Linux Squid Service App

What is squid?

Squid is a relatively well-known agent software , it can not only run on Linux can also run on Windows and UNIX, its technology is very mature. The current users of squid are also very extensive. Squid and other agent software under Linux, such as Apache, Socks, TIS fwtk and delegate, download installation is simple, configuration is simple and flexible, support caching and a variety of protocols.

Squid is used a lot because of its caching function, squid cache can not only save valuable bandwidth resources , but also can greatly reduce the server I/O. From an economic standpoint, it is an integral part of many Web site architectures.

squid can not only do the forward proxy, but also can do reverse proxy . when acting as a forward proxy, squid is behind the client, and the client wants to surf the internet, regardless of what web it has to go through squid. When a user (client) wants to request a home page, it sends a request to squid, squid requests it, and squid Connect the site that the user wants to request and request the homepage, and then pass the page to the user while keeping a backup, and when another user requests the same page, squid passes the saved backup immediately to the user, making the user feel quite fast. When using the forward proxy, the client needs to do some setup to implement, that is, the agent that we set in the IE option normally. and the reverse proxy is, squid behind a site of the server, the client requests the site, will first send the request to squid, and then squid to handle the user's request action. Amin teaches you a particularly easy distinction: the forward agent, squid behind the client, the client Internet to go through squid; reverse proxy, squid is behind the server, the server returned to the user data need to go squid.

You might ask, when do you need to configure a forward proxy, and when to configure a reverse proxy? Amin's view is that the positive agents used in the enterprise's office environment , employees need to access the Internet through Squid agent to the Internet, which can save network bandwidth resources. Instead, the reverse proxy is used to build a cache server for static items (images, HTML, streaming media, JS, CSS, etc.) in the Web site architecture .

Example: forward proxy

User A wants to access Server B to go through n multiple gateways, and it is possible that these gateways do not allow user a access.

There is a server Z with direct access to Server B and no need to go through those gateways. At this point, Z is the proxy server. The proxy at this point is the forward proxy. The agent is the client, and at this point server B does not know that access to it is User A, only know that it is Z access to it, and do not know who is behind Z. The forward proxy user is aware that there is a proxy server z exists and requires the user to manually set IE (to increase speed, which is unlikely to be possible,)

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/8B/46/wKiom1hI0HqgSgMUAACNrMwfE8o026.png "title=" s2.png "alt=" Wkiom1hi0hqgsgmuaacnrmwfe8o026.png "/>

Example: reverse proxy

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/8B/43/wKioL1hI0inipDEYAAFPHlR-VV4708.png "title=" s3.png "alt=" Wkiol1hi0inipdeyaafphlr-vv4708.png "/>

The original resource Server B in the picture is not available to access the resources outside. User A would not be allowed to access B directly. Because the firewall is qualified. At this point in the B to do a reverse proxy server z, let Z to request data, so that users can access the z to achieve the purpose of access B. This is the reverse proxy. (The reverse proxy server Z is the site provider to the user, the user does not know The backend also has Server B)

---------------------------------------------------------------

Example 1: Build squid forward Proxy

Official website for http://www.squid-cache.org/

Yum install-y Squid

Squid-v viewing versions and compiling parameters

>/etc/squid/squid.conf

Vim/etc/squid/squid.conf

[email protected] ~]# Yum install-y squid #安装 squids

[[email protected] ~]# vim/etc/squid/squid.conf #打开配置文件, open the cache file storage directory

Cache_dir ufs/var/spool/squid #启用缓存存放目录 100M in size

Cache_mem MB #如果有这行打开, if not manually added. Enable some memory as a cache to speed up

# ADD any of your own Refresh_pattern entries above these.

Refresh_pattern ^ftp:1440 20% 10080

Refresh_pattern ^gopher:1440 0% 1440

Refresh_pattern-i (/cgi-bin/|\?) 0 0% 0

Refresh_pattern. 0 20% 4320

Refresh_pattern \. (jpg|png|js|css|mp3|mp4) 1440 20% 2880 ignore_reload

#添加缓存匹配, this line is manually added. Save exit

[[email protected] squid]#/etc/init.d/squid start #启动 squid service

#启动服务失败, error not set " visible_hostname"

[Email protected] squid]# vim/etc/squid/squid.conf

Refresh_pattern \. (jpg|png|js|css|mp3|mp4) 1440 20% 2880 ignore_reload

Visible_hostname linux-test #设置visible_hostname

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/8B/43/wKioL1hI2tGy-9gAAAEdj0xXrAw106.jpg "title=" s4.jpg "alt=" Wkiol1hi2tgy-9gaaaedj0xxraw106.jpg "/>

2016/12/08 13:07:19| WARNING Cache_mem is larger than total disk cache space!

* This article is also reported Cache_mem set too large, Cache_mem set to 128M, and the cache directory is 100M, so this setting is unreasonable, will cache_mem change to 28M, smaller than the cache directory.

Start:

[[email protected] squid]#/etc/init.d/squid start

Starting squid: [OK]

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M01/8B/44/wKioL1hI68CT_XqhAACCybgh2Nc929.jpg "title=" s5.jpg "alt=" Wkiol1hi68ct_xqhaaccybgh2nc929.jpg "/>

[Email protected] squid]# Ls/var/spool/squid/

Geneva, Geneva, 0A 0B 0C 0D 0E 0F swap.state

[[email protected] squid]# NETSTAT-LNP #squid Port is 3128

TCP 0 0:::3128 :::* LISTEN 2488/(squid)

Http_port 3128 This proxy port is available for change.

--------------------------------------------------

The client makes the test settings agent and then opens the Web page. The website is accessible, but at this point we cannot confirm that the Internet is done through an agent. You can only carry out a packet capture test on a Linux host.

10.72.4.50 port:3128

[Email protected] ~]# tcpdump-nn port 3128 #如果没有这个命令, yum install-y tcpdump

Proof that the agent has entered into force.

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/8B/44/wKioL1hI73CD6KBMAANFAvbIgPo879.jpg "title=" s6.jpg "alt=" Wkiol1hi73cd6kbmaanfavbigpo879.jpg "/>

Enter into the cache directory can be viewed to access the resulting pro file 650) this.width=650; "Src=" http://s4.51cto.com/wyfs02/M02/8B/44/ Wkiol1hi8evzc8r5aag8whrk50s563.jpg "title=" s7.jpg "alt=" Wkiol1hi8evzc8r5aag8whrk50s563.jpg "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/8B/44/wKioL1hI8R2ALw8RAAAkYd0DaS4779.png "title=" s8.png "alt=" Wkiol1hi8r2alw8raaakyd0das4779.png "/>

-------------------------------------------------------

Access control settings ( bai Ming ): At this time the proxy site can access any site, then you have to do some settings to restrict certain sites.

[Email protected] ~]# vim/etc/squid/squid.conf

ACL http Proto http

ACL good_domain dstdomain . linux.com. baidu.com #允许访问的. Dstdomain Specify target domain

Http_access Allow Good_domain

Http_access deny !good_domain # "! "Not" Good_domain "

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The careless fault of the Landlord (episode)

[Email protected] ~]# Squid-kcheck #检查配置文件有没有错

2016/12/08 14:21:14| Redreshaddtolist:unknown option ' \. (Jpg|gif|png|js|css|mp3|mp4) ': ignore_reload

# the wrong "ignore_reload" should be "ignore-reload"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[[email protected] ~]# squid-kcheck #再次检查没有输出, no error

[Email protected] ~]# squid-kreconfig #重新应用配置文件

Testing on the Windows client

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/8B/49/wKioL1hJCYfisyz_AAELI63V2MQ900.jpg "style=" float: none; "title=" s9.jpg "alt=" Wkiol1hjcyfisyz_aaeli63v2mq900.jpg "/>

650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M00/8B/4C/wKiom1hJCYnz_1lrAACIYYrA6CI095.jpg "style=" float: none; "title=" s10.jpg "alt=" Wkiom1hjcynz_1lraaciyyra6ci095.jpg "/>

On a Linux client uplink curl test

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/8B/49/wKioL1hJC4WTYFS0AADNyNS-yPk709.jpg "title=" S11.jpg "alt=" Wkiol1hjc4wtyfs0aadnyns-ypk709.jpg "/>

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Access Control settings ( haeming single )

ACL bad_domain dstdomain. linux.com. baidu.com #不允许访问的

Http_access deny Bad_domain

Http_access allow!bad_domain #非bad_domain

The pro-test is rejected.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/8B/49/wKioL1hJEEqQJ705AAD4E4jWWLA831.jpg "title=" S12.jpg "alt=" Wkiol1hjeeqqj705aad4e4jwwla831.jpg "/>

--------------------------------------------------------------

Settings for the reverse proxy:

[[email protected] ~]# vim/etc/squid/squid.conf #因为作为用户来看访问的是服务器, do not know is the agent.

Http_port 3128 #更改为http_port accel vhost vport

Cache_peer 180.97.33.108 Parent 0 originserver Name=baidu

Cache_peer_domain Baidu Www.baidu.com

#以 Www.baidu. com, for example, first ping Baidu's IP 180.97.33.108, specify the proxy name: Oribinserver Name=baidu. If you want to delegate another site, write two more lines, one for each of the two lines. And be sure to know the source IP of the website.

[Email protected] ~]# Squid-kcheck

[Email protected] ~]# Squid-kreconfig

[[email protected] ~]# NETSTAT-LNP #端口被nginx occupancy

TCP 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1206/nginx

[Email protected] ~]#/etc/init.d/nginx stop #停掉nginx,

[[email protected] ~]#/etc/init.d/squid Stop

Stopping squid: ....... ..... [OK]

[[email protected] ~]#/etc/init.d/squid start

Starting squid:. [OK]

[[email protected] ~]# NETSTAT-LNP #确认squid using 80 port

TCP 0 0::: +:::* LISTEN 1589/(squid)

Write the proxy URL in the Test side of Windows C:\windowns\system32\drivers\etc\hosts

192.168.31.135 www.baidu.com www.qq.com www.sina.com

Testing on Linux Clients

650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M02/8B/52/wKiom1hJaQzhXSYyAAH3CrHOrUw022.jpg "style=" float: none; "title=" s13.jpg "alt=" Wkiom1hjaqzhxsyyaah3crhoruw022.jpg "/>

In the windowns Pc side of the test: Baidu network can go up, QQ cannot access.

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/8B/52/wKiom1hJaQ2jdxwDAAFVsVZXhfI605.jpg "style=" float: none; "title=" s14.jpg "alt=" Wkiom1hjaq2jdxwdaafvsvzxhfi605.jpg "/>

This article is from the "Cbo#boy_linux Road" blog, make sure to keep this source http://20151213start.blog.51cto.com/9472657/1880945

Linux Squid Service App