First, Introduction
Proxy Server English full name is proxy server, its function is proxy network users to obtain network information.
Squid is a software that caches Internet data, receives a user's download request, and automatically processes the downloaded data. When a user wants to download a homepage, they can send a request to squid to download it instead, then squid connects to the requested website and requests the homepage, and then passes the page to the user while keeping a backup, and when other users apply for the same page, squid The saved backups are immediately passed on to the user, making the user feel quite fast. Squid can proxy http, FTP, GOPHER, SSL and WAIS protocols and squid can be processed automatically, you can set the squid according to their own needs, so that they filter out the unwanted things.
1.1 Work Flow
When there is data required by the client in the proxy server:
A. The client sends data requests to the proxy server;
B. The proxy server checks its own data cache;
C. The proxy server finds the user's desired data in the cache and extracts the data;
D. The proxy server returns the data obtained from the cache to the client.
When there is no data required by the client in the proxy server:
1. The client sends data requests to the proxy server;
2. The proxy server checks its own data cache;
3. The proxy server does not find the data that the user wants in the cache;
4. The proxy server sends data requests to remote servers on the Internet;
5. Remote server response, return the corresponding data;
6. The proxy server obtains data from the remote server, returns it to the client, and retains a copy of the data in its own cache.
Squid Proxy Server works in the application layer of TCP/IP.
1.2 Squid Category
According to the different types of agents, squid agent can be divided into a forward proxy and reverse proxy, the forward proxy, according to the implementation of different ways, but also can be divided into ordinary agents and transparent agents.
Official address: http://www.squid-cache.org/
Reference Document: http://www.squid-cache.org/Doc/config/
Second, the system environment
Operating system: CentOS release 6.4 (Final)
Squid version: squid-3.1.10-20.el6_5.3.x86_64
Selinux=disabled
HTTP service:stoped
Third, the installation of Squid service
3.1 Check if squid software is installed
# Rpm-qa|grep Squid
3.2 If it is not installed, install it using the Yum method
# yum-y Install Squid
3.3 Setting up boot from
# chkconfig--level squid on//automatic squid service on 3 and 5 levels
Four, Squid server configuration file description
Squid's main configuration file is/etc/squid/squid.conf, all squid settings are configured in this file, let us explain the configuration options for this file.
Http_port3128//Set the listening IP and port numberCache_memMB//Extra memory for squid, squid memory is always x * 10+15+ "Cache_mem", where x is the capacity of squid cache (in gigabytes),
For example, the following cache size is 100M, that is 0.1GB, the total memory consumption is 0.1*10+15+64=80m, the recommended size is the physical memory of 1/3-1/2 or more.Maximum_object_size4 MBSet Squid disk cache Max file, files over 4M are not saved to hard disk
Minimum_object_size 0 KB//Set Squid disk cache minimum file
Maximum_object_size_in_memory 4096 KB//Set squid memory cache Max file, files over 4M not saved to memory
Cache_dir Ufs/var/spool/squid10016256//Defines the cache storage path for squid, cache directory capacity (unit m), number of cache directories, level two cache directoryLogformat combined%>a%ui%un [%TL]"%RM%ru HTTP/%RV"%Hs%<st"%{referer}>h""%{user-agent}>h"%ss:%sh//Log file formatAccess_log/var/log/squid/access.log combined//Log file storage path and log format
Cache_log/var/log/squid/cache.log//Set cache log
Logfile_rotate60//Log round 60 daysCache_swap_high95//When the cache directory usage is greater than 95%, start cleaning up the old cacheCache_swap_low90 //cache directory is stopped when it cleans to 90%. acl localnet src 192.168. 1.0/24 // define local network segment http_access allow localnet // allows local network segments to use http_access deny all // reject All visible_hostname squid.david.dev // hostname cache_mgr [email protected] admin mailbox
On the ACL knowledge, you can self-check Baidu, other more advanced options, please refer to the Official document: http://www.squid-cache.org/Doc/config/.
Note:squid2.0 and squid3.0 difference is still very large, if the configuration is complete, start squid is not correct, please refer to the official documentation of the corresponding version of the instructions.
V. General Agency Services
The standard, traditional proxy service requires the client to specify the address and port of the proxy server in the browser.
The experimental topology diagram is as follows:
5.1 Configuring the Squid Proxy server IP address
Modify the IP address of the eth1 to 200.168.10.1
# ifconfig eth1 200.168.10.1
5.2 Editing Squid Master profile/etc/squid/squid.conf
31284 Access_log/var/log/squid/192.168. 1.0/ http_access allow localnet http_access deny all visible_hostname squid.david.dev cache_mgr [email Protec Ted]
5.3 Initialization
# squid–z
5.4 Starting Squid
#/etc/init.d/squid Start
5.5 Configuring the Web server
A. Installing Apache
# Rpm-qa|grep HTTPD
# yum-y Install httpd
B. Launch Apache and join boot boot
#/ETC/INIT.D/HTTPD Start
# Chkconfig httpd on
C. Create index.html
# echo "
D. Modifying the Web server IP address
Modify the IP address of the Web server to 200.168.10.2
# ifconfig Eth0 200.168.10.2
5.6 Configuring the Client IP address
5.7 Configuring the browser agent
Open the browser (for example in IE, other similar), the Internet Options----LAN settings---proxy server, and so on, menu bar, tools, and so on, in the following format.
5.8 Testing
The test was successful.
5.9 Test Error page
In Oracle VM VirtualBox, because the IP address is manually set above, the extranet is inaccessible, just to test the page where the error is accessed.
You can see the parameters set in the Squid configuration file displayed on the error page.
Vi. Transparent Proxy Services
The gateway host for the enterprise, the client does not need to specify the proxy server address, port and other information, through Iptables the client's Web Access data to the agent service program processing.
The experimental topology diagram is as follows:
6.1 Modifying Squid Master profile/etc/squid/squid.conf
Transparent Cache_mem 4 MB maximum_object_size cache_dir ufs/var/spool/squid access_log/var/log/squid/a Ccess.log ACL localnet src 192.168.1.0/24 http_access allow localnet http_access deny all Visible_hostname Squid.david.dev cache_mgr [email protected]
Add the transparent keyword after http_port 3128.
6.2 Reload
Reload let the above configuration take effect.
#/etc/init.d/squid Reload
6.3 Add Iptables rule to redirect internal HTTP requests to Port 3128
A. Starting the Iptables service
#/etc/init.d/iptables Start
B. Clearing existing iptables filter table rules
# iptables-f
C. Save Iptables settings
#/etc/init.d/iptables Save
D. View NAT Table settings
# iptables-t Nat-l-N
E. Adding a rule to the NAT table
# iptables-t Nat-i prerouting-i eth0-s 192.168.1.0/24-p tcp--dport 80-j REDIRECT--to-port 3128
F. Saving
G. Setting up Iptables boot
# chkconfig Iptables on
6.4 Modifying the client IP address
Set the default gateway to the intranet IP address of the squid server.
6.5 In the browser, cancel the proxy settings
6.6 Testing
Transparent proxy test succeeded.
Seven, reverse proxy services
Provides cache acceleration for Internet users to access enterprise Web sites.
The experimental topology diagram is as follows:
7.1 Shutting down the firewall
#/etc/init.d/iptables Stop
7.2 Modifying the Web Server home page
WEB1:
# echo "
WEB2:
# echo "
7.3 Configuring Squid
192.168. 0 originserver round-robin weight=1192.168. 0 originserver round-robin weight=1 visible_hostname squid.david.dev cache_mgr [email protected]
7.4 Start Squid Service
Squid boot failed, because the above set squid listening port is 80, and the system HTTP service conflict, so the HTTP service to stop.
7.5 Squid failed to start, the system boot from the Apache service shutdown.
7.6 Testing
Squid uses Round-robin, so client access will poll two Web servers with "Ctrl + F5" to refresh the test in depth.
WEB1:
WEB2:
View squid's access logs.
Viii. Practical Application
The following experiment will simulate the use of different domain names to access different machines, simple to achieve load balancing in enterprise applications. The client enters Www.squid.dev in the browser address bar, will access 192.168.1.18 this machine, Access Bbs.squid.dev, will access 192.168.1.19 this machine.
The experimental topology diagram is as follows:
8.1 Modifying the Web Server home page
WEB1:
# echo "
WEB2:
# echo "
8.2 Configuring Squid
192.168. 0 originserver name=192.168. 0 originserver name=bbs cache_peer_domain www www.squid.dev cache_peer_domain bbs bbs.squid.dev visible_hostname Squid.david.dev cache_mgr [email protected]
8.3 Configuring the Client
Here can use the DNS service to resolve, here we for convenience, is directly specified in the Hosts file.
Modify the C:\Windows\System32\drivers\etc\hosts file
8.4 Testing Network conditions
8.5 Test Www.squid.dev
8.6 Test Bbs.squid.dev
8.7 Viewing Squid access logs
8.8 Viewing Apache access logs for two servers
# Tailf/var/log/httpd/access.log
The test was successful.
Linux Squid Cache Server
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
