. log
Logfile_rotate 12
# MISCELLANEOUS
Store_objects_per_bucket 15
Client_db off

Save the configuration file after modification, and then initialize squid

Mkdir/cache1/cache2/var/log/squid

Chown-R squid: squid/cache1/cache2/var/log/squid

/Usr/local/squid/sbin/squid-z

# Used to generate a cache directory. If your configuration file is incorrectly configured, an error is often reported during initialization. The error message is displayed on the screen. After the initialization is successful, you can start squid. the startup command is:

Nohup/usr/local/squid/bin/RunCache &

After the startup, you can check the cache. log in this log. You can see a lot of information about squid, including some error logs.

If you want to start the instance, add the last line in/etc/rc. d/rc. local.

/Usr/local/bin/RunCache &

The configuration is complete, but there is another question: how to define the web and domain name to be proxy? Simply looking at the configuration file doesn't mean which web proxy is. Indeed, this configuration file can actually proxy multiple web pages, as long as you define the domain name and IP address of the proxy in/etc/hosts, the hosts format has been described earlier. I would like to remind you that if you are using multiple domain names on one web, please do not write a line, although hosts is allowed, but if you write an IP address corresponding to multiple domain names, an error occurs during squid proxy. Therefore, several lines of domain names are required.

After changing/etc/hosts, you must restart squid to make the change take effect:

/Usr/local/squid/sbin/squid-krec

Check whether there are any errors before restarting. The command is as follows:

/Usr/local/squid/sbin/squid-kcheck

If no error exists, no information is displayed. Otherwise, some information is displayed.