Squid configuration
1. What is squid
Squid can do proxies or cache.
Squid caching not only saves valuable bandwidth resources, but also greatly reduces the server's I/O.
Squid can not only do the forward proxy, but also can do reverse proxy.
Forward agent, squid behind is the client, the client Internet to go through squid; reverse proxy, squid is behind the server, the server returned to the user data need to go squid.
Positive agents used in the enterprise's office environment, employees need to access the Internet through Squid agent to the Internet, which can save network bandwidth resources. And the reverse proxy is used to build the site static items (images, HTML, streaming media, JS, CSS, etc.) cache server, which is used in the site architecture.
2. Build Squid forward Agent
[email protected] ~]# yum install-y squid
[[email protected] ~]# squid-v//view version and compile parameters
Squid cache:version 3.1.10
*****************************
[email protected] ~]# >/etc/squid/squid.conf
[email protected] ~]# vi/etc/squid/squid.conf
Http_port 3128
ACL manager Proto Cache_object
ACL localhost src 127.0.0.1/32:: 1
ACL to_localhost DST 127.0.0.0/8 0.0.0.0/32:: 1
ACL localnet src 10.0.0.0/8 # RFC1918 possible Internal network
ACL localnet src 172.16.0.0/12 # RFC1918 possible Internal network
ACL localnet src 192.168.0.0/16 # RFC1918 possible Internal network
ACL ssl_ports port 443
ACL safe_ports Port 8080 # http
ACL safe_ports Port # FTP
ACL safe_ports Port 443 # HTTPS
ACL Connect method Connect
Http_access allow manager localhost
Http_access Deny Manager
Http_access Deny! Safe_ports
Http_access Deny CONNECT! Ssl_ports
Http_access Allow LocalNet
http_access allow localhost
Http_access Allow all
Cache_dir Aufs/data/cache 1024 16 256
Cache_mem MB
Hierarchy_stoplist Cgi-bin?
Coredump_dir/var/spool/squid
Refresh_pattern ^ftp:1440 20% 10080
Refresh_pattern ^gopher:1440 0% 1440
Refresh_pattern-i (/cgi-bin/|\?) 0 0% 0
Refresh_pattern \. (jpg|png|gif|mp3|xml) 1440 50% 2880 ignore-reload
Refresh_pattern. 0 20% 4320
[[email protected] ~]# mkdir /data/cache //Create cache directory
[email protected] ~]# chown -r squid:squid /data/cache //Change Permissions
[email protected] ~]# squid - Z //Initialize the cache directory, this step can omit the
[[email protected] ~]#/etc/init.d/squid start
Starting squid: [OK]
[[email protected]~]# Squid-kcheck//Detect Squid configuration file is correct
2015/05/27 01:52:29| Warning:could not determine this machines public hostname. Please configure one or set ' Visible_hostname '.
2015/05/27 01:52:30| Warning:could not determine this machines public hostname. Please configure one or set ' Visible_hostname '.
[[email protected]~]# vi/etc/squid/squid.conf//Add in config filevisible_hostname aminglinux.com
[[email protected]~]# Squid-kcheck
[[email protected]~]# Squid-krec
[[email protected]~]# Service Squid Restart
Stop the Squid: ......... Determine
Starting squid:. Determine
[[email protected]mnt]# curl-x192.168.1.222:3128 Www.qq.com-I
http/1.0 OK
server:squid/3.4.1
Date:tue, 12:33:09 GMT
content-type:text/html; charset=gb2312
Vary:accept-encoding
Vary:accept-encoding
Expires:tue, 12:34:09 GMT
Cache-control:max-age=60
Vary:accept-encoding
Vary:accept-encoding
X-cache:hit from tianjin.qq.com
X-cache:miss from aminglinux.com
X-cache-lookup:miss from aminglinux.com:3128
via:1.0 aminglinux.com (squid/3.1.10)
Connection:keep-alive
Restrictions cannot access certain domain names:
[[email protected] ~]# vi/etc/squid/squid.conf//Add the following inside the Squid profile
ACL http Proto http
ACL Bad_domain dstdomain. taobao.com. JD.com
Http_access deny HTTP Bad_domain
[email protected] ~]# Squid-kche
[email protected] ~]# Squid-krec
[[email protected]mnt]# curl-x192.168.1.222:3128 Www.jd.com-I
http/1.0 403 Forbidden
server:squid/3.1.10
mime-version:1.0
Date:tue, 18:08:11 GMT
Content-type:text/html
content-length:3264
X-squid-error:err_access_denied 0
Vary:accept-language
Content-language:en
X-cache:miss from aminglinux.com
X-cache-lookup:none from aminglinux.com:3128
via:1.0 aminglinux.com (squid/3.1.10)
Connection:keep-alive
[[email protected] mnt]# curl -x192.168.1.222:3128 www.jd222.com -i
http/1.0 200 ok
Server:  NGINX
date: tue, 26 may 2015 12:40:52  GMT
content-type: text/html
vary: accept-encoding
x-cache: miss from AMINGLINUX.COM
x-cache-lookup: miss from aminglinux.com : 3128
via: 1.0 aminglinux.com (squid/3.1.10)
connection: keep-alive
To test on a browser:
650) this.width=650; "title=" 1.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/6D/70/ Wkiol1vkdcqg0xolaaer5nqds5e719.jpg "alt=" Wkiol1vkdcqg0xolaaer5nqds5e719.jpg "/>
650) this.width=650; "title=" 2.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/6D/75/wKiom1VkcprDZ_ Msaacnwernzwc512.jpg "alt=" Wkiom1vkcprdz_msaacnwernzwc512.jpg "/>
650) this.width=650; "title=" 3.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M01/6D/70/ Wkiol1vkdcqsab6oaadxflccax0850.jpg "alt=" Wkiol1vkdcqsab6oaadxflccax0850.jpg "/>
3. Build Squid Reverse Proxy
[email protected] ~]# vi/etc/squid/squid.conf
Http_port 3128 Change to Http_port Accel Vhost Vport
Add the following content:
Cache_peer 123.125.119.147 Parent 0 originserver Name=a
Cache_peer 61.135.169.125 Parent 0 originserver Name=b
Cache_peer_domain a www.qq.com
Cache_peer_domain b www.baidu.com
Previously added domain name White/blacklist related configuration removed
[[email protected]~]# Squid-kche
[[email protected]~]# Squid-krec
[[email protected]~]# Service Squid Restart
Stop the Squid: ......... Determine
Starting squid:. Determine
[[email protected]mnt]# curl-x192.168.1.222:80 Www.qq.com-I
http/1.0 OK
server:squid/3.4.1
Date:tue, 13:00:45 GMT
content-type:text/html; charset=gb2312
Vary:accept-encoding
Vary:accept-encoding
Expires:tue, 13:01:45 GMT
Cache-control:max-age=60
Vary:accept-encoding
Vary:accept-encoding
X-cache:hit from tianjin.qq.com
X-cache:miss from aminglinux.com
X-cache-lookup:miss from aminglinux.com:80
via:1.0 aminglinux.com (squid/3.1.10)
Connection:keep-alive
[[email protected]mnt]# curl-x192.168.1.222:80 Www.aminglinux.com-I
http/1.0 503 Service Unavailable
server:squid/3.1.10
mime-version:1.0
Date:tue, 18:29:06 GMT
Content-type:text/html
content-length:3455
X-squid-error:err_cannot_forward 0
Vary:accept-language
Content-language:en
X-cache:miss from aminglinux.com
X-cache-lookup:miss from aminglinux.com:80
via:1.0 aminglinux.com (squid/3.1.10)
Connection:keep-alive
650) this.width=650; "title=" 4.png "src=" Http://s3.51cto.com/wyfs02/M01/6D/75/wKiom1VkcrXwNcQNAAF7p9bnhc4683.jpg " alt= "Wkiom1vkcrxwncqnaaf7p9bnhc4683.jpg"/>
Squid service built under Linux system