Squid Service Setup

Squid configuration
1. What is squid
Squid can do proxies or cache.
Squid caching not only saves valuable bandwidth resources, but also greatly reduces the server's I/O.
Squid can not only do the forward proxy, but also can do reverse proxy.
Forward agent, squid behind is the client, the client to the Internet through squid to go on (agent is the client); reverse proxy, squid behind the server, the server returned to the user data need to go squid (proxy is the service side).
Positive agents used in the enterprise's office environment, employees need to access the Internet through Squid agent to the Internet, which can save network bandwidth resources. And the reverse proxy is used to build the site static items (images, HTML, streaming media, JS, CSS, etc.) cache server, which is used in the site architecture.

2. Build Squid forward Agent
Official website for http://www.squid-cache.org/
Yum install-y Squid
Squid-v viewing versions and compiling parameters
>/etc/squid/squid.conf
Vim/etc/squid/squid.conf
Add the following configuration
Http_port 3128
ACL manager Proto Cache_object
ACL localhost src 127.0.0.1/32:: 1
ACL to_localhost DST 127.0.0.0/8 0.0.0.0/32:: 1
ACL localnet src 10.0.0.0/8 # RFC1918 possible Internal network
ACL localnet src 172.16.0.0/12 # RFC1918 possible Internal network
ACL localnet src 192.168.0.0/16 # RFC1918 possible Internal network
ACL ssl_ports port 443
ACL safe_ports Port 8080 # http
ACL safe_ports Port # FTP
ACL safe_ports Port 443 # HTTPS
ACL Connect method Connect
Http_access allow manager localhost
Http_access Deny Manager
Http_access Deny! Safe_ports
Http_access Deny CONNECT! Ssl_ports
Http_access Allow LocalNet
http_access allow localhost
Http_access Allow all
Cache_dir Aufs/data/cache 1024 16 256 Cache directory
Cache_mem MB Cache Memory recommendation is not to exceed 1/3 of the memory.
Hierarchy_stoplist Cgi-bin?
Coredump_dir/var/spool/squid
Refresh_pattern ^ftp:1440 20% 10080
Refresh_pattern ^gopher:1440 0% 1440
Refresh_pattern-i (/cgi-bin/|\?) 0 0% 0
Refresh_pattern \. (jpg|png|gif|mp3|xml) 1440 50% 2880 ignore-reload
Refresh_pattern. 0 20% 4320

Mkdir/data/cache #创建缓存目录
Chown-r Squid:squid/data/cache #更改权限
Squid-kcheck #可以检测配置文件是否有错

/etc/init.d/squid start
Squid-k Rec (squid-kreconfigure) #可以重新加载配置
Service Squid Restart #启动squid服务

The above is squid simple forward proxy building, you can edit the Internet Explorer options bar input IP and port, test access to the site. Or use another Linux machine to do the test, of course, the use of this machine can also be tested.

Test: curl-xlocalhost:3128 www.qq.com

Test the Squid cache:
Access pictures, test cache: Curl-xlocalhost:3128-i ' http://pic.cnblogs.com/avatar/924072/20160329165941.png '

At this point we find that MISS from Localhost.localdomain, we are on a visit, and this is

X-cache:hit from Localhost.localdomain, which indicates that the cache was successful.

Two

Restrict certain domain names from being accessed by proxy, or simply to proxy a few domain names.
vim/etc/squid/squid.conf #设置域名黑名单 (white list similar)

ACL http Proto http
ACL Good_domain dstdomain. baidu.com
Http_access Allow HTTP Good_domain
Http_access deny HTTP!good_domain
Test curl-xlocalhost:3128 Www.qq.com-I #403
Test curl-xlocalhost:3128 Www.baidu.com-I #200


3. Build Squid Reverse Proxy
Vim/etc/squid/squid.conf #如下变更
Http_port 3128 Change to Http_port Accel Vhost Vport
The following additions are added:
Cache_peer 101.226.103.106 Parent 0 originserver Name=a
Cache_peer 115.239.211.112 Parent 0 originserver Name=b
Cache_peer_domain a www.qq.com
Cache_peer_domain b www.baidu.com
Remove the previously added domain name White/blacklist-related configuration
If it is squid to proxy all the domain names on the web, then write this: Cache_peer 192.168.10.111 parent 0 originserver #只需要这一行, Cache_peer_domain can be omitted
/etc/init.d/squid restart
Test:

curl-xlocahost:80 Www.qq.com-I #200

curl-xlocalhost:80 Www.baiduc.om-I #200

CURL-XLOCALHOST:80 www.xinlang.com # 503

Squid Service Setup