The normal proxy method is a connection request that proxies the internal network user to the server on the Internet, and the client must specify a proxy server and send a connection request that would otherwise be sent directly to the server on the Internet to the proxy server for processing.
The reverse proxy method refers to a proxy server that accepts a connection request on the Internet, then forwards the request to a server on the internal network and returns the results from the server to the client requesting a connection on the Internet, at which point the proxy servers perform a server.
1, Reverse proxy process Description:
Squid as a reverse proxy server, usually working in the front end of a server cluster, in the client's view, squid Server is the server he wants to access, and in practice squid just accept the user's request, while the user request forwarded to the intranet real Web server, If the squid itself has content that the user wants to access, squid will return the content directly to the user without having to go to the backend server to request
2, Squid reverse agent production case
Many large portals, often using squid as the server's reverse cache, improve server access performance, these cache server groups effectively reduce the load on the back-end Web server, and improve access speed, to some extent, protect the back-end Web server.
3, Squid reverse proxy advantages:
1. Save bandwidth (to CDN) and deploy Squid reverse proxy in the machine room, can not save bandwidth
2. Enhance the user experience
3. Relieve server pressure, reduce the pressure of web, storage, database
Company Purchase CDN, Enterprises also need to build squid reverse proxy in the computer room
A: The demand is small, there is a CDN, static business hit 90 or so, so the demand is not big
When it comes time to penetrate CDN requests more than Web services and other storage, the pressure on the database needs to be deployed squid
4, Squid reverse proxy How to get data updates
Squid reverse proxy generally only caches data that can be cached (such as static data such as HTML pages, js,css and images), while some CGI scripts or dynamic programs such as ASP, JSP, PHP are not cached by default, it buffers static pages based on the HTTP header tags returned from the Web server. There are four important HTTP header tags.
Last-modified: Tell the Reverse proxy page what time is changed;
Expries: Tell the Reverse proxy page what time it should be removed from the buffer
Cache-control: Tells the direction proxy page should be cached;
Pragma: Used to include implementation-specific instructions, most commonly pragma:no-cache
Priority comparison (No-cache,expries,max-age) reference
Experience: cache-control:no-cache>expries>refresh_pattern>last-modified in squid. Test the front of the most important, the front of the failure, the basic of the latter is also invalid.
Also install a Web server as the source station. Also known as RS
Web server IP is 10.0.0.4 port.
Yum install httpd*/etc/init.d/iptables stop/etc/init.d/httpd startnetstat -lnt|grep 80lsof -i :80echo 111>/var/www/html/index.html======================================== ============================[[email protected] html]# ps -ef |grep httproot 1798 1 0 14:47 ? 00:00:00 /usr/sbin/httpdapache 1800 1798 0 14:47 ? 00:00:00 / usr/sbin/httpdapache 1801 1798 0 14:47 ? 00:00:00 /usr/sbin/httpdapache 1802 1798 0 14:47 ? 00:00:00 /usr/ sbin/httpdapache 1803 1798 0 14:47 ? 00:00:00 /usr/sbin/httpdapache 1804 1798 0 14:47 ? 00:00:00 /usr/sbin/httpdapache 1805 1798 0 14:47 ? 00:00:00 /usr/sbin/httpdapache 1806 1798 0 14:47 ? 00:00:00 /usr/sbin/httpdapache 1807 1798 0 14:47 ? 00:00:00 / usr/sbin/httpdroot 1811 1743 0 14:49 pts/0 00:00:00 grep http[[email protected] html]# netstat - lntup|grep 80tcp 0 0 :::80 :::* LISTEN 1798/httpd [[email protected] html]# lsof -i :80command pid user fd type device size/off node namehttpd 1798 root 4u IPv6 19044 0t0 TCP *:http ( LISTEN) httpd 1800 apache 4u ipv6 19044 0t0 tcp *:http (LISTEN) httpd 1801 apache 4u IPv6 19044 0t0 TCP *:http ( LISTEN) httpd 1802 apache 4u ipv6 19044 0t0 TCP *:http (LISTEN) httpd 1803 apache 4u ipv6 19044 0t0 TCP *:http (LISTEN) httpd 1804 apache 4u IPv6 19044 0t0 TCP *:http ( LISTEN) httpd 1805 apache 4u ipv6 19044 0t0 TCP *:http (LISTEN) httpd 1806 apache 4u ipv6 19044 0t0 tcp *:http ( LISTEN) httpd 1807 apache 4u ipv6 19044 0t0 TCP *:http (LISTEN) [[email protected] html]#[[email protected] html]# curl 10.0.0.4111[[email protected] html]#======= =============================================================
Check the client open to see if it is correct
Upload 3 images to a Web site with a suffix JPG image
[[email protected] html]# ls1.jpg 1.png 2.jpg 3.jpg index.html k2.png keep1.png na1.png na2.png[[email protected] html]# http://10.0.0.4/1.jpg http://10.0.0.4/2.jpg http://10.0.0.4/3.jpg
In Squid server (ip:10.0.0.3), set squid.conf
#首先设置squid支持虚拟主机模式host_port 8000 accel vhost vport # #加速模式 # Set Squid Run user cache_effective_user squidcache_effective_group squid# settings to where the Web does direction proxy cache_peer imag1.lvnian.org parent 80 0 no-query no-digest max-conn=32 originserver#cache_peer vi.gis.cttic.cn parent 80 0 no-query no-digest max-conn 32 originserve # Set the cache directory (squid eat without eating file system type, cache directory, directory size MByte, number of files in the first-level directory, number of second-level folders) cache_dir ufs /app/squid/cache 10000 16 256 cache_mem 128 mb# This is an optimization option that increases the memory value in favor of caching. It should be noted that: generally if the system has memory, set the value to (n/) 3M. Now it's 3g , so here 1gcache_swap_low 90 . #最小允许使用swap 90%cache_swap_high 95 #最多允许使用swap 95%maximum_object_size 8192 KB #设置缓存在硬盘上的文件的最大大小minimum_object_size 0 KB #设置缓存在硬盘上的文件的最小大小maximum_ object_size_in_memory 4096 kb# setting the size of the file that is cached in memory emulate_httpd_log on# will cause squid to create access records in the format of the Web server. If you want to use memory_replacement_policy lru #缓存算法, keep the most recently used #设置这些方向代理的ACL to avoid squid being used as a proxy by malicious users acl my_allow_domain_ list dstdomain imag1.lvnian.org #acl my_allow_domain_list dstdomain vi.gis.cttic.cn #只允许我们定义的域名my_allow_domain_list cache_peer_access imag1.lvnian.org vi.gis.cttic.cn #设置缓存过期时间refresh_pattern -i \.jpg$ 30 50% 4320 Reload-into-imsrefresh_pattern -i \.png$ 30 50% 4320 reload-into-imsrefresh_pattern -i \.gif$ 30 50% 4320 reload-into-ims above means: If a response resides in the cache for no more than this 30 minute minimum limit, then he will not expire, similar to a maximum limit of 4,320 minutes is the maximum time limit of survival response, If a response resides in your cache that is actually above the maximum limit, then it must be refreshed, the response between the minimum and maximum time limits, will face the last modification factor (lm-factor) algorithm of squid, the response to this, squid calculates the response age and the last modified factor, He then compares it as a percentage value, and if the coefficient exceeds 50%, then the response must be refreshed
###################
Squid Cache Settings-control the cache time of the page
Refresh_pattern: Used to determine how long a page stays in the cache after it enters the cache.
Refresh_pattern only works on a page where the backend does not have a expires expiration, such as a forum page, and does not work on pages similar to Apache Mod_expires.
Grammar:
refresh_pattern [-i] regexp min percent max [optionsrefresh_pattern -i \.css$ 1440 50% 129600 reload-into-imsrefresh_ Pattern -i \.xml$ 1440 50% 129600 reload-into-imsrefresh_pattern -i \. html$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \.shtml$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \.hml$ 1440 90% 129600 Reload-into-imsrefresh_pattern -i \.jpg$ 1440 90% 129600 reload-into-imsrefresh_ Pattern -i \.png$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \. gif$ 1440 90% 129600 ignore-reloadrefresh_pattern -i \.bmp$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \.js$ 1440 90% 129600 Reload-into-ims
#指定hosts file
Hosts_file/etc/hostsrequest_header_max_size kbipcache_size 1024ipcache_low 90ipcache_high 95
# # #在hosts中添加相应的解析
Cp/etc/hosts/etc/hostsecho-e "10.0.0.4 imag1.lvnian.org" >>/etc/hosts
# #只有缓存完了, no matter if you're not on the line, there will be. Even if you delete the client side IE cache, the back end of the HTTP service shut down, also can see the data
Offline_mode on
# #定义日志格式
Logformat squid%{x-forwarded-for}>h%ui%un [%tl] "%rm%ru http/%rv"%Hs%<st%tr "%{referer}>h" "%{User-Agent}& Gt;h "%ss:%sh# #应用日志格式access_log/application/squid3.0/var/logs/access.log Squid
# # #可以配置多个缓存目录
Cache_dir aufs/data1/cache 94000 256cache_dir aufs/data2/cache 94000 94000 64 256
The complete configuration file is as follows:
[[Email protected] etc]# cat squid.confacl manager proto cache_objectacl localhost src 127.0.0.1/32acl to_localhost dst 127.0.0.0/8 0.0.0.0/32acl localnet src 10.0.0.0/8 # RFC1918 possible Internal networkacl localnet src 172.16.0.0/12 # rfc1918 possible internal networkacl localnet src 192.168.0.0/16 # rfc1918 possible internal networkacl SSL_ports port 443acl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 443 # httpsacl Safe_ports port 70 # gopheracl safe_ports port 210 # waisacl safe_ports port 1025-65535 # unregistered portsacl safe_ports port 280 # http-mgmtacl safe_ports port 488 # gss-httpacl safe_ports port 591 # filemakeracl safe_ports port 777 # multiling httpacl connect method connecthttp_access allow manager localhosthttp_ access deny managerhttp_access deny ! safe_portshttp_access deny connect ! ssl_portshttp_access allow localnethttp_access deny allicp_access allow Localneticp_access deny allhtcp_access allow localnethtcp_access deny all################################## #http_port 80 accel vhost vport# set to where the Web to do direction proxy cache_peer imag1.lvnian.org parent 80 0 no-query no-digest max-conn=32 originservercache_mem 64 mbcache_ swap_low 90cache_swap_high 95maximum_object_size 8192 kbminimum_object_size 0 kbmaximum_object_size_in_memory 4096 kbemulate_httpd_log onmemory_replacement_policy lru## ################################ #hierarchy_stoplist cgi-bin ?cache_dir ufs /application/ squid3.0/var/cache 100 16 256access_log /application/squid3.0/var/logs/access.log squidcache_log /application/squid3.0/var/logs/cache.logcache_store_log /application/squid3.0/var/ logs/store.logrefresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern (cgi-bin|\?) 0 0% 0refresh_pattern . 0 20% 4320cache_mgr [email protected]cache_effective_user squidcache_effective_group squidvisible_hostname img01.etiantian.org icp_port 3130coredump_dir /application/squid3.0/var/cache################## #################### #refresh_pattern -i \.css$ 1440 50% 129600 Reload-into-imsrefresh_pattern -i \.xml$ 1440 50% 129600 reload-into-imsrefresh_ pattern -i \.html$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \.shtml$ 1440 90% 129600 Reload-into-imsrefresh_pattern -i \.htm$ 1440 90% 129600 reload-into-imsrefresh_ Pattern -i \.jpg$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \. png$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \.gif$ 1440 90% 129600 ignore-reloadrefresh_pattern -i \.bmp$ 1440 90% 129600 reload-into-imsrefresh_pattern -i \.js$ 1440 90% 129600 reload-into-ims# Assigning hosts File hosts_file /etc/hostsrequest_header_max_size 128 kbipcache_size 1024ipcache_ Low 90ipcache_high 95cache_dir ufs /app/squid/cache 10000 16 256offline_ mode on[[email protected] etc]#
# # #检查语法
[[Email protected] etc]# squid -k parse2015/09/08 16:54:32| processing Configuration File: /application/squid3.0/etc/squid.conf (depth 0) 2015/09/08 16:54:32| warning: use of ' reload-into-ims ' in ' Refresh_pattern ' violates http2015/09/08 16:54:32| initializing https proxy context[[email protected ] etc]# above is no wrong # boot [[email protected] etc]# /etc/init.d/squid restart squid restart... [ ok ]---------- ------------ -check ing-----------------------------tcp 0 0 0.0.0.0:80 0.0.0.0:* listen 55119/(squid) udp 0 0 0.0.0.0:3130 0.0.0.0:* 55119/(squid) -----------------------Check over-----------------------------[ [email protected] etc]#
#检查命中转态
Curl-i-S 10.0.0.3/1.jpg|grep-i x-cache[[email protected] ~]# curl-i-S 10.0.0.4/1.jpg|grep-i x-cache X-cache:hit fro M img01.lvnian.org[[email protected] ~]# curl-i-S 10.0.0.4/2.jpg|grep-i x-cache x-cache:hit from Img01.lvnian.org[[ema Il protected] ~]# curl-i-S 10.0.0.4/3.jpg|grep-i x-cache x-cache:hit from Img01.lvnian.org[[email protected] ~]#
Use Windows Explorer to access the following address to see if you can properly access the contents of the 10.0.0.4 back-end Rs. Look at the 10.0.0.3squid log file. Observing the agent of squid
Http://10.0.0.3/1.jpg http://10.0.0.3/2.jpg http://10.0.0.3/3.jpg
This article is from the "Struggle Bar" blog, please be sure to keep this source http://lvnian.blog.51cto.com/7155281/1711494
Squid Reverse Proxy