Proxy Server English full name is proxy server, its function is proxy network users to obtain network information.
Squid is a software that caches Internet data, receives a user's download request, and automatically processes the downloaded data. When a user wants to download a homepage, they can send a request to squid to download it instead, then squid connects to the requested website and requests the homepage, and then passes the page to the user while keeping a backup, and when other users apply for the same page, squid The saved backups are immediately passed on to the user, making the user feel quite fast. Squid can proxy http, FTP, GOPHER, SSL and WAIS protocols and squid can be processed automatically, you can set the squid according to their own needs, so that they filter out the unwanted things.
First, the work flow
When there is data required by the client in the proxy server:
1) The client sends the data request to the proxy server;
2) The proxy server checks its own data cache;
3) The proxy server finds the user's desired data in the cache and extracts the data;
4) The proxy server returns the data obtained from the cache to the client.
When there is no data required by the client in the proxy server:
1) The client sends the data request to the proxy server;
2) The proxy server checks its own data cache;
3) The proxy server does not find the data that the user wants in the cache;
4) The proxy server sends data requests to remote servers on the Internet;
5) The remote server responds and returns the corresponding data;
6) The proxy server obtains data from the remote server, returns it to the client, and retains a copy of the data in its own cache.
Squid Proxy Server works on the application layer of TCP/IP:
Second, Squid classification
Depending on the type of agent, squid agents can be divided into forward agents and reverse proxies.
forward proxy : According to the implementation of the different, but also can be divided into ordinary agents and transparent agents.
1) Ordinary agent: The client needs to specify the address and port of the proxy server in the browser;
2) Transparent proxy: For the Enterprise Gateway Host (shared access to the Internet), the client does not need to specify the proxy server address, port and other information, the proxy server needs to set the firewall policy to transfer the client's Web Access data to the agent service process;
Reverse proxy : Refers to the proxy server to accept the connection request on the Internet, and then forward the request to the server on the internal network, and the results obtained from the server to the Internet to request the connection of the client, when the proxy server appears as a server.
Third, squid agent cache environment deployment process:
1) Turn off SELinux and iptables
[[Email protected]~]# vim/etc/sysconfig/selinux
.......
Selinux=disabled
[[Email protected]~]#/etc/init.d/iptables Stop
2) Check if squid software is installed
[Email protected]~]# rpm-qa|grep Squid
3) If not installed, use Yum to install
[Email protected]~]# yum-y Install squid
4) Set up start-up, automatically run Squid service on 3, 5 level
[Email protected]~]# chkconfig--level squid on
5) Squid Server configuration file description
Squid's main configuration file is/etc/squid/squid.conf, all squid settings are configured in this file, here Squid configuration is as follows:
[[Email protected]~]# vim/etc/squid/squid.conf
Http_port 3128#设置监听的IP与端口号
Cache_mem MB#额外使用内存量, can be set according to your system, generally 1/3 of the actual memory. For example, the memory here is 200M, here the setting of 1/3 is 64MB
Maximum_object_size 4 MB#设置squid磁盘缓存最大文件, files over 4M are not saved to the hard disk
Minimum_object_size 0 KB#设置squid磁盘缓存最小文件
Maximum_object_size_in_memory 4096 KB#设置squid内存缓存最大文件, files over 4M are not saved to memory
Cache_dir UFS/VAR/SPOOL/SQUID 100 16 256#定义squid的cache存放路径, Cache directory capacity (unit m), number of cache directories, level two cache directory
Logformat combined%>a%ui%un [%tl] "%rm%ru http/%rv"%Hs%<st "%{referer}>h" "%{user-agent}>h"%Ss: %sh#log文件日志格式
Access_log/var/log/squid/access.log combined #log文件存放路径和日志格式
Cache_log/var/log/squid/cache.log#设置缓存日志
Logfile_rotate 60#log轮循60天
Cache_swap_high 95#cache目录使用量大于95%, start cleaning up the old cache
Cache_swap_low 90stop at #cache目录清理到90%
ACL localnet src 192.168.1.0/24#定义本地网段
Http_access Allow LocalNet#允许本地网段使用
Http_access Deny All#拒绝所有
Visible_hostname Squid.david.dev#主机名
cache_mgr [email protected]#管理员邮箱
Iv. General Agency Services
The standard, traditional proxy service requires the client to specify the address and port of the proxy server in the browser.
The experimental topology diagram is as follows:
1) Configure Squid proxy server IP address
Modify the IP address of the eth1 to 200.168.10.1
[Email protected]~]# ifconfig eth1 200.168.10.1
2) Edit Squid master configuration file/etc/squid/squid.conf
[[Email protected]~]# vim/etc/squid/squid.conf
Http_port 3128
Cache_mem MB
Maximum_object_size 4 MB
Cache_dir UFS/VAR/SPOOL/SQUID 100 16 256
Access_log/var/log/squid/access.log
ACL localnet src 192.168.1.0/24
Http_access Allow LocalNet
Http_access Deny All
Visible_hostname Squid.david.dev
cache_mgr [email protected]
3) Initialization
[[Email protected]~]# squid–z
4) Start Squid
[[Email protected]~]#/etc/init.d/squid Start
5) Configure the Web server
Installing Apache
[Email protected]~]# rpm-qa|grep httpd
[Email protected]~]# yum-y Install httpd
Launch Apache and join boot boot
[[Email protected]~]#/etc/init.d/httpd Start
[[Email protected]~]# chkconfig httpd on
Create index.html
[Email protected]~]# echo Modify the Web server IP address
Modify the IP address of the Web server to 200.168.10.2
[Email protected]~]# ifconfig eth0 200.168.10.2
6) Configure the client IP address
7) Configure browser proxy
Open the browser (for example in IE, other similar), the Internet Options----LAN settings---proxy server, and so on, menu bar, tools, and so on, in the following format.
8) Testing
V. Transparent Agency SERVICES
The gateway host for the enterprise, the client does not need to specify the proxy server address, port and other information, through Iptables the client's Web Access data to the agent service program processing.
The experimental topology diagram is as follows:
1) Modify Squid Master profile/etc/squid/squid.conf
[[Email protected]~]# vim/etc/squid/squid.conf
Http_port 3128 Transparent
Cache_mem MB
Maximum_object_size 4 MB
Cache_dir UFS/VAR/SPOOL/SQUID 100 16 256
Access_log/var/log/squid/access.log
ACL localnet src 192.168.1.0/24
Http_access Allow LocalNet
Http_access Deny All
Visible_hostname Squid.david.dev
cache_mgr [email protected]
Add the transparent keyword after http_port 3128.
2) Restart Squid service
[Email protected]~]#/etc/init.d/squid Reload
3) Add the iptables rule to redirect the internal HTTP request to port 3128
Start the Iptables service
[[Email protected]~]#/etc/init.d/iptables Start
Purge existing iptables filter table rules
[[Email protected]~]# iptables-f
Save Iptables Settings
[Email protected]~]#/etc/init.d/iptables Save
View NAT table Settings
[Email protected]~]# iptables-t nat-l-N
Add a rule to the NAT table
[[Email protected]~]# iptables-t nat-i prerouting-i eth0-s 192.168.1.0/24-p tcp--dport 80-j REDIRECT--to-port 3128
Save Iptables
[Email protected]~]#/etc/init.d/iptables Save
Set iptables boot up
[[Email protected]~]# chkconfig iptables on
4) Modify the client IP address
Set the default gateway to the intranet IP address of the squid server.
5) in the browser, cancel the proxy settings
6) Testing
Transparent proxy test succeeded.
Six, reverse proxy services
Provides cache acceleration for Internet users to access enterprise Web sites.
The experimental topology diagram is as follows:
1) Turn off the firewall
#/etc/init.d/iptables Stop
2) Modify the Web Server home page
WEB1:
[[Email protected]~] #echo
WEB2:
[Email protected]~]# echo
3) Configure Squid
[[Email protected]~]# vim/etc/squid/squid.conf
Http_port Accel Vhost
Http_access Allow all
Cache_peer 192.168.1.18 Parent 0 originserver Round-robin weight=1
Cache_peer 192.168.1.19 Parent 0 originserver Round-robin weight=1
Visible_hostname Squid.david.dev
cache_mgr [email protected]
4) Start Squid Service (this will cause an error, because the above set up 80 ports, and HTTP port conflict.) Turn off HTTP to successfully start squid here)
[Email protected]~]#/etc/init.d/squid Reload
5) Testing
Squid uses Round-robin, so client access will poll two Web servers with "Ctrl + F5" to refresh the test in depth.
WEB1:
WEB2:
6) View squid's access logs.
Vii. Practical Application
The following experiment will simulate the use of different domain names to access different machines, simple to achieve load balancing in enterprise applications. The client enters Www.squid.dev in the browser address bar, will access 192.168.1.18 this machine, Access Bbs.squid.dev, will access 192.168.1.19 this machine.
The experimental topology diagram is as follows:
1) Modify the Web Server home page
WEB1:
[Email protected]~]# echo
WEB2:
[Email protected]~]# echo
2) Configure Squid
[[Email protected]~]# vim/etc/squid/squid.conf
Http_port Accel Vhost
Http_access Allow all
Cache_peer 192.168.1.18 Parent 0 originserver name=www
Cache_peer 192.168.1.19 Parent 0 originserver Name=bbs
Cache_peer_domain www www.squid.dev
Cache_peer_domain BBS Bbs.squid.dev
Visible_hostname Squid.david.dev
cache_mgr [email protected]
3) Configuring the Client
Here can use the DNS service to resolve, here we for convenience, is directly specified in the Hosts file.
4) test Network conditions
5) Test Www.squid.dev
6) Test Bbs.squid.dev
7) View Squid access log
8) View Apache access logs for both servers
[[Email protected]~]# tailf/var/log/httpd/access.log
The test was successful.
Linux under the Squid Proxy cache service environment deployment