RedHat Squid Web Cache installation Configuration

ArticleDirectory

• I. Software Packages

I. Software Packages

A) squid-2.6.STABLE6.tar.bz2

Ii. Installation Steps

A. Tar jxvf squid-2.6.STABLE6.tar.bz2

B)./configure -- prefix =/usr/local/squid -- localstatedir =/var/log/squid -- sysconfdir =/etc -- enable-async-io

C) make

D) make install

E) CD/usr/local/squid/etc

F) mV squid. conf squid. conf. Bak

G) VI squid. conf

# Visible_hostname www.gxpx.com

Http_port 211.71.189.190: 80 vhost vport

# Http_port 81 vhost

Visible_hostname www.gxpx.com

# Xx. xx is the IP address of this server.

Icp_port 0

Cache_mem 400 mb

# Set the memory used by squid to 400 mb, which varies from person to person

Cache_swap_low 90

Cache_swap_high 95

Maximum_object_size 20000 KB

# Maximum cached file size. If this value is exceeded, the file is not cached. This value varies from person to person.

Maximum_object_size_in_memory 4096 KB

Cache_dir ufs/var/log/squid/cache 10000 16 256

# Disk cache type and directory, size, level 1 and level 2 Directory settings. Here the disk cache size is 10 GB

Cache_store_log none

# This setting does not record store. Log

Emulate_httpd_log on

# Enable the emulate_httpd_log option, so that squid will follow the log format of aapche.

Logformat combined %> A % UI % UN [% TL] "% RM % Ru HTTP/% RV" % hs % <ST "% {Referer}> H" "% {user -Agent}> H "% SS: % sh

# Setting the log format combined

Pid_filename/var/log/squid. PID

Cache_log/var/log/squid/cache. Log

Access_log/var/log/squid/access. Log combined

# Here is the location of the PID and log file, which varies from person to person, and the log format is combined. AWStats can directly call and analyze

ACL all SRC 0.0.0.0/0.0.0.0

ACL safe_ports port 80

ACL query urlpath_regex cgi-bin. php. cgi. Avi. wmv. rm. Ram. mpg. MPEG. Zip. exe

Cache deny Query

# Set directories or file types that do not want to be cached

# ACL picurl url_regex-I \. BMP $ \. PNG $ \. jpg $ \. gif $ \. JPEG $

# ACL mystie1 referer_regex-I aaa

# Http_access allow mystie1 picurl

# ACL mystie2 referer_regex-I bbb

# Http_access allow mystie2 picurl

# Set anti-image leeching. AAA and BBB are the virtual host domain names respectively. Referer must contain AAA or BBB domain names to access images.

# ACL nullref referer_regex-I ^ $

# Http_access allow nullref

# ACL hasref referer_regex-I. +

# Http_access deny hasref picurl

# Allow direct access to images and deny access to images without AAA or BBB in Referer

Cache_peer 211.71.189.190 parent 81 0 no-query originserver name = WWW

Http_access deny! Safe_ports

Http_access allow all

Cache_peer_access WWW allow all

Cache_mgr gxpx@ceat.edu

# Xx. XX. XX. XX is the IP address of the local server, and 81 is the Apache port. If your VM has a directory protected by a user name and password, login = pass must be set; otherwise, authentication will fail.

Cache_inclutive_user nobody

Cache_inclutive_group nobody

# User group and user name used by squid

H) CD/var/log/squid

I) chown-r nobody: Nobody/var/log/squid

J) chmod 666/var/log/squid

K) vi/usr/local/Apache/CONF/httpd. conf

Namevirtualhost 211.71.189.190: 81

<Virtualhost 211.71.189.190: 81>

Serveradmin gxpx@ceat.edu

DocumentRoot/usr/local/Apache/htdocs/

Servername gxpx.com

Serveralias www.gxpx.com

# ScriptAlias/cgi-bin/"/home/AAA/cgi-bin /"

<Directory/>

Options shortdes followsymlinks

AllowOverride all

</Directory>

</Virtualhost>

L)/usr/local/Apache/bin/apachectl-T

M)/usr/local/Apache/bin/apachectl-K stop

N)/usr/local/Apache/bin/apachectl-K start

O)/usr/local/squid/sbin/squid-Z // The First Time squid is run, the cache is created first.

P) echo "65535">/proc/sys/fs/file-max
Ulimit-HSN 65535
/Usr/local/squid/sbin/squid // start squid

Q) visit the website http: // 211.71.189.190/shlevod2/index. php

R) check whether the cache is used

S) CAT/var/log/squid/access. log | grep tcp_mem_hit

Iii. Related commands

A)/usr/local/squid/sbin/squid-S

B)/usr/local/squid/sbin/squid-K shutdown // close squid

C)/usr/local/squid/sbin/squid-K reconfigure // reload the squid Configuration

D) vi/etc/rc. d/rc. Local

E)/usr/local/squid/sbin/squid-S

F) view your log document.
# More/usr/local/squid/var/logs/access. log | grep tcp_mem_hit
This command shows that some files are cached into the memory by squid during squid operation and returned to the access user.
# More/usr/local/squid/var/logs/access. log | grep tcp_hit
This command shows that during the squid operation, the files are cached by squid into the cache directory and returned to the access user.
# More/usr/local/squid/var/logs/access. log | grep tcp_miss
This command shows that some files are not cached by squid during squid operation, but are retrieved from the original server and returned to the accessed user.

G) squid-K rotate the squid log file/var/log/squid, Squid Proxy Server Log File
The increase speed is amazing, it is easy to take a penalty full disk space, resulting in the system not working properly, or even a crash. to solve the problem that log files are growing too fast, squid adopts the "rotation" method. in squid. in Conf, you can use logfile_rotate to set the number of file rotations, for example:
Logfile_rotate 10. Generally, the crontab timer is used to rotate logs cyclically. For example, to rotate logs at every Saturday, run the following command: crontab-e.
0 2 ** 6 squid-K rotate
Tip: the default error message of squid is English. It is inconvenient for users with poor English. Add the following in/etc/squid. conf:
Error_directory/usr/share/squid/errors/simplify_chinese to display Chinese error messages

H) #/usr/local/squid/sbin/squid-K parse
You can use this test command to verify the syntax and configuration of squid. conf.

Iv. related parameter values

For HTTP requests, the following tags may appear in the fourth domain of the access. log file.

Tcp_hit

Squid finds that the requested resource looks like a fresh copy and sends it to the client immediately.

Tcp_miss

Squid does not request the cache copy of the resource.

Tcp_refresh_hit

Squid finds that the requested resource looks obsolete and sends a confirmation request to the original server. The original server returns the 304 (unmodified) response, indicating that the copy of squid is still fresh.

Tcp_ref_fail_hit

Squid finds that the requested resource looks obsolete and sends a confirmation request to the original server. However, the response of the original server fails, or the response squid returned cannot be understood. In this case, squid sends an existing cache copy (probably outdated) to the client.

Tcp_refresh_miss

Squid finds that the requested resource looks obsolete and sends a confirmation request to the original server. The original server responds to new content, indicating that the cache copy is indeed outdated.

Tcp_client_refresh_miss

Squid finds a copy of the requested resource, but the client's request contains the cache-control: No-Cache command. Squid forwards client requests to the original server and forces the cache to confirm.

Tcp_ims_hit

When the client sends a confirmation request, squid finds a more recent and seemingly fresh copy of the request resource. Squid sends the updated content to the client without contacting the original server.

Tcp_swapfail_miss

Squid finds a valid copy of the requested resource, but fails to load it from the disk. At this time, squid sends the request to the original server, just as it is a cache loss.

Tcp_negative_hit

Squid also caches the response when an HTTP Error is caused by a request to the original server. Repeated requests to these resources within a short time lead to no hits.
The negative_ttl command controls the time when these errors are cached. Note that these errors are only in the memory cache and are not written to the disk. The following HTTP status codes may cause negative
Cache (also subject to other constraints): 204,305,400,403,404,405,414,500,501,502,503,
504.

Tcp_mem_hit

Squid finds a valid copy of the requested resource in the memory cache and sends it to the client immediately. Note that this does not accurately present the responses of all slave memory services. For example, some caches are stored in the memory, but the response that requires confirmation is recorded in the form of tcp_refresh_hit and tcp_refresh_miss.

Tcp_denied

The client request is rejected because of the http_access or http_reply_access rules. Note that the value of a request rejected by http_access in the 9th domain is none/-. However, for a request rejected by http_reply_access, there is a valid value in the corresponding area.

Tcp_offline_hit

When offline_mode is activated, squid returns a cache hit for any cache response, regardless of its freshness.

Tcp_redirect

RedirectionProgramTells squid to generate an HTTP redirect to the new uri (see section 11.1 ). Normally, squid does not record these redirects. To do this, you must manually define the log_tcp_redirects preprocessing command before compiling squid.

None

Unclassified results are used for specific errors, such as invalid host names.

For an ICP query, the following tags may appear in the fourth domain of the access. log file.

Udp_hit

Squid finds a fresh copy of the requested resource in the cache.

Udp_miss

Squid does not find a fresh copy of the requested resource in the cache. If the same target uses an HTTP request, the cache may be lost. Compare udp_miss_nofetch.

Udp_miss_nofetch

Similar to udp_miss, the difference is that squid is unwilling to process the corresponding HTTP request. If the-y command line option is used, squid returns this label instead of udp_miss when starting and compiling its memory index.

Udp_denied

Because of the icp_access rule, the ICP query is denied. If over 95% of the ICP responses to a client are udp_denied and the client database is activated (see appendix A), squid stops sending any ICP responses to the client within one hour. If this happens, you can also see a warning in cache. log.

Udp_invalid

Squid receives invalid queries (such as truncated messages, invalid protocol versions, and spaces in URIs ). Squid sends a udp_invalid response to the client.