Squid + apache for cache Acceleration
In this example, squid and apache are on the same machine. squid acts as the frontend reverse proxy, port 80, apache acts as the backend web, and port 81.
Server ip: 172.16.8.102
1. first, we will introduce the next version selection. Before testing, we must select a suitable squid version. Here we recommend 2.7, which features similar to 2.6 but better supports http1.1, there are also many features of version 3.0 and later.
2. Install squid2.7
Cd/usr/local/src
Tar-zxvf squid-2.7.STABLE9.tar.gz
Cd squid-2.7.STABLE9
. /Configure-prefix =/usr/local/squid2.7-enable-xmalloc-statistics -- enable-async-io = 320 -- with-maxfd = 65536-enable-useragent-log-enable- referer-log-enable-epoll-disable-poll-enable-large-cache-files-disable-internal-dns-enable-linux-netfilter-enable-truncate-enable-x- accelerator-vary-enable-follow-x-forwarded-for-with-large-files-with-pthreads-enable-storeio = "aufs, coss, diskd, ufs "-enable-kill-parent-hack-enable-gnuregex-enable-cache-digests-enable-delay-pools-enable-stacktraces-enable-default-err-language = Simplify_Chinese -enable-err-extensions ages = "Simplify_Chinese English" -- enable-auth = "basic" -- enable-basic-auth-helpers = "NCSA" -- enable-snmp
Make & make install
3. Create a suqid user
Useradd squid
4. Create a directory
Cd/data
Mkdir-p squid/cache
Chown-R squid. squid
5. Create a log directory
Cd/var/log
Mkdir cache
5. Configure squid. conf
Cd/usr/local/squid2.7
Vim squid. conf
Acl all src all
Acl manager proto cache_object
Acl localhost src 127.0.0.1/32
Acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
Acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
Acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
Acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
Acl SSL_ports port 443
Acl Safe_ports port 80 # http
Acl Safe_ports port 81 # http
Acl Safe_ports port 3128 # http
Acl Safe_ports port 8080 # http
Acl Safe_ports port 21 # ftp
Acl Safe_ports port 443 # https
Acl Safe_ports port 70 # gopher
Acl Safe_ports port 210 # wais
Acl Safe_ports port 1025-65535 # unregistered ports
Acl Safe_ports port 280 # http-mgmt
Acl Safe_ports port 488 # gss-http
Acl Safe_ports port 591 # filemaker
Acl Safe_ports port 777 # multiling http
Acl CONNECT method CONNECT
Http_access allow manager localhost localnet
Http_access deny! Safe_ports
Http_access deny CONNECT! SSL_ports
Http_access allow all
Icp_access allow localnet
Icp_access deny all
Http_port 80 accel vhost vport
Cache_peer 127.0.0.1 parent 81 0 no-query originserver name = test
Cache_peer_access test allow all
Hierarchy_stoplist cgi-bin?
Cache_mem 1024 MB
Maximum_object_size_in_memory 6 MB
Memory_replacement_policy lru
Cache_replacement_policy lru
Cache_dir ufs/data/squid/cache 1024 16 256
Maximum_object_size 6 MB
Cache_swap_low 90
Cache_swap_high 95
Access_log/var/log/squid/access. log
Cache_log/var/log/squid/cache. log
Refresh_pattern ^ftp: 144020% 10080
Refresh_pattern ^ gopher: 14400% 1440
Refresh_pattern-I (/cgi-bin/| \?) 0 0% 0
Refresh_pattern \. (jpg | png | gif | mp3 | xml | html | htm | css | js | aspx) 1440 50% 2880 ignore-reload
Refresh_pattern. 020% 4320
Acl shoutcast rep_header X-HTTP09-First-Line ^ ICY. [0-9]
Cache_vary on
Acl apache rep_header Server ^ Apache
Broken_vary_encoding allow all
Cache_inclutive_user squid
Cache_paitive_group squid
Visible_hostname 172.16.8.102
Icp_port 0
Reload_assist_ims on
Coredump_dir/usr/local/squid2.7/var/cache
Description of the changed parameters:
(1) acl Safe_ports port 81 # http
Acl Safe_ports port 3128 # http
Acl Safe_ports port 8080 # http
The port that can be accessed is defined here, because http_access deny! Safe_ports, as long as the port does not appear in Safe_ports, will be limited, this can be determined according to the actual situation.
(2) http_access allow all
Here, I define that all ip addresses can access squid, which is also used in the test environment. If it is an online application, set access restrictions accordingly.
(3) http_port 80 accel vhost vport
Define the port used to access squid.
If accel vhost vport is not added, your squid is used as a cache server by default. In this case, if a client sends a request to squid, squid forwards the request through the routing function, received by the Real web server, and the web server returns a response. When squid receives a response, it determines whether to cache the response header. squid is only a cache server.
If accel vhost vport is added, your squidsquid is changed from a cache server to a web server. At this time, squid listens for requests on port 80, at the same time, it is bound to the request port (vhost vport) of the web server. At this time, squid is requested. squid does not need to forward the request, instead, you can directly request data either from the cache or from the bound port. In addition, binding ports also offers the advantage of making full use of the expiration time header and etag header in the http Response Header.
Cache_peer 127.0.0.1 parent 81 0 no-query originserver name = test
Backend proxy port 81, port 81 is apache; no-query is not used for query and data is directly obtained; orginserver represents the source server; name defines the name of the backend proxy and can control the acl
(4) cache_mem 1024 MB
Set the memory used
Maximum_object_size_in_memory 6 MB
Sets the maximum memory occupied by cached objects.
Memory_replacement_policy lru
Cache_replacement_policy lru
Replacement Mechanism
Cache_dir ufs/data/squid/cache 1024 16 256
The cache directory size should be no less than cache_mem
Maximum_object_size 6 MB
Maximum single cache object
(5) access_log/var/log/squid/access. log
Cache_log/var/log/squid/cache. log
Set the squid log directory and pay attention to the log permissions. Otherwise, squid may fail to start.
(6) refresh_pattern \. (jpg | png | gif | mp3 | xml | html | htm | css | js | aspx) 1440 50% 2880 ignore-reload
Set the cache duration for files with suffixes such as jpg.
(7) cache_vary on
If you find that the squid cache hit rate is very low, even if you adjust refresh_pattern and maximum_object_size_in_memory, it is useless to increase the memory usage; Use cachemgr. in-Memory and In-Transit Objects In cgi statistics tools, we found that HTML/js/css not_in_memory and jpg/png and other images were cached, this parameter may be off.
This is because apache returns a vary: Accept-encoding in the response header, squid needs to use the value of the Accept-encoding field (gzip, deflate, and so on) in the "Browser" request header as part of the cache key when storing the cached file, therefore, different values of the Accept-encoding field must be stored. (There is a space difference in the Accept-encoding field value in the Request Header of IE and firefox. next time
When sending a request to squid, You need to first find the index file of the cache file, and then find the corresponding cache file based on the different Accep-encoding values in the index file. Cache vary off, so after gzip compression, all files containing the vary header will not be cached, so there is no impact on the cache policy, and jpg is originally compressed, excluding vary, it will naturally be cached.
(8) cache_inclutive_user squid
Cache_paitive_group squid
Set squid users and groups
(9) icp_port 0
Disable the icp neighbor. You can change this parameter if you want to use the squid cluster.
(10) reload_assist_ims on
With this global parameter enabled, no-cache sent from the client can be converted to If-Modified-Since for processing.
This parameter settings, you can refer to this blog http://blog.sina.com.cn/s/blog_56d8ea9001018xev.html
(11) hierarchy_stoplist cgi-bin?
This is the default parameter. Any request containing a question mark or cgi-bin string matches this list and becomes non-cascade.
Squid internally marks each client request as cascade or not cascade. Requests that cannot be stacked do not seem to cause cache hits. For example, the POST request response is almost never cached. When squid can easily connect to the original server, it is a waste of resources to forward requests that cannot be cached to the neighbor cache.
Some rules that distinguish between cascade and non-cascade requests are difficult to encode in squid. For example, the POST and PUT methods cannot always be stacked. However, the hierarchy_stoplist command allows you to customize this algorithm. It contains a string list. When they are found in the URI, squid marks the request as not cascade.
After changing the configuration file, you can initialize the cache directory and start squid.
/Usr/local/squid2.7/sbin/squid-z
/Usr/local/squid2.7/sbin/squid
Lsof-I: 80
Command pid user fd type device size/OFF NODE NAME
Squid 1399 squid 17u IPv4 9965038 0t0 TCP *: http (LISTEN)
Indicates that the instance is successfully started. If the instance is not successfully started, check the configuration file.
6. cachemgr. cgi statistical tool
Vim/usr/local/squid2.7/etc/cachemgr. conf
Localhost: 80
Port 80 is the http_port of squid
Cd/var/www/html
Mkdir squid/cgi-bin
Cp/usr/local/squid2.7/libexec/cachemgr. cgi/var/www/html/squid/cgi-bin
Set the corresponding access in apache
Vim/etc/httpd/conf. d/squid. conf
ScriptAlias/squid/cgi-bin/cachemgr. cgi/usr/local/squid2.7/libexec/cachemgr. cgi
# Only allow access from localhost by default
Order allow, deny
# Allow from localhost. localdomain
Allow from all
# Add additional allowed hosts as needed
# Allow from .example.com
Service httpd restart makes the configuration file take effect.
Because Apache uses port 81, we can directly access it through port 81.
Http: // 172.16.8.102: 81/squid/cgi-bin/cachemgr. cgi
Because we do not set the user name and password for direct access, but must be set to apply online.
7. apache configuration
I am directly using a test site for Website access configuration. I will not introduce it too much here. But here we will introduce the mod_expoires module of apache. This module can reduce repeated requests by about 10%, so that duplicate users can CACHE the specified page request results locally, no request is sent to the server.
Check that the mod_expires module is installed in apache. Therefore, you only need to configure it in/etc/httpd/conf. d/mod_expires.conf.
Vim/etc/httpd/conf. d/mod_expires.conf
ExpiresActive On
ExpiresDefault "access plus 12 hours"
ExpiresByType text/html "access plus 3 days"
ExpiresByType text/plain "access plus 3 days"
ExpiresByType text/css "access plus 7 days"
ExpiresByType image/gif "access plus 30 days"
ExpiresByType image/png "access plus 30 days"
ExpiresByType image/jpeg "access plus 30 days"
ExpiresByType image/jpg "access plus 30 days"
ExpiresByType image/x-icon "access plus 30 days"
ExpiresByType video/x-flv "access plus 30 days"
ExpiresByType application/x-shockwave-flash "access plus 30 days"
All files that can be cached are set to 12 hours by default, and files of the text, image, and video types are reset to the corresponding cache time.
After the configuration is complete, you can use service httpd restart.
Finally, we access the test and check that the cache hits.