Squid2.6 reverse proxy Experiment

Squid2.6 the latest reverse configuration proxy experiment-Linux Enterprise Application-Linux server application information. The following is a detailed description. Configure reverse proxy in CentOS5.1 (squid2.6)

Wang Binbin

Tool: squid-2.6.STABLE6-4.el5

Topology



For example, there are two networks: Intranet Private Network: 192.168.1.0/24; Internet external network: 10.66.0.0/24.
The company's internal network has two servers:
Server A provides two services: Port 81 provides service 1 and port 82 provides service 2.
Server B provides a service through port 80.
Squid acts as the reverse proxy of the company's internal servers. The IP addresses of the two NICs are eth0: 10.66.0.80 (connected to the Internet external network) and eth1: 192.168.1.200 (connected to the company's internal private network ).
The Internet external network accesses internal servers of the company through the Squid proxy server. For example, the Client 10.66.0.174 cannot directly access internal servers of the company, but uses Squid to access internal servers of the company.

The procedure for an external network client to access the company's internal network server is as follows:
First, modify the/etc/hosts file on the Client and add the following three lines:
10.66.0.80 www.serverA1.com www
10.66.0.80 www.serverA2.com www
10.66.0.80 www.serverB.com www
Note: to allow the client to resolve these three domain names (www.serverA1.com www.serverA2.com www.serverB.com), the corresponding IP address is 10.66.0.80 (the IP address of the squid reverse proxy server)

Here, Squid reverse proxy server listening port: 8000 (default: 3128)

On the client, open the browser and enter www.serverA1.com: 8000 in the address bar of the browser to display the entire process of receiving data after the client sends this request.



Phase 1: here, the Client enters www.serverA1.com: 8000 in the address bar of the browser to resolve the IP address through the local Client/etc/hosts. The IP address corresponding to the domain name www.serverA1.com is 10.66.0.80 (Squid reverse proxy server ), therefore, the client sends a request to Squid reverse proxy server port 8000.
Note: In the address bar of the client browser, enter www.serverA1.com: 8000 and http: // 10.66.0.80: 8000. Although they both request port 8000 of the Squid reverse proxy server, they are essentially different. If you access the Squid server through http: // 10.66.0.80: 8000 in IP Mode, the Squid server cannot act as a proxy for multiple servers in the internal network, in this case, Squid can only send client requests to one server in the internal network. To enable Squid to act as a proxy for multiple servers in the internal network, you need to use the domain name method, for example, www.serverA1.com: 8000. After the Squid server receives such a request, it will resolve the Host to www.serverA1.com, when configuring Squid, there are two options: cache_peer and cache_peer_domain. These two options enable Squid to know that the request www.serverA1.com is ultimately intended to access port 81 of the company's internal network Server A (Server, this allows Squid to act as proxy for multiple internal servers. (For the usage of cache_peer and cache_peer_domain, see the following document ).

Phase 2: As mentioned above, the Squid server receives a request from the client, which is www.serverA1.com. Squid knows how to request port 81 of the company's internal network Server A (Server.

Phase 3: Server A provides Service 1 (Service 1) listening port 81. After receiving the request sent by Squid, it sends the corresponding data to the Squid Server according to the request.

Phase 4: After Squid receives the data sent from Server A from Port 81, it caches the data locally, at the same time, data is sent from Port 8000 to the client of the external network.

After the above four steps are completed, the client will receive the desired data.
It is worth noting that throughout the entire process, the company's internal network servers are transparent to the client, that is, the client does not know which servers and services the internal network provides. The client only accesses port 8000 of the Squid server and obtains the corresponding data.

After understanding the above Squid as a proxy and the client's request process, the following describes some configuration items of Squid (squid. conf)
Note: The following describes some basic configuration items of Squid, which are mainly explained to multiple servers as proxies. You need to have some basic understanding of Squid. In addition, there are many configuration items not mentioned about Squid. Some configuration items directly affect the performance of the Squid server, which is not described here.
Let's begin :)

Http_port 8000 vhost # The Squid server listens to port 8000 of the Local Machine. vhost supports virtual hosts.

Cache_peer 192.168.1.50 parent 81 0 no-query originserver weight = 1 name =
Cache_peer 192.168.1.50 parent 82 0 no-query originserver weight = 1 name = B
Cache_peer 192.168.1.51 parent 80 0 no-query originserver weight = 1 name = c

Cache_peer_domain a www.serverA1.com
Cache_peer_domain B www.serverA2.com
Cache_peer_domain c www.serverB.com
# Configure the above six lines to let the Squid server know:
# For a request from a client, if it is www.serverA1.com, Squid sends the request to port 81 of ServerA 192.168.1.50;
# For a request from a client, if it is www.serverA2.com, Squid sends a request to port 82 of ServerA 192.168.1.50;
# For a request from a client, if it is www.serverB.com, Squid sends a request to port 80 of ServerA 192.168.1.50;

Cache_dir ufs/squid_cache 256 16 256 # specify the data storage directory of the Squid Server

Acl all src 0.0.0.0/0.0.0.0
Http_access allow all

Cache_peer_access a allow all
Cache_peer_access B allow all
Cache_peer_access c allow all
# Set access permissions to allow all external clients to access a B c (the three virtual hosts we define)

By default, other configuration items are supported.
Note: squid-2.6.STABLE6-4.el5 master profile/etc/squid. conf has more than four thousand lines, most of which are comments. It should be said that it is easier to configure a basic Proxy Server (forward and reverse) based on this configuration file. The main problem I encountered during the configuration process is that I don't know how to make Squid reverse proxy for multiple servers (servers corresponding to different IP addresses and servers corresponding to different ports of the same IP address ), after reading some documents and doing a lot of experiments, I made them. The key configuration items are the two Commands: cache_peer and cache_peer_domain. These two commands are also one of the main differences between squid-2.6 and squid-2.5 (Red Hat RHLE4 integrates Squid-2.5 and RHEL5 integrates Squid-2.6 ). In squid-2.5, the key configuration commands involved in reverse proxy are: httpd_accel_host, httpd_accel_port, httpd_accel_single_host, httpd_accel_with_proxy, httpd_accel_uses_host_header. Httpd_accel _ * commands have been removed from Squid-2.6, and cache_peer, cache_peer_domain, and cache_peer_access commands are used.

Because textures are not available, please refer to http://hi.baidu.com/yuhongchun027.