Squid + apache implements cache acceleration, squidapache

Squid + apache implements cache acceleration, squidapache

In this example, squid and apache are on the same machine. squid acts as the frontend reverse proxy, port 80, apache acts as the backend web, and port 81.

Server ip: 172.16.8.102

1. first, we will introduce the next version selection. Before testing, we must select a suitable squid version. Here we recommend 2.7, which features similar to 2.6 but better supports http1.1, there are also many features of version 3.0 and later.

2. Install squid2.7

Cd/usr/local/src

Tar-zxvf squid-2.7.STABLE9.tar.gz

Cd squid-2.7.STABLE9

. /Configure-prefix =/usr/local/squid2.7-enable-xmalloc-statistics -- enable-async-io = 320 -- with-maxfd = 65536-enable-useragent-log-enable- referer-log-enable-epoll-disable-poll-enable-large-cache-files-disable-internal-dns-enable-linux-netfilter-enable-truncate-enable-x- accelerator-vary-enable-follow-x-forwarded-for-with-large-files-with-pthreads-enable-storeio = "aufs, coss, diskd, ufs "-enable-kill-parent-hack-enable-gnuregex-enable-cache-digests-enable-delay-pools-enable-stacktraces-enable-default-err-language = Simplify_Chinese -enable-err-extensions ages = "Simplify_Chinese English" -- enable-auth = "basic" -- enable-basic-auth-helpers = "NCSA" -- enable-snmp

Make & make install

3. Create a suqid user

Useradd squid

4. Create a directory

Cd/data

Mkdir-p squid/cache

Chown-R squid. squid

5. Create a log directory

Cd/var/log

Mkdir cache

5. Configure squid. conf

Cd/usr/local/squid2.7

Vim squid. conf

Acl all src all
Acl manager proto cache_object
Acl localhost src 127.0.0.1/32
Acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
Acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
Acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
Acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
Acl SSL_ports port 443
Acl Safe_ports port 80 # http
Acl Safe_ports port 81 # http
Acl Safe_ports port 3128 # http
Acl Safe_ports port 8080 # http
Acl Safe_ports port 21 # ftp
Acl Safe_ports port 443 # https
Acl Safe_ports port 70 # gopher
Acl Safe_ports port 210 # wais
Acl Safe_ports port 1025-65535 # unregistered ports
Acl Safe_ports port 280 # http-mgmt
Acl Safe_ports port 488 # gss-http
Acl Safe_ports port 591 # filemaker
Acl Safe_ports port 777 # multiling http
Acl CONNECT method CONNECT
Http_access allow manager localhost localnet
Http_access deny! Safe_ports
Http_access deny CONNECT! SSL_ports
Http_access allow all
Icp_access allow localnet
Icp_access deny all
Http_port 80 accel vhost vport
Cache_peer 127.0.0.1 parent 81 0 no-query originserver name = test
Cache_peer_access test allow all
Hierarchy_stoplist cgi-bin?
Cache_mem 1024 MB
Maximum_object_size_in_memory 6 MB
Memory_replacement_policy lru
Cache_replacement_policy lru
Cache_dir ufs/data/squid/cache 1024 16 256
Maximum_object_size 6 MB
Cache_swap_low 90
Cache_swap_high 95
Access_log/var/log/squid/access. log
Cache_log/var/log/squid/cache. log
Refresh_pattern ^ftp: 144020% 10080
Refresh_pattern ^ gopher: 14400% 1440
Refresh_pattern-I (/cgi-bin/| \?) 0 0% 0
Refresh_pattern \. (jpg | png | gif | mp3 | xml | html | htm | css | js | aspx) 1440 50% 2880 ignore-reload
Refresh_pattern. 020% 4320
Acl shoutcast rep_header X-HTTP09-First-Line ^ ICY. [0-9]
Cache_vary on
Acl apache rep_header Server ^ Apache
Broken_vary_encoding allow all
Cache_inclutive_user squid
Cache_paitive_group squid
Visible_hostname 172.16.8.102
Icp_port 0
Reload_assist_ims on
Coredump_dir/usr/local/squid2.7/var/cache

Description of the changed parameters:

(1) acl Safe_ports port 81 # http
Acl Safe_ports port 3128 # http
Acl Safe_ports port 8080 # http

The port that can be accessed is defined here, because http_access deny! Safe_ports, as long as the port does not appear in Safe_ports, will be limited, this can be determined according to the actual situation.

(2) http_access allow all

Here, I define that all ip addresses can access squid, which is also used in the test environment. If it is an online application, set access restrictions accordingly.

(3) http_port 80 accel vhost vport

Define the port used to access squid.

If accel vhost vport is not added, your squid is used as a cache server by default. In this case, if a client sends a request to squid, squid forwards the request through the routing function, received by the Real web server, and the web server returns a response. When squid receives a response, it determines whether to cache the response header. squid is only a cache server.

If accel vhost vport is added, your squidsquid is changed from a cache server to a web server. At this time, squid listens for requests on port 80, at the same time, it is bound to the request port (vhost vport) of the web server. At this time, squid is requested. squid does not need to forward the request, instead, you can directly request data either from the cache or from the bound port. In addition, binding ports also offers the advantage of making full use of the expiration time header and etag header in the http Response Header.

Cache_peer 127.0.0.1 parent 81 0 no-query originserver name = test

Backend proxy port 81, port 81 is apache; no-query is not used for query and data is directly obtained; orginserver represents the source server; name defines the name of the backend proxy and can control the acl

(4) cache_mem 1024 MB

Set the memory used
Maximum_object_size_in_memory 6 MB

Sets the maximum memory occupied by cached objects.
Memory_replacement_policy lru

Cache_replacement_policy lru

Replacement Mechanism
Cache_dir ufs/data/squid/cache 1024 16 256

The cache directory size should be no less than cache_mem
Maximum_object_size 6 MB

Maximum single cache object

(5) access_log/var/log/squid/access. log
Cache_log/var/log/squid/cache. log

Set the squid log directory and pay attention to the log permissions. Otherwise, squid may fail to start.

(6) refresh_pattern \. (jpg | png | gif | mp3 | xml | html | htm | css | js | aspx) 1440 50% 2880 ignore-reload

Set the cache duration for files with suffixes such as jpg.

(7) cache_vary on

If you find that the squid cache hit rate is very low, even if you adjust refresh_pattern and maximum_object_size_in_memory, it is useless to increase the memory usage; Use cachemgr. in-Memory and In-Transit Objects In cgi statistics tools, we found that HTML/js/css not_in_memory and jpg/png and other images were cached, this parameter may be off.

This is because apache returns a vary: Accept-encoding in the response header, squid needs to use the value of the Accept-encoding field (gzip, deflate, and so on) in the "Browser" request header as part of the cache key when storing the cached file, therefore, different values of the Accept-encoding field must be stored. (There is a space difference in the Accept-encoding field value in the Request Header of IE and firefox. next time

When sending a request to squid, You need to first find the index file of the cache file, and then find the corresponding cache file based on the different Accep-encoding values in the index file. Cache vary off, so after gzip compression, all files containing the vary header will not be cached, so there is no impact on the cache policy, and jpg is originally compressed, excluding vary, it will naturally be cached.

(8) cache_inclutive_user squid
Cache_paitive_group squid

Set squid users and groups

(9) icp_port 0

Disable the icp neighbor. You can change this parameter if you want to use the squid cluster.

(10) reload_assist_ims on

With this global parameter enabled, no-cache sent from the client can be converted to If-Modified-Since for processing.

This parameter settings, you can refer to this blog http://blog.sina.com.cn/s/blog_56d8ea9001018xev.html

(11) hierarchy_stoplist cgi-bin?

This is the default parameter. Any request containing a question mark or cgi-bin string matches this list and becomes non-cascade.

Squid internally marks each client request as cascade or not cascade. Requests that cannot be stacked do not seem to cause cache hits. For example, the POST request response is almost never cached. When squid can easily connect to the original server, it is a waste of resources to forward requests that cannot be cached to the neighbor cache.
Some rules that distinguish between cascade and non-cascade requests are difficult to encode in squid. For example, the POST and PUT methods cannot always be stacked. However, the hierarchy_stoplist command allows you to customize this algorithm. It contains a string list. When they are found in the URI, squid marks the request as not cascade.

After changing the configuration file, you can initialize the cache directory and start squid.

/Usr/local/squid2.7/sbin/squid-z

/Usr/local/squid2.7/sbin/squid

Lsof-I: 80

Command pid user fd type device size/OFF NODE NAME
Squid 1399 squid 17u IPv4 9965038 0t0 TCP *: http (LISTEN)

Indicates that the instance is successfully started. If the instance is not successfully started, check the configuration file.

6. cachemgr. cgi statistical tool

Vim/usr/local/squid2.7/etc/cachemgr. conf

Localhost: 80

Port 80 is the http_port of squid

Cd/var/www/html

Mkdir squid/cgi-bin

Cp/usr/local/squid2.7/libexec/cachemgr. cgi/var/www/html/squid/cgi-bin

Set the corresponding access in apache

Vim/etc/httpd/conf. d/squid. conf

ScriptAlias/squid/cgi-bin/cachemgr. cgi/usr/local/squid2.7/libexec/cachemgr. cgi

# Only allow access from localhost by default
<Location/squid/cgi-bin/cachemgr. cgi>
Order allow, deny
# Allow from localhost. localdomain
Allow from all
# Add additional allowed hosts as needed
# Allow from .example.com
</Location>

Service httpd restart makes the configuration file take effect.

Because Apache uses port 81, we can directly access it through port 81.

Http: // 172.16.8.102: 81/squid/cgi-bin/cachemgr. cgi

Because we do not set the user name and password for direct access, but must be set to apply online.

7. apache configuration

I am directly using a test site for Website access configuration. I will not introduce it too much here. But here we will introduce the mod_expoires module of apache. This module can reduce repeated requests by about 10%, so that duplicate users can CACHE the specified page request results locally, no request is sent to the server.

Check that the mod_expires module is installed in apache. Therefore, you only need to configure it in/etc/httpd/conf. d/mod_expires.conf.

Vim/etc/httpd/conf. d/mod_expires.conf

<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 12 hours"
ExpiresByType text/html "access plus 3 days"
ExpiresByType text/plain "access plus 3 days"
ExpiresByType text/css "access plus 7 days"
ExpiresByType image/gif "access plus 30 days"
ExpiresByType image/png "access plus 30 days"
ExpiresByType image/jpeg "access plus 30 days"
ExpiresByType image/jpg "access plus 30 days"
ExpiresByType image/x-icon "access plus 30 days"
ExpiresByType video/x-flv "access plus 30 days"
ExpiresByType application/x-shockwave-flash "access plus 30 days"
</IfModule>

All files that can be cached are set to 12 hours by default, and files of the text, image, and video types are reset to the corresponding cache time.

After the configuration is complete, you can use service httpd restart.

Finally, we access the test and check that the cache hits.

How does squid restart to clear the cache?

Rd C: \ squid \ cache/s/q
Md C: \ squid \ cache
 
Low hit rate of squid

Squid is an excellent agent server software used in Linux.
Squid is not only available on Linux systems, but also on AIX, Digital Unix, FreeBSD, HP-UX, Irix, NetBSD, Nextstep, SCO, Solaris, and other systems.
Compared with other agent software in Linux, such as Apache, Socks, tis fwtk, and delegate, Squid is easy to download and install, simple and flexible in configuration, and supports caching and multiple protocols. With the ipchains + Squid solution, you can achieve high performance through caching and seamless access to the Internet.
Squid is a software used to cache internet data. It receives user download requests and automatically processes the downloaded data. That is to say, when a user wants to download a home page, it sends an application to Squid to download it for it, and then Squid connects to the requested website and requests the home page, the home page is sent to the user and a backup is retained at the same time. When other users apply for the same page, Squid immediately transmits the saved backup to the user, making the user feel that the speed is quite fast.
For Web users, Squid is a high-performance proxy cache server that can speed up Intranet Internet browsing and improve the client access hit rate. Squid not only supports HTTP, but also FTP, gopher, SSL, WAIS, and other protocols. Unlike general proxy cache software, Squid uses a separate, non-modular, I/O-driven process to process all client requests.
Squid caches data elements in the memory and DNS query results. In addition, Squid also supports non-modular DNS queries to negatively cache failed requests. Squid supports SSL and access control. Because of the use of ICP, Squid can implement overlapping proxy arrays to maximize bandwidth savings.
Squid is composed of a major service program Squid, a DNS query program dnsserver, several programs that rewrite requests and perform authentication, and several management tools. After Squid is started, it can derive a specified number of dnsserver processes, and each dnsserver process can execute a separate DNS query, which greatly reduces the server waiting for DNS query.
Another advantage of Squid is that it uses the access control list (ACL) and access permission list (ARL ). The access control list and access permission list reduce potential illegal Internet connections by blocking specific network connections, these lists can be used to ensure that the Intranet host cannot access a threatening or inappropriate site.
Squid's requirement on hardware is that the memory must be large and should not be less than 128 M. The faster the hard disk speed, the better. It is best to use the dedicated server SCSI hard disk, the less demanding processor, more than MH can be used. Of