Squid Chinese authoritative guide (2)

Squid Chinese authoritative guide (2)-Linux Enterprise Application-Linux server application information. The following is a detailed description. [I = s] This post was last edited by gary168

Ocal/squid/var/cache
12:57:52 | Loaded Icons.
12:57:52 | Accepting HTTP connections at 0.0.0.0, port 3128, FD 11.
12:57:52 | Accepting ICP messages at 0.0.0.0, port 3130, FD 12.
12:57:52 | WCCP Disabled.
12:57:52 | Ready to serve reques

If you see an error message, you should first correct it. Check the first few lines of output information to find the warning information. The most common errors are file/directory licensing and configuration file syntax errors. If you see an error message that does not attract attention, see the suggestions and information about squid troubleshooting in chapter 16. If not, check the squid FAQ or find the email list to get an explanation.

Once you see the "Ready to serve requests" message, you can use HTTP requests to test squid. Configure your browser to use squid as the proxy and then open a web page. If squid works properly, the page is quickly loaded, just as if squid is not used. In addition, you can use the squidclient program, which is released with squid:
% Squidclient http://www.squid-cache.org/

If it works normally, the html file of the squid homepage will scroll in your terminal window. Once you confirm that squid is working properly, you can interrupt the squid process (for example, ctrl-c) and run squid in the background.


5.5 run squid as a service process

Normally, you want to run the squid process (not in the terminal window ). The easiest way is to simply execute the following command:
% Squid? S

The-s option causes squid to write important status and warning information to syslogd. Squid uses the LOCAL4 device and LOG_WARNING and LOG_NOTICE priority. The syslog process may or will not record squid messages, depending on how it is configured. The same message is written into the cache. log file, so it is safe to ignore the-s option if you want.

When you do not use the-N option to start squid, squid automatically runs in the background and creates a parent/child process pair. The sub-process does all the actual work. The parent process confirms that the child process is always running. In this way, if the child process stops unexpectedly, the parent process starts another child process to make squid work normally. By observing syslog messages, you can see the interaction between parent and child processes.
Jul 31 14:58:35 zapp squid [294]: Squid Parent: child process 296 started

The parent process ID is 294 and the child process is 296. When you view the ps output, you can see that the sub-process appears in the form of (squid:
% Ps ax | grep squid
294 ?? Is 0: 00. 01 squid-sD
296 ?? S 0: 00. 27 (squid)-sD (squid)

If the squid process stops unexpectedly, the parent process starts another one. For example:
Jul 31 15:02:53 zapp squid [294]: Squid Parent: child process 296 exited due to signal 6
Jul 31 15:02:56 zapp squid [294]: Squid Parent: child process 359 started

In some cases, the squid sub-process may terminate immediately. To prevent frequent start processes, if the child process does not run for at least 10 seconds for five consecutive times, the parent process will give up.
Jul 31 15:13:48 zapp squid [455]: Squid Parent: child process 474 exited with status 1
Jul 31 15:13:48 zapp squid [455]: Exiting due to repeated, frequent failures

If this happens, check syslog and squid cache. log to find the error.


5.5.1 squid_start script

When squid is run later, it looks for the file named squid_start under the squid execution program directory. If it is found that the program is executed before the parent process creates a child process. You can use this script to complete specific management tasks, such as notifying someone squid to be running and managing log files. Squid does not create sub-processes unless the squid_start program exists.

The squid_start script starts work only when you start squid using an absolute or relative path. In other words, squid does not use the PATH environment variable to locate squid_start. In this way, you should get used to starting squid as follows:
%/Usr/local/squid/sbin/squid? SD

Instead:
% Squid? SD


5.6 Startup Script

Usually you want squid to automatically start after each computer restart. For different operating systems, how their startup scripts work is also very different. I will describe some general environments here, but you may have special solutions for your own special operating systems.


5.6.1/etc/rc. local

One of the easiest mechanisms is the/etc/rc. local script. This is a simple shell script that runs as root every time the system is started. It is very easy to use this script to start squid. Add a line as follows:
/Usr/local/squid/sbin/squid? S

Of course, your installation location may be different, and you may want to use other command line options. Do not use the-N option here.

For some reason, if you do not use the cache_inclutive_user command, you can try to use su to run squid as a non-root User:
/Usr/bin/su nobody-C'/usr/local/squid/sbin/squid-S'


5.6.2 init. d and rc. d

The init. d and rc. d mechanisms use independent shell scripts to start different services. These scripts are usually in the following directory:/sbin/init. d,/etc/init. d,/usr/local/etc/rc. d. A script usually obtains a single command line parameter, which is start or stop. Some systems only use the start parameter. The following is the BASIC script for starting squid:
#! /Bin/sh
# This script starts and stops Squid
Case "" in
Start)
/Usr/local/squid/sbin/squid-s
Echo-n 'squid'
;;
Stop)
/Usr/local/squid/sbin/squid-k shutdown
;;
Esac

Linux users may need to set file descriptor restrictions before starting squid. For example:
Echo 8192>/proc/sys/fs/file-max
Limit-HSn 8192

To use this script, first find the directory where the script is stored. Give it a meaningful name, similar to other system startup scripts. It can be S98squid or squid. sh. Restart the computer to test the script, instead of imagining that it will work normally.


5.6.3/etc/inittab

Some Operating Systems Support another mechanism: the/etc/inittab file. In these systems, the init process starts and stops services based on the running level. The typical inittab interface is similar to this:
Sq: 2345: once:/usr/local/squid/sbin/squid? S

With this interface, the init process starts squid once and then forgets it. Squid confirms that it resides in the running status, as described above. Or, you can do this:
Sq: 2345: respawn:/usr/local/squid/sbin/squid? Ns

Here we use the respawn option. If the process does not have init, the squid will be restarted. If respawn is used, make sure to use the-N option.

After editing the inittab file, run the following command to make init re-read its configuration file and start squid:
# Init q


5.7 chroot environment

Some people prefer to run squid in the chroot environment. This is a unix function that gives the process a new root file system directory. Squid provides an additional level of security protection when it is under security threat. If the attacker obtains access to the operating system through squid to some extent, she can only access files in the chroot file system. She cannot access system files outside the chroot tree.

The easiest way to run squid in the chroot environment is to specify the new root directory in the squid. conf file, as shown below:
Chroot/new/root/directory

The Super User permission is required for chroot () system calls, so you must start squid with root.

The chroot environment is not prepared for beginners of unix. It is a little troublesome, because you must repeat a large number of files in the new root directory. For example, if the default configuration file is in/usr/local/squid/etc/squid normally. conf, and you use the chroot command, the file must be located in/new/root/directory/usr/local/squid/etc/squid. conf. you must copy all files in $ prefix/etc, $ prefix/share, and $ prefix/libexec to the chroot directory. Make sure that the $ prefix/var and cache directories exist and are writable In the chroot directory.

Similarly, your operating system needs to put a large number of files in the chroot directory, such as/etc/resolv. conf and/dev/null. if you use an external Helper Program, such as The redirector (see chapter 11) or the validator (See Chapter 12), you also need some shared libraries from/usr/lib. You can use the ldd tool to find the shared libraries required by a given program:
% Ldd/usr/local/squid/libexec/ncsa_auth
/Usr/local/squid/libexec/ncsa_auth: