Squid service built under Linux system

Source: Internet
Author: User

Squid configuration

1. What is squid

Squid can do proxies or cache.

Squid caching not only saves valuable bandwidth resources, but also greatly reduces the server's I/O.

Squid can not only do the forward proxy, but also can do reverse proxy.

Forward agent, squid behind is the client, the client Internet to go through squid; reverse proxy, squid is behind the server, the server returned to the user data need to go squid.

Positive agents used in the enterprise's office environment, employees need to access the Internet through Squid agent to the Internet, which can save network bandwidth resources. And the reverse proxy is used to build the site static items (images, HTML, streaming media, JS, CSS, etc.) cache server, which is used in the site architecture.


2. Build Squid forward Agent

[email protected] ~]# yum install-y squid

[[email protected] ~]# squid-v//view version and compile parameters
Squid cache:version 3.1.10

*****************************

[email protected] ~]# >/etc/squid/squid.conf
[email protected] ~]# vi/etc/squid/squid.conf

Http_port 3128

ACL manager Proto Cache_object

ACL localhost src 127.0.0.1/32:: 1

ACL to_localhost DST 127.0.0.0/8 0.0.0.0/32:: 1

ACL localnet src 10.0.0.0/8 # RFC1918 possible Internal network

ACL localnet src 172.16.0.0/12 # RFC1918 possible Internal network

ACL localnet src 192.168.0.0/16 # RFC1918 possible Internal network

ACL ssl_ports port 443

ACL safe_ports Port 8080 # http

ACL safe_ports Port # FTP

ACL safe_ports Port 443 # HTTPS

ACL Connect method Connect

Http_access allow manager localhost

Http_access Deny Manager

Http_access Deny! Safe_ports

Http_access Deny CONNECT! Ssl_ports

Http_access Allow LocalNet

http_access allow localhost

Http_access Allow all

Cache_dir Aufs/data/cache 1024 16 256

Cache_mem MB

Hierarchy_stoplist Cgi-bin?

Coredump_dir/var/spool/squid

Refresh_pattern ^ftp:1440 20% 10080

Refresh_pattern ^gopher:1440 0% 1440

Refresh_pattern-i (/cgi-bin/|\?) 0 0% 0

Refresh_pattern \. (jpg|png|gif|mp3|xml) 1440 50% 2880 ignore-reload

Refresh_pattern. 0 20% 4320

[[email protected]  ~]# mkdir  /data/cache  //Create cache directory
[email protected]  ~]# chown  -r squid:squid /data/cache  //Change Permissions
[email protected]  ~]# squid - Z  //Initialize the cache directory, this step can omit the

[[email protected] ~]#/etc/init.d/squid start
Starting squid: [OK]

[[email protected]~]# Squid-kcheck//Detect Squid configuration file is correct
2015/05/27 01:52:29| Warning:could not determine this machines public hostname. Please configure one or set ' Visible_hostname '.
2015/05/27 01:52:30| Warning:could not determine this machines public hostname. Please configure one or set ' Visible_hostname '.
[[email protected]~]# vi/etc/squid/squid.conf//Add in config filevisible_hostname aminglinux.com
[[email protected]~]# Squid-kcheck
[[email protected]~]# Squid-krec
[[email protected]~]# Service Squid Restart

Stop the Squid: ......... Determine

Starting squid:. Determine


[[email protected]mnt]# curl-x192.168.1.222:3128 Www.qq.com-I
http/1.0 OK
server:squid/3.4.1
Date:tue, 12:33:09 GMT
content-type:text/html; charset=gb2312
Vary:accept-encoding
Vary:accept-encoding
Expires:tue, 12:34:09 GMT
Cache-control:max-age=60
Vary:accept-encoding
Vary:accept-encoding
X-cache:hit from tianjin.qq.com
X-cache:miss from aminglinux.com
X-cache-lookup:miss from aminglinux.com:3128
via:1.0 aminglinux.com (squid/3.1.10)
Connection:keep-alive


Restrictions cannot access certain domain names:

[[email protected] ~]# vi/etc/squid/squid.conf//Add the following inside the Squid profile

ACL http Proto http

ACL Bad_domain dstdomain. taobao.com. JD.com

Http_access deny HTTP Bad_domain

[email protected] ~]# Squid-kche
[email protected] ~]# Squid-krec

[[email protected]mnt]# curl-x192.168.1.222:3128 Www.jd.com-I
http/1.0 403 Forbidden
server:squid/3.1.10
mime-version:1.0
Date:tue, 18:08:11 GMT
Content-type:text/html
content-length:3264
X-squid-error:err_access_denied 0
Vary:accept-language
Content-language:en
X-cache:miss from aminglinux.com
X-cache-lookup:none from aminglinux.com:3128
via:1.0 aminglinux.com (squid/3.1.10)
Connection:keep-alive

[[email protected]  mnt]# curl -x192.168.1.222:3128 www.jd222.com -i
http/1.0 200 ok
Server:  NGINX
date: tue, 26 may 2015 12:40:52  GMT
content-type: text/html
vary: accept-encoding
x-cache: miss from  AMINGLINUX.COM
x-cache-lookup: miss from aminglinux.com : 3128
via: 1.0 aminglinux.com  (squid/3.1.10)
connection: keep-alive


To test on a browser:

650) this.width=650; "title=" 1.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/6D/70/ Wkiol1vkdcqg0xolaaer5nqds5e719.jpg "alt=" Wkiol1vkdcqg0xolaaer5nqds5e719.jpg "/>

650) this.width=650; "title=" 2.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/6D/75/wKiom1VkcprDZ_ Msaacnwernzwc512.jpg "alt=" Wkiom1vkcprdz_msaacnwernzwc512.jpg "/>

650) this.width=650; "title=" 3.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M01/6D/70/ Wkiol1vkdcqsab6oaadxflccax0850.jpg "alt=" Wkiol1vkdcqsab6oaadxflccax0850.jpg "/>


3. Build Squid Reverse Proxy

[email protected] ~]# vi/etc/squid/squid.conf

Http_port 3128 Change to Http_port Accel Vhost Vport

Add the following content:

Cache_peer 123.125.119.147 Parent 0 originserver Name=a

Cache_peer 61.135.169.125 Parent 0 originserver Name=b

Cache_peer_domain a www.qq.com

Cache_peer_domain b www.baidu.com

Previously added domain name White/blacklist related configuration removed

[[email protected]~]# Squid-kche
[[email protected]~]# Squid-krec
[[email protected]~]# Service Squid Restart
Stop the Squid: ......... Determine
Starting squid:. Determine

[[email protected]mnt]# curl-x192.168.1.222:80 Www.qq.com-I
http/1.0 OK
server:squid/3.4.1
Date:tue, 13:00:45 GMT
content-type:text/html; charset=gb2312
Vary:accept-encoding
Vary:accept-encoding
Expires:tue, 13:01:45 GMT
Cache-control:max-age=60
Vary:accept-encoding
Vary:accept-encoding
X-cache:hit from tianjin.qq.com
X-cache:miss from aminglinux.com
X-cache-lookup:miss from aminglinux.com:80
via:1.0 aminglinux.com (squid/3.1.10)
Connection:keep-alive

[[email protected]mnt]# curl-x192.168.1.222:80 Www.aminglinux.com-I
http/1.0 503 Service Unavailable
server:squid/3.1.10
mime-version:1.0
Date:tue, 18:29:06 GMT
Content-type:text/html
content-length:3455
X-squid-error:err_cannot_forward 0
Vary:accept-language
Content-language:en
X-cache:miss from aminglinux.com
X-cache-lookup:miss from aminglinux.com:80
via:1.0 aminglinux.com (squid/3.1.10)
Connection:keep-alive

650) this.width=650; "title=" 4.png "src=" Http://s3.51cto.com/wyfs02/M01/6D/75/wKiom1VkcrXwNcQNAAF7p9bnhc4683.jpg " alt= "Wkiom1vkcrxwncqnaaf7p9bnhc4683.jpg"/>



Squid service built under Linux system

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.