I. Introduction
The proxy server stands for proxy server. Its function is to obtain network information from the proxy network user.
Squid is a software used to cache Internet data. It receives user download requests and automatically processes the downloaded data. When a user wants to download a home page, he/she can send an application to squid to download the page instead of squid. Then, squid connects to the requested website and requests the home page, the home page is sent to the user and a backup is retained at the same time. When other users apply for the same page, squid immediately transmits the saved backup to the user, making the user feel that the speed is quite fast. Squid can act as a proxy for HTTP, FTP, Gopher, SSL, WAIS, and other protocols. Squid can be automatically processed and squid can be set as needed to filter out unwanted items.
1.1 Workflow
In contemporary ServerYesWhen the client needs data:
A. the client sends a data request to the proxy server;
B. the proxy server checks its own data cache;
C. The proxy server finds the data you want in the cache and retrieves the data;
D. the proxy server returns the data obtained from the cache to the client.
In contemporary ServerNoWhen the client needs data:
1. The client sends a data request to the proxy server;
2. the proxy server checks its own data cache;
3. the proxy server does not find the data the user wants in the cache;
4. the proxy server sends data requests to the remote server on the Internet;
5. The remote server returns the response data;
6. the proxy server retrieves data from the remote server, returns the data to the client, and keeps a copy of the data in its own cache.
The Squid Proxy Server works on the TCP/IP application layer.
1.2 squid Classification
Depending on the proxy type, Squid proxy can be divided into forward proxy and reverse proxy. Forward proxy can be divided into common proxy and transparent proxy according to different implementation methods.
- Common Proxy: the client needs to specify the address and port of the proxy server in the browser;
- Transparent Proxy: Applicable to enterprise gateway hosts (shared access to the Internet). The client does not need to specify the proxy server address, port, and other information, the proxy server needs to set a firewall policy to forward the client's Web access data to the proxy service program for processing;
- Reverse Proxy: the proxy server is used to receive connection requests from the Internet and then forward the requests to servers on the internal network, return the result obtained from the server to the Client Requesting connection from the Internet. The proxy server is displayed as a server.
Official Address: http://www.squid-cache.org/
Reference: http://www.squid-cache.org/Doc/config/
Ii. System Environment
Operating System: centos release 6.4 (final)
Squid version: squid-3.1.10-20.el6_5.3.x86_64
SELinux = disabled
HTTP service: stoped
3. Install the squid service
3.1 check whether the squid software is installed
# Rpm-Qa | grep squid
3.2 If not, use Yum to install
# Yum-y install squid
3.3 set auto-start upon startup
# Chkconfig -- level 35 squid on // automatically runs the squid service on level 3 and 5
Iv. Description of the squid server configuration file
The main configuration file of squid is/etc/squid. conf. All squid settings are configured in this file. The following describes the configuration options of this file.
Http_port 3128 // set the IP address and port number of the listener cache_mem 64 MB // additional memory provided to squid. The total memory usage of squid is x * 10 + 15 + "cache_mem ", the size of the Squid cache (in GB ),
// For example, if the cache size below is 100 MB, that is, 0.1 GB, the total memory usage is 0.1*10 + 15 + 64 = 80 m, the recommended size is 1/3-1/2 of the physical memory or more. Maximum_object_size 4 MB // sets the maximum size of files cached on the squid disk. Files larger than 4 MB are not saved to the hard disk.
Minimum_object_size 0 kb // sets the minimum file size cached by the squid disk.
Maximum_object_size_in_memory 4096 kb // sets the maximum size of files cached by squid memory. Files larger than 4 MB are not saved to the memory.
Cache_dir ufs/var/spool/squid 100 16 256 // defines the Squid cache storage path and cache directory capacity (in MB), number of level-1 cache directories, number of level-2 Cache directories logformat combined % & gt; A % UI % UN [% TL] "% RM % Ru HTTP/% RV" % hs % <ST "% {Referer}> H" "% {User-Agent }& GT; H "% SS: % sh // Log File log format access_log/var/log/squid/access. log combined // log file storage path and log format
Cache_log/var/log/squid/cache. Log // set cache logs
Logfile_rotate 60 // log rounds the 60-day cache_swap_high 95 // when the cache directory usage exceeds 95%, start to clean up the old cachecache_swap_low 90 // stop when the cache directory is cleared to 90%. ACL localnet SRC 192.168.1.0/24 // define the region network segment http_access allow localnet // allow the region network segment to use http_access deny all // reject all visible_hostname squid. david. dev // host name cache_mgr [email protected] // administrator email
For more information about ACL, see the official document http://www.squid-cache.org/doc/config /.
Note:Squid2.0 and squid3.0 are quite different. If the squid is not correctly started after configuration, please refer to the corresponding version descriptions in the official documentation.
5. Common proxy service
Standard and traditional proxy services require the client to specify the address and port of the proxy server in the browser.
The topology of the experiment is as follows:
5.1 configure the IP address of the Squid Proxy Server
Change the IP address of eth1 to 200.168.10.1
# Ifconfig eth1 200.168.10.1
5.2 edit the squid main configuration file/etc/squid. conf
http_port 3128 cache_mem 64 MB maximum_object_size 4 MB cache_dir ufs /var/spool/squid 100 16 256 access_log /var/log/squid/access.log acl localnet src 192.168.1.0/24 http_access allow localnet http_access deny all visible_hostname squid.david.dev cache_mgr [email protected]
5.3 Initialization
# Squid-z
5.4 start squid
#/Etc/init. d/squid start
5.5 configure the Web Server
A. install Apache
# Rpm-Qa | grep httpd
# Yum-y install httpd
B. Start Apache and add it to startup
#/Etc/init. d/httpd start
# Chkconfig httpd on
C. Create index.html
# Echo "
D. Modify the Web Server IP Address
Change the IP address of the web server to 200.168.10.2
# Ifconfig eth0 200.168.10.2
5.6 configure the Client IP Address
5.7 configure browser proxy
Open the browser (for example, ie), choose menu bar> Tools> Internet Options> connection> LAN Settings> proxy server, and set the settings in the following format.
5.8 Test
The test is successful.
5.9 test error page
In the virtualbox of the Oracle Vm, because the IP address is manually set above, the Internet cannot be accessed, just to test the access error page.
The parameters set in the squid configuration file are displayed on the error page.
Vi. Transparent proxy service
For enterprise gateway hosts, the client does not need to specify the proxy server address, port, and other information. The web access data of the client is transferred to the proxy service program for processing through iptables.
The topology of the experiment is as follows:
6.1 modify the squid main configuration file/etc/squid. conf
http_port 3128 transparent cache_mem 64 MB maximum_object_size 4 MB cache_dir ufs /var/spool/squid 100 16 256 access_log /var/log/squid/access.log acl localnet src 192.168.1.0/24 http_access allow localnet http_access deny all visible_hostname squid.david.dev cache_mgr [email protected]
Add the transparent keyword after http_port 3128.
6.2 reload
Reload makes the preceding configuration take effect.
#/Etc/init. d/squid reload
6.3 add iptables rules to redirect internal HTTP requests to port 3128
A. Start the iptables service.
#/Etc/init. d/iptables start
B. Clear existing iptables filter table rules
# Iptables-F
C. Save iptables settings
#/Etc/init. d/iptables save
D. View NAT table settings
# Iptables-T nat-l-N
E. Add a rule to the NAT table.
# Iptables-T nat-I prerouting-I eth0-s 192.168.1.0/24-P TCP -- dport 80-J redirect -- to-port 3128
F. Save
G. Set iptables to boot
# Chkconfig iptables on
6.4 modify the Client IP Address
Set the default gateway to the Intranet IP address of the squid server.
6.5 cancel proxy settings in the browser
6.6 Test
The transparent proxy test is successful.
VII. Reverse Proxy Service
Provides cache acceleration for Internet users to access enterprise web sites.
The topology of the experiment is as follows:
7.1 disable Firewall
#/Etc/init. d/iptables stop
7.2 modify the Web server Homepage
Web1:
# Echo "
Web2:
# Echo "
7.3 configure squid
http_port 80 accel vhost http_access allow all cache_peer 192.168.1.18 parent 80 0 originserver round-robin weight=1 cache_peer 192.168.1.19 parent 80 0 originserver round-robin weight=1 visible_hostname squid.david.dev cache_mgr [email protected]
7.4 start the squid service
Squid failed to start because the squid listening port configured above is 80, which is in conflict with the system's HTTP service, so the HTTP service should be stopped.
7.5 squid failed to start and shut down the self-started apache service.
7.6 Test
Squid uses round-robin. Therefore, client access polls two web servers and uses "Ctrl + F5" to perform a deep refresh test.
Web1:
Web2:
View squid access logs.
8. Practical Application
The following experiment simulates access to different machines through different domain names to achieve load balancing in enterprise applications. In the address bar of the browser, enter www. Squid. Dev to access the machine 192.168.1.18, access bbs. Squid. Dev, and access 192.168.1.19.
The topology of the experiment is as follows:
8.1 modify the Web server Homepage
Web1:
# Echo "
Web2:
# Echo "
8.2 configure squid
http_port 80 accel vhost http_access allow all cache_peer 192.168.1.18 parent 80 0 originserver name=www cache_peer 192.168.1.19 parent 80 0 originserver name=bbs cache_peer_domain www www.squid.dev cache_peer_domain bbs bbs.squid.dev visible_hostname squid.david.dev cache_mgr [email protected]
8.3 configure the client
The DNS service can be used for resolution. For convenience, you can directly specify it in the hosts file.
Modify the c: \ windows \ system32 \ drivers \ etc \ hosts file
8.4 test network conditions
8.5 test www. Squid. Dev
8.6 test bbs. Squid. Dev
8.7 view squid access logs
8.8 view the Apache access logs of the two servers
# Tailf/var/log/httpd/access. Log
The test is successful.
David camp
- For technical exchange, add the QQ group:
System O & M Technology: 296513821
- For business cooperation, contact the author QQ: 562866602
- My ID: mchina_tang
- Write to me: [email protected]
- My address: Suzhou, Jiangsu Province
We always believe that sharing is a virtue |We believe, great people share knowledge...