Install and configure Squid Proxy Server in CentOS 6.4

Source: Internet
Author: User
Tags squid proxy

I. Introduction

The Proxy Server stands for Proxy Server. Its function is to obtain network information from the Proxy network user.

Squid is a software used to cache Internet data. It receives user download requests and automatically processes the downloaded data. When a user wants to download a home page, he/she can send an application to Squid to download the page instead of Squid. Then, Squid connects to the requested website and requests the home page, the home page is sent to the user and a backup is retained at the same time. When other users apply for the same page, Squid immediately transmits the saved backup to the user, making the user feel that the speed is quite fast. Squid can act as a proxy for HTTP, FTP, GOPHER, SSL, WAIS, and other protocols. Squid can be automatically processed and Squid can be set as needed to filter out unwanted items.

1.1 Workflow

In contemporary ServerYesWhen the client needs data:

A. the client sends a data request to the proxy server;

B. the proxy server checks its own data cache;

C. The proxy server finds the data you want in the cache and retrieves the data;

D. the proxy server returns the data obtained from the cache to the client.

In contemporary ServerNoWhen the client needs data:

1. The client sends a data request to the proxy server;

2. the proxy server checks its own data cache;

3. the proxy server does not find the data the user wants in the cache;

4. the proxy server sends data requests to the remote server on the Internet;

5. The remote server returns the response data;

6. the proxy server retrieves data from the remote server, returns the data to the client, and keeps a copy of the data in its own cache.

The Squid Proxy Server works on the TCP/IP application layer.

1.2 Squid Classification

Depending on the proxy type, Squid proxy can be divided into forward proxy and reverse proxy. Forward proxy can be divided into common proxy and transparent proxy according to different implementation methods.

  • Common Proxy: the client needs to specify the address and port of the proxy server in the browser;
  • Transparent Proxy: Applicable to enterprise gateway hosts (shared access to the Internet). The client does not need to specify the proxy server address, port, and other information, the proxy server needs to set a firewall policy to forward the client's Web access data to the proxy service program for processing;
  • Reverse Proxy: the proxy server is used to receive connection requests from the internet and then forward the requests to servers on the internal network, return the result obtained from the server to the Client Requesting connection from the internet. The proxy server is displayed as a server.

Official Address: http://www.squid-cache.org/

Reference: http://www.squid-cache.org/Doc/config/

Ii. System Environment

Operating System: CentOS release 6.4 (Final)

Squid version: squid-3.1.10-20.el6_5.3.x86_64

SELINUX = disabled

HTTP Service: stoped

3. Install the Squid service

3.1 check whether the squid software is installed

# Rpm-qa | grep squid

3.2 If not, use yum to install

# Yum-y install squid

Iv. Description of the squid server configuration file

The main configuration file of squid is/etc/squid. conf. All squid settings are configured in this file. The following describes the configuration options of this file.

Http_port 3128 // set the IP address and port number of the listener cache_mem 64 MB // additional memory provided to squid. The total memory usage of squid is X * 10 + 15 + "cache_mem ", the size of the squid cache (in GB ),
// For example, if the cache size below is 100 MB, that is, 0.1 GB, the total memory usage is 0.1*10 + 15 + 64 = 80 M, the recommended size is 1/3-1/2 of the physical memory or more. Maximum_object_size 4 MB // sets the maximum size of files cached on the squid disk. Files larger than 4 MB are not saved to the hard disk.

Minimum_object_size 0 KB // sets the minimum file size cached by the squid disk.

Maximum_object_size_in_memory 4096 KB // sets the maximum size of files cached by squid memory. Files larger than 4 MB are not saved to the memory.
Cache_dir ufs/var/spool/squid 100 16 256 // defines the squid cache storage path and cache directory capacity (in MB), number of level-1 cache directories, number of level-2 Cache directories logformat combined % & gt; a % ui % un [% tl] "% rm % ru HTTP/% rv" % Hs % <st "% {Referer}> h" "% {User-Agent }& gt; h "% Ss: % Sh // log File log format access_log/var/log/squid/access. log combined // log file storage path and log format

Cache_log/var/log/squid/cache. log // set cache logs
Logfile_rotate 60 // log rounds the 60-day cache_swap_high 95 // when the cache directory usage exceeds 95%, start to clean up the old cachecache_swap_low 90 // stop when the cache directory is cleared to 90%. Acl localnet src 192.168.1.0/24 // define the region network segment http_access allow localnet // allow the region network segment to use http_access deny all // reject all visible_hostname squid. david. dev // host name cache_mgr mchina_tang@qq.com // administrator mailbox

For more information about ACL, see the official document http://www.squid-cache.org/doc/config /.

Note:Squid2.0 and squid3.0 are quite different. If the squid is not correctly started after configuration, please refer to the corresponding version descriptions in the official documentation.

5. Common proxy service

Standard and traditional proxy services require the client to specify the address and port of the proxy server in the browser.

The topology of the experiment is as follows:

Http_port 3128 cache_mem 64 MB maximum_object_size 4 MB cache_dir ufs/var/spool/squid 100 16 256 access_log/var/log/squid/access. log acl localnet src 192.168.1.0/24 http_access allow localnet http_access deny all visible_hostname squid. david. dev cache_mgr mchina_tang@qq.com

5.3 Initialization

# Squid-z

Vi. Transparent proxy service

For enterprise gateway hosts, the client does not need to specify the proxy server address, port, and other information. The Web access data of the client is transferred to the proxy service program for processing through iptables.

The topology of the experiment is as follows:

Http_port 3128 transparent cache_mem 64 MB maximum_object_size 4 MB cache_dir ufs/var/spool/squid 100 16 256 access_log/var/log/squid/access. log acl localnet src 192.168.1.0/24 http_access allow localnet http_access deny all visible_hostname squid. david. dev cache_mgr mchina_tang@qq.com

Add the transparent keyword after http_port 3128.

6.2 reload

Reload makes the preceding configuration take effect.

#/Etc/init. d/squid reload

6.3 add iptables rules to redirect internal http requests to port 3128

A. Start the iptables service.

#/Etc/init. d/iptables start

VII. Reverse Proxy Service

Provides cache acceleration for Internet users to access enterprise Web sites.

The topology of the experiment is as follows:

Http_port 80 accel vhost http_access allow all cache_peer 192.168.1.18 parent 80 0 originserver round-robin weight = 1 cache_peer 192.168.1.19 parent 80 0 originserver round-robin weight = 1 hour squid. david. dev cache_mgr mchina_tang@qq.com

7.4 start the Squid service

Squid failed to start because the squid listening port configured above is 80, which is in conflict with the system's http service, so the http service should be stopped.

7.5 squid failed to start and shut down the self-started apache service.

7.6 Test

Squid uses round-robin. Therefore, client access polls two web servers and uses "Ctrl + F5" to perform a deep refresh test.

Web1:

8. Practical Application

The following experiment simulates access to different machines through different domain names to achieve load balancing in enterprise applications. In the address bar of the browser, enter www. squid. dev to access the machine 192.168.1.18, access bbs. squid. dev, and access 192.168.1.19.

The topology of the experiment is as follows:

Http_port 80 accel vhost http_access allow all cache_peer 192.168.1.18 parent 80 0 originserver name = www cache_peer 192.168.1.19 parent 80 0 originserver name = bbs cache_peer_domain www. squid. dev cache_peer_domain bbs. squid. dev visible_hostname squid. david. dev cache_mgr mchina_tang@qq.com

8.3 configure the client

The DNS service can be used for resolution. For convenience, you can directly specify it in the hosts file.

Modify the C: \ Windows \ System32 \ drivers \ etc \ hosts file

David Camp

  • For technical exchange, add the QQ group:

System O & M Technology: 296513821

  • For business cooperation, contact the author QQ: 562866602
  • My ID: mchina_tang
  • Write to me: mchina_tang@qq.com
  • My address: Suzhou, Jiangsu Province

We always believe that sharing is a virtue |We Believe, Great People Share Knowledge...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.