The domain name of this instance is Wenjin.cache. ibm.com.cn , through DNS the polling technology, the client's request is distributed to one of the Squid reverse proxy server processing, if the squid cache the user's request resource, the requested resource is returned directly to the user, otherwise this Squid will not cache requests are sent to neighbor Squid and background Web server processing according to the configured rules, which reduces the load of the background Web server and improves the performance and security of the whole website. The system structure Figure 3 is as follows:
Figure 3. System structure
Configuration of the system environment:
- A DNS server: Operating system FREEBSD, software BIND 9.5,ip 192.168.76.222;
- Three squid servers: operating system Linux as 4, software Squid 3.0, the corresponding IP is as follows:
- Three WEB servers: Operating system Linux as 4, application Tomcat 5.0+mysql, the corresponding IP address is as follows:
webserver1:192.168.76.227
|
Installation and configuration of application software
Configure the DNS server
The software utilizes the bind 9.5 that comes with FREEBSD. Then configure bind for the system, first modify the bind configuration file/etc/namedb/named.conf, add in the file
Then add the cache.ibm.com.cn file under the/etc/namedb/master directory with the following contents:
$TTL
@ in SOA search. ibm.com.cn. Root ibm.com.cn.
20080807
3600
900
3600)
In NS
1 in PTR
Wenjin in A
Wenjin in A
Wenjin in A 192.168.76.225 |
This way, when the user requests, DNS resolves the wenjin.cache.ibm.com.cn domain name to one of 192.168.76.223, 192.168.76.224, and 192.168.76.225 through a polling mechanism.
After the configuration is complete, run RNDC star T to start the bind service. You can set the named_enable= "YES" in the/etc/rc.conf to start from the boot.
Use Ps–a |grep named to see if the bind service is up;
Use Nslookup wenjin.cache.ibm.com.cn to test whether the BIND service is functioning properly.
Configuring the SQUID1 Server
- Download the squid-3.0.stable8.tar.gz source package and place it in the/home directory
tar – zxvf squid-3.0.STABLE8.tar.gzUnzip
Set Configuration parameters: cd squid-3.0.STABLE10
./configure–prefix=/usr/local/squid |
Install squid in the/usr/local directory- Compile and install:
make&make install The squid directory will be seen in the/usr/local directory after installation.
- Configuring the Squid configuration file
Edit Squid.conf file,vi /usr/local/squid/etc/squid.conf
Cache_effective_user Squid
Cache_effective_group Squid
######### set the hostname of squid, if no this squid will not start
Visible_hostname squid1.nlc.gov.cn
############# configuring Squid for Accelerated mode #################
Http_port Accel Vhost Vport
Icp_port 3130
##### configures Squid2, SQUID3 as its neighbor, and when Squid1 does not find the requested resource in its cache,
To get the cache from its neighbors through an ICP query
Cache_peer squid2.ibm.com.cn Sibling 80 3130
Cache_peer squid3.ibm.com.cn Sibling 80 3130
##### the three parent nodes of the SQUID1, the Originserver parameter indicates the source server,
The Round-robin parameter indicates that squid distributes the request to one of the parent nodes by polling;
Squid also checks the health status of these parent nodes, if the parent node is down,
Then squid will fetch data from the remaining Origin servers.
Cache_peer 210.82.118.195 parent 8080 0 no-query originserver round-robin \
Name=webserver1
Cache_peer 192.168.76.226 parent 8080 0 no-query originserver round-robin \
Name=webserver2
Cache_peer 192.168.76.227 parent 8080 0 no-query originserver round-robin \
Name=webserver3
# # # # # # Forward requests for wenjin.cache.ibm.com.cn domains to one of three parent nodes through RR polling
Cache_peer_domain webServer1 webServer2 WebServer3 wenjin.cache.ibm.com.cn
##### Here are some of the settings for access control, logging, and cache directories
ACL localnet src 192.168.76.223 192.168.76.224 192.168.76.225
ACL all src 0.0.0.0/0.0.0.0
Http_access Allow all
Icp_access Allow LocalNet
Cache_log/usr/local/squid/var/logs/cache.log
Access_log/usr/local/squid/var/logs/access.log Squid
Cache_dir ufs/usr/local/squid/var/cache/1000 16 256
Some optimization of squid by ####### ###############
Maximum_object_size 10240 KB # # # # can cache the maximum object is 10M
Maximum_object_size_in_memory KB # # # # # Maximum Object 512K in-memory cache
Cache_mem MB # # #squid amount of memory used for caching |
After saving: Wq exit.
Add in the/etc/hosts file
192.168.76.223
192.168.76.224
192.168.76.225 squid3.ibm.com.cn |
After saving: Wq exit.
Check that the Squid configuration file is correct or not:/usr/local/squid/bin/squid – k parse
Generate Cache Directory/usr/local/squid/bin/squid – z
Startsquid:/usr/local/squid/bin/squid
Configuring SQUID2 and SQUID3 Servers
The configuration method and configuration parameters of the SQUID2 and SQUID3 servers are the same as the SQUID1, when the configuration is complete, the Squid service on both servers is started separately.
In squid log file Cache.log, the following log message shows that the three squid were successfully configured as sibling, and three parent agents were configured.
2008/11/17 10:08:47| Ready to serve requests.
|
Test
Before testing, ensure that the DNS service, the three Squid services, and the three Web services are normal. When the client enters http://wenjin.cache.ibm.com.cn, the page is displayed correctly. The server-side response is transparent to the client, and the client does not know which WEB server the request is processing, and one of the Squid servers or WEB servers fails, and does not affect the normal operation of the service.
Configuration reverse proxy experiment of squid2.6 most positive solution
Configuring the reverse proxy under CentOS5.1 (squid2.6)
Tool:squid-2.6.stable6-4.el5
Topology diagram
For example, there are two networks: a private network within the company: 192.168.1.0/24;internet External network: 10.66.0.0/24.
The company's internal network has two servers:
Server A provides two services, port 81 provides service 1, and Port 82 provides service 2.
Server B provides a service that provides services through port 80来.
Squid as the company's internal server reverse proxy, two network cards, the IP is: eth0:10.66.0.80 (connected to the Internet outside the network); eth1:192.168.1.200 (connect to the company's internal private network).
The Internet external network accesses the company's internal servers through the Squid proxy server. For example, Client 10.66.0.174 does not have direct access to the company's internal servers, but rather squid access to the company's internal servers.
External network Client access to the company's internal network server process, for example, as follows:
First, modify the/etc/hosts file on the client side, adding the following three lines:
10.66.0.80 www.serverA1.com www
10.66.0.80 www.serverA2.com www
10.66.0.80 www.serverB.com www
Note: Add these three lines in order to allow the client to resolve these three domain names (www.serverA1.com www.serverA2.com www.serverB.com), which corresponds to the IP of 10.66.0.80 (Squid reverse proxy server IP)
Here, squid reverse proxy server listening port: 8000 (Default is: 3128)
On the client side, open the browser and enter in the browser address bar: www.serverA1.com:8000 shows the entire flow of data received by the client after the request was made.
Phase 1: Here the client in the browser address bar input: www.serverA1.com:8000 through the client local/etc/hosts resolution, the domain name www.serverA1.com corresponding IP is 10.66.0.80 (squid reverse proxy server), so the client sends a request to Squid reverse proxy server port 8000.
Note: In the client browser address bar input: www.serverA1.com:8000 and http://10.66.0.80:8000 are not the same, although all are requests Squid reverse proxy Server 8000 port, but they have the essential difference. If the squid server is accessed via IP http://10.66.0.80:8000, it is not possible to allow the Squid server to proxy for multiple servers inside the internal network, and squid can only request the client's request to the "one" server in the internal network. In order to achieve Squid can be on the internal network of multiple servers proxy, need to use the domain name method, for example, here the WWW.SERVERA1.COM:8000,SQUID server received such a request, it will resolve the Host is www.serverA1.com, in the configuration Squid, there are two options, Cache_peer and Cache_peer_domain, these two configuration items let Squid have the ability to know www.serverA1.com this request is ultimately to access the company's internal network server a 81 port, So that Squid to the internal multi-server Agent function requirements. (see following for the use of Cache_peer and Cache_peer_domain).
Phase 2: As described above, the SQUID server receives a request from the client, a look is www.serverA1.com. Squid knows the next step to request the company's internal network server a 81 port.
Phase 3:server A Services 1 (service 1) Monitoring port 81, received squid sent over the request, so according to the request to send the corresponding data to the SQUID server.
Phase 4:squid receives data sent from port 81 from Server A, it caches the data locally and sends the data from its own 8000 port to the client on the external network.
At the end of the four steps above, the client receives the desired data.
It is worth noting that throughout the entire process, the server of the company's internal network is transparent to the client, that is, the client does not know what server the internal network has and what services it provides. The client simply accesses the 8000 port of the SQUID server and then obtains the corresponding data.
Understanding the squid as the agent, the client's request flow, the following describes some of the Squid configuration items (squid.conf)
Note: The following is a description of some of the basic configuration items for Squid, which focus on explaining the configuration items involved with multiple servers as proxies. There is a need for the reader to have some basic knowledge of squid, but also about squid there are many not mentioned configuration items, some configuration items directly affect the performance of Squid server, not described here.
Let′s begin:)
Http_port 8000 Vhost # SQUID server monitors native 8000 ports, Vhost supports virtual hosts.
Cache_peer 192.168.1.50 Parent Bayi 0 no-query originserver weight=1 name=a
Cache_peer 192.168.1.50 Parent 0 no-query originserver weight=1 name=b
Cache_peer 192.168.1.51 Parent 0 no-query originserver weight=1 name=c
Cache_peer_domain a www.serverA1.com
Cache_peer_domain b www.serverA2.com
Cache_peer_domain C www.serverB.com
# above six lines configuration, let Squid server know:
# The request comes from the client, and if it is www.serverA1.com, Squid sends a request to port 81 of ServerA 192.168.1.50;
# The request comes from the client, and if it is www.serverA2.com, Squid sends a request to port 82 of ServerA 192.168.1.50;
# The request comes from the client, and if it is www.serverB.com, Squid sends a request to port 80 of ServerA 192.168.1.50;
Cache_dir Ufs/squid_cache 256 16 256 # Specify the directory where the Squid server holds the data
ACL all src 0.0.0.0/0.0.0.0
Http_access Allow all
Cache_peer_access a Allow all
Cache_peer_access b Allow all
Cache_peer_access C Allow all
# Set access permissions to allow all external clients access to a B C (three virtual hosts we define)
Other configuration items are available by default.
Note: Squid-2.6.stable6-4.el5 's main profile/etc/squid/squid.conf has more than 4,000 lines, most of which are comments, it should be said that it is easier to configure a basic proxy server (forward, reverse) based on this configuration file. I am in the configuration process, the main problem is not know how to let squid to multiple servers as a reverse proxy (different IP corresponding server, the same IP different port corresponding server), in the review of some documents, did a lot of experiments, only then made. The key configuration items are these two instructions: Cache_peer and Cache_peer_domain. These two instructions are also one of the main differences between squid-2.6 and squid-2.5 (Red Hat RHLE4 integrates SQUID-2.5,RHEL5 integration is Squid-2.6). In squid-2.5, the key configuration directives involved in the reverse proxy are: Httpd_accel_host, Httpd_accel_port, Httpd_accel_single_host, Httpd_accel_with_proxy, Httpd_accel_uses_host_header. Httpd_accel_* This series of instructions, in the Squid-2.6 have been removed, take the Cache_peer, Cache_peer_domain, cache_peer_access these three instructions
SQUID Reverse Proxy Accelerator website
