Squid Reverse Proxy

Source: Internet
Author: User



The normal proxy method is a connection request that proxies the internal network user to the server on the Internet, and the client must specify a proxy server and send a connection request that would otherwise be sent directly to the server on the Internet to the proxy server for processing.

The reverse proxy method refers to a proxy server that accepts a connection request on the Internet, then forwards the request to a server on the internal network and returns the results from the server to the client requesting a connection on the Internet, at which point the proxy servers perform a server.


1, Reverse proxy process Description:


Squid as a reverse proxy server, usually working in the front end of a server cluster, in the client's view, squid Server is the server he wants to access, and in practice squid just accept the user's request, while the user request forwarded to the intranet real Web server, If the squid itself has content that the user wants to access, squid will return the content directly to the user without having to go to the backend server to request

2, Squid reverse agent production case

Many large portals, often using squid as the server's reverse cache, improve server access performance, these cache server groups effectively reduce the load on the back-end Web server, and improve access speed, to some extent, protect the back-end Web server.


3, Squid reverse proxy advantages:

1. Save bandwidth (to CDN) and deploy Squid reverse proxy in the machine room, can not save bandwidth

2. Enhance the user experience

3. Relieve server pressure, reduce the pressure of web, storage, database

Company Purchase CDN, Enterprises also need to build squid reverse proxy in the computer room

A: The demand is small, there is a CDN, static business hit 90 or so, so the demand is not big

When it comes time to penetrate CDN requests more than Web services and other storage, the pressure on the database needs to be deployed squid

4, Squid reverse proxy How to get data updates

Squid reverse proxy generally only caches data that can be cached (such as static data such as HTML pages, js,css and images), while some CGI scripts or dynamic programs such as ASP, JSP, PHP are not cached by default, it buffers static pages based on the HTTP header tags returned from the Web server. There are four important HTTP header tags.


Last-modified: Tell the Reverse proxy page what time is changed;

Expries: Tell the Reverse proxy page what time it should be removed from the buffer

Cache-control: Tells the direction proxy page should be cached;

Pragma: Used to include implementation-specific instructions, most commonly pragma:no-cache


Priority comparison (No-cache,expries,max-age) reference

Experience: cache-control:no-cache>expries>refresh_pattern>last-modified in squid. Test the front of the most important, the front of the failure, the basic of the latter is also invalid.



Also install a Web server as the source station. Also known as RS

Web server IP is 10.0.0.4 port.

Yum install httpd*/etc/init.d/iptables stop/etc/init.d/httpd startnetstat -lnt|grep  80lsof -i :80echo 111>/var/www/html/index.html======================================== ============================[[email protected] html]# ps -ef |grep httproot       1798     1  0 14:47 ?         00:00:00 /usr/sbin/httpdapache    1800   1798  0 14:47 ?        00:00:00 / usr/sbin/httpdapache    1801  1798  0 14:47 ?         00:00:00 /usr/sbin/httpdapache    1802   1798  0 14:47 ?        00:00:00 /usr/ sbin/httpdapache    1803  1798  0 14:47 ?         00:00:00 /usr/sbin/httpdapache    1804  1798  0 14:47 ?         00:00:00 /usr/sbin/httpdapache     1805  1798  0 14:47 ?        00:00:00  /usr/sbin/httpdapache    1806  1798  0 14:47 ?         00:00:00 /usr/sbin/httpdapache    1807   1798  0 14:47 ?        00:00:00 / usr/sbin/httpdroot      1811  1743  0 14:49 pts/0     00:00:00 grep http[[email protected] html]# netstat - lntup|grep 80tcp        0      0 :::80                         :::*                          LISTEN      1798/httpd           [[email protected] html]# lsof -i  :80command  pid   user   fd   type device  size/off node namehttpd   1798   root    4u   IPv6  19044      0t0  TCP *:http  ( LISTEN) httpd   1800 apache    4u  ipv6  19044       0t0  tcp *:http  (LISTEN) httpd   1801 apache    4u   IPv6  19044      0t0  TCP *:http  ( LISTEN) httpd   1802 apache    4u  ipv6  19044       0t0  TCP *:http  (LISTEN) httpd   1803  apache    4u  ipv6  19044      0t0   TCP *:http  (LISTEN) httpd   1804 apache    4u   IPv6  19044      0t0  TCP *:http  ( LISTEN) httpd   1805 apache    4u  ipv6  19044       0t0  TCP *:http  (LISTEN) httpd   1806  apache    4u  ipv6  19044      0t0  tcp *:http  ( LISTEN) httpd   1807 apache    4u  ipv6  19044       0t0  TCP *:http  (LISTEN) [[email protected]  html]#[[email protected] html]# curl 10.0.0.4111[[email protected] html]#======= =============================================================

Check the client open to see if it is correct

Upload 3 images to a Web site with a suffix JPG image

[[email protected] html]# ls1.jpg 1.png 2.jpg 3.jpg index.html k2.png keep1.png na1.png na2.png[[email protected] html]# http://10.0.0.4/1.jpg http://10.0.0.4/2.jpg http://10.0.0.4/3.jpg



In Squid server (ip:10.0.0.3), set squid.conf

#首先设置squid支持虚拟主机模式host_port  8000 accel vhost vport    # #加速模式  # Set Squid Run user cache_effective_user squidcache_effective_group squid# settings to where the Web does direction proxy cache_peer  imag1.lvnian.org      parent 80 0 no-query no-digest  max-conn=32 originserver#cache_peer vi.gis.cttic.cn      parent   80 0 no-query no-digest max-conn 32 originserve  # Set the cache directory (squid eat without eating file system type, cache directory, directory size MByte, number of files in the first-level directory, number of second-level folders) cache_dir ufs /app/squid/cache 10000  16 256      cache_mem 128 mb# This is an optimization option that increases the memory value in favor of caching. It should be noted that:   generally if the system has memory, set the value to (n/) 3M. Now it's 3g , so here 1gcache_swap_low 90           .         #最小允许使用swap  90%cache_swap_high 95                   #最多允许使用swap  95%maximum_object_size  8192 KB         #设置缓存在硬盘上的文件的最大大小minimum_object_size  0  KB             #设置缓存在硬盘上的文件的最小大小maximum_ object_size_in_memory 4096 kb# setting the size of the file that is cached in memory emulate_httpd_log on# will cause squid to create access records in the format of the Web server. If you want to use memory_replacement_policy lru        #缓存算法, keep the most recently used             #设置这些方向代理的ACL to avoid squid being used as a proxy by malicious users  acl my_allow_domain_ list dstdomain imag1.lvnian.org  #acl  my_allow_domain_list dstdomain  vi.gis.cttic.cn  #只允许我们定义的域名my_allow_domain_list  cache_peer_access imag1.lvnian.org  vi.gis.cttic.cn   #设置缓存过期时间refresh_pattern  -i \.jpg$ 30 50% 4320  Reload-into-imsrefresh_pattern -i \.png$ 30 50% 4320 reload-into-imsrefresh_pattern -i \.gif$ 30 50% 4320  reload-into-ims above means: If a response resides in the cache for no more than this 30 minute minimum limit, then he will not expire, similar to a maximum limit of 4,320 minutes is the maximum time limit of survival response, If a response resides in your cache that is actually above the maximum limit, then it must be refreshed, the response between the minimum and maximum time limits, will face the last modification factor (lm-factor) algorithm of squid, the response to this, squid calculates the response age and the last modified factor, He then compares it as a percentage value, and if the coefficient exceeds 50%, then the response must be refreshed

###################

Squid Cache Settings-control the cache time of the page

Refresh_pattern: Used to determine how long a page stays in the cache after it enters the cache.


Refresh_pattern only works on a page where the backend does not have a expires expiration, such as a forum page, and does not work on pages similar to Apache Mod_expires.

Grammar:

refresh_pattern [-i] regexp min percent max  [optionsrefresh_pattern -i \.css$ 1440 50% 129600 reload-into-imsrefresh_ Pattern -i \.xml$ 1440 50% 129600 reload-into-imsrefresh_pattern -i \. html$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \.shtml$ 1440  90% 129600 reload-into-imsrefresh_pattern -i \.hml$ 1440 90% 129600  Reload-into-imsrefresh_pattern -i \.jpg$ 1440 90% 129600 reload-into-imsrefresh_ Pattern -i \.png$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \. gif$ 1440 90% 129600 ignore-reloadrefresh_pattern -i \.bmp$ 1440 90%  129600 reload-into-imsrefresh_pattern -i \.js$ 1440 90% 129600  Reload-into-ims 

#指定hosts file

Hosts_file/etc/hostsrequest_header_max_size kbipcache_size 1024ipcache_low 90ipcache_high 95


# # #在hosts中添加相应的解析

Cp/etc/hosts/etc/hostsecho-e "10.0.0.4 imag1.lvnian.org" >>/etc/hosts



# #只有缓存完了, no matter if you're not on the line, there will be. Even if you delete the client side IE cache, the back end of the HTTP service shut down, also can see the data

Offline_mode on


# #定义日志格式

Logformat squid%{x-forwarded-for}>h%ui%un [%tl] "%rm%ru http/%rv"%Hs%<st%tr "%{referer}>h" "%{User-Agent}& Gt;h "%ss:%sh# #应用日志格式access_log/application/squid3.0/var/logs/access.log Squid


# # #可以配置多个缓存目录

Cache_dir aufs/data1/cache 94000 256cache_dir aufs/data2/cache 94000 94000 64 256


The complete configuration file is as follows:

[[Email protected] etc]# cat squid.confacl manager proto cache_objectacl  localhost src 127.0.0.1/32acl to_localhost dst 127.0.0.0/8 0.0.0.0/32acl  localnet src 10.0.0.0/8     # RFC1918 possible  Internal networkacl localnet src 172.16.0.0/12  # rfc1918 possible  internal networkacl localnet src 192.168.0.0/16 # rfc1918 possible  internal networkacl SSL_ports port 443acl Safe_ports port 80           # httpacl Safe_ports port 21           # ftpacl Safe_ports port 443          # httpsacl Safe_ports port 70           # gopheracl safe_ports port 210          # waisacl safe_ports port 1025-65535  # unregistered portsacl  safe_ports port 280         # http-mgmtacl  safe_ports port 488         # gss-httpacl  safe_ports port 591         # filemakeracl  safe_ports port 777         # multiling  httpacl connect method connecthttp_access allow manager localhosthttp_ access deny managerhttp_access deny ! safe_portshttp_access deny connect ! ssl_portshttp_access allow localnethttp_access deny allicp_access allow  Localneticp_access deny allhtcp_access allow localnethtcp_access deny all################################## #http_port  80 accel vhost vport# set to where the Web to do direction proxy cache_peer imag1.lvnian.org  parent  80 0 no-query no-digest max-conn=32 originservercache_mem 64 mbcache_ swap_low 90cache_swap_high 95maximum_object_size 8192 kbminimum_object_size 0  kbmaximum_object_size_in_memory 4096 kbemulate_httpd_log onmemory_replacement_policy lru## ################################ #hierarchy_stoplist  cgi-bin ?cache_dir ufs /application/ squid3.0/var/cache 100 16 256access_log /application/squid3.0/var/logs/access.log  squidcache_log /application/squid3.0/var/logs/cache.logcache_store_log /application/squid3.0/var/ logs/store.logrefresh_pattern ^ftp:           1440     20%     10080refresh_pattern ^gopher:         1440    0%      1440refresh_pattern  (cgi-bin|\?)     0       0%       0refresh_pattern .                0       20%     4320cache_mgr [email  protected]cache_effective_user squidcache_effective_group squidvisible_hostname  img01.etiantian.org icp_port 3130coredump_dir /application/squid3.0/var/cache################## #################### #refresh_pattern  -i \.css$ 1440 50% 129600  Reload-into-imsrefresh_pattern -i \.xml$ 1440 50% 129600 reload-into-imsrefresh_ pattern -i \.html$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \.shtml$ 1440 90% 129600  Reload-into-imsrefresh_pattern -i \.htm$ 1440 90% 129600 reload-into-imsrefresh_ Pattern -i \.jpg$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \. png$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \.gif$ 1440 90%  129600 ignore-reloadrefresh_pattern -i \.bmp$ 1440 90% 129600  reload-into-imsrefresh_pattern -i \.js$ 1440 90% 129600 reload-into-ims# Assigning hosts   File hosts_file  /etc/hostsrequest_header_max_size 128 kbipcache_size 1024ipcache_ Low 90ipcache_high 95cache_dir ufs /app/squid/cache 10000 16 256offline_ mode on[[email protected] etc]#


# # #检查语法

[[Email protected] etc]# squid -k parse2015/09/08 16:54:32| processing  Configuration File: /application/squid3.0/etc/squid.conf  (depth 0) 2015/09/08  16:54:32| warning: use of  ' reload-into-ims '  in  ' Refresh_pattern '  violates  http2015/09/08 16:54:32| initializing https proxy context[[email protected ] etc]#  above is no wrong # boot [[email protected] etc]# /etc/init.d/squid restart squid  restart...                                            [  ok  ]---------- ------------ -check ing-----------------------------tcp        0       0 0.0.0.0:80                   0.0.0.0:*                    listen      55119/(squid)         udp        0      0  0.0.0.0:3130                 0.0.0.0:*                                55119/(squid)        -----------------------Check over-----------------------------[ [email protected] etc]#


#检查命中转态

Curl-i-S 10.0.0.3/1.jpg|grep-i x-cache[[email protected] ~]# curl-i-S 10.0.0.4/1.jpg|grep-i x-cache X-cache:hit fro M img01.lvnian.org[[email protected] ~]# curl-i-S 10.0.0.4/2.jpg|grep-i x-cache x-cache:hit from Img01.lvnian.org[[ema Il protected] ~]# curl-i-S 10.0.0.4/3.jpg|grep-i x-cache x-cache:hit from Img01.lvnian.org[[email protected] ~]#

Use Windows Explorer to access the following address to see if you can properly access the contents of the 10.0.0.4 back-end Rs. Look at the 10.0.0.3squid log file. Observing the agent of squid

Http://10.0.0.3/1.jpg http://10.0.0.3/2.jpg http://10.0.0.3/3.jpg


This article is from the "Struggle Bar" blog, please be sure to keep this source http://lvnian.blog.51cto.com/7155281/1711494

Squid Reverse Proxy

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.