Squid+apache Implementing Cache Acceleration

This example is squid and Apache on the same machine, squid do front-end reverse proxy. Port is 80,apache as back-end Web,port is 81

serverip:172.16.8.102

1. First introduce the next version number selection, before the test must be selected a suitable squid version number, in this recommendation 2.7. She and 2.6 similar but better support http1.1, also has more than 3.0 version number of features.

2.squid2.7 Installation

Cd/usr/local/src

TAR-ZXVF squid-2.7.stable9.tar.gz

CD Squid-2.7.stable9

./configure-prefix=/usr/local/squid2.7-enable-xmalloc-statistics--enable-async-io=320--with-maxfd=65536- Enable-useragent-log-enable-referer-log-enable-epoll-disable-poll-enable-large-cache-files- Disable-internal-dns-enable-linux-netfilter-enable-truncate-enable-x-accelerator-vary- enable-follow-x-forwarded-for-with-large-files-with-pthreads-enable-storeio= "Aufs,coss,diskd,ufs"- Enable-kill-parent-hack-enable-gnuregex-enable-cache-digests-enable-delay-pools-enable-stacktraces- enable-default-err-language=simplify_chinese-enable-err-languages= "Simplify_chinese 中文版"--enable-auth= " Basic "--enable-basic-auth-helpers=" NCSA "--enable-snmp

Make && make install

3. Create Suqid Users

Useradd Squid

Chown-r Squid.squid Squid

Set the properties of the Suqid installation file folder, or squid may not start

4. Create a slow folder

Cd/data

Mkdir-p Squid/cache

Chown-r Squid.squid Squid

5. Create a log folder

Cd/var/log

mkdir Squid

Chown-r Squid.squid Squid

Set the properties of the Suqid log, or squid may not start

5. Configure squid.conf

cd/usr/local/squid2.7

Vim squid.conf

ACL all src all
ACL manager Proto Cache_object
ACL localhost src 127.0.0.1/32
ACL to_localhost DST 127.0.0.0/8 0.0.0.0/32
ACL localnet src 10.0.0.0/8 # RFC1918 Possible Internal network
ACL localnet src 172.16.0.0/12 # RFC1918 Possible Internal network
ACL localnet src 192.168.0.0/16 # RFC1918 Possible Internal network
ACL ssl_ports port 443
ACL safe_ports Port 80 # HTTP
ACL safe_ports Port bayi # http
ACL safe_ports Port 3128 # http
ACL safe_ports port 8080 # http
ACL Safe_ports Port 21 # FTP
ACL safe_ports port 443 # HTTPS
ACL Safe_ports Port 70 # Gopher
ACL Safe_ports Port 210 # WAIS
ACL Safe_ports Port 1025-65535 # unregistered ports
ACL Safe_ports Port 280 # HTTP-MGMT
ACL Safe_ports Port 488 # gss-http
ACL Safe_ports Port 591 # FileMaker
ACL Safe_ports Port 777 # multiling HTTP
ACL Connect method Connect
http_access allow manager localhost localnet
Http_access Deny! Safe_ports
Http_access Deny CONNECT! Ssl_ports
http_access Allow all
Icp_access Allow LocalNet
Icp_access Deny All
http_port Accel Vhost vport
cache_peer 127.0.0.1 Parent Bayi 0 no-query originserver name=test
Cache_peer_access test Allow all
Hierarchy_stoplist Cgi-bin?
Cache_mem MB
maximum_object_size_in_memory 6 MB
Memory_replacement_policy LRU
Cache_replacement_policy LRU
Cache_dir Ufs/data/squid/cache
maximum_object_size 6 MB
Cache_swap_low 90
Cache_swap_high 95
Access_log/var/log/squid/access.log
Cache_log/var/log/squid/cache.log
Refresh_pattern ^ftp: 144020%10080
Refresh_pattern ^gopher: 14400%1440
Refresh_pattern-i (/cgi-bin/|\?) 0 0%0
refresh_pattern \. (jpg|png|gif|mp3|xml|html|htm|css|js|aspx) 1440 50% 2880 ignore-reload
Refresh_pattern. 020%4320
ACL Shoutcast rep_header x-http09-first-line ^icy. [0-9]
cache_vary on
ACL Apache Rep_header Server ^apache
Broken_vary_encoding Allow all
Cache_effective_user Squid
Cache_effective_group Squid
Visible_hostname 172.16.8.102
Icp_port 0
Reload_into_ims on
Coredump_dir/usr/local/squid2.7/var/cache

The changed parameters are explained:

(1) ACL safe_ports Port Bayi # http
ACL safe_ports Port 3128 # http
ACL safe_ports port 8080 # http

This defines the ports that can be visited because http_access deny! Safe_ports, only if the port that appears in the Safe_ports is limited, this can depend on the actual situation.

(2) http_access allow all

What I've defined here is that all IPs have access to squid, which is also to facilitate my use in the test environment, assuming that the online application should make the corresponding restrictions.

(3) Http_port Accel Vhost Vport

Define the port where the squid is to be asked.

Assuming that you don't add Accel vhost vport your squid by default as a cache server. This is the time to assume that the client has a request to send squid. Squid plays the routing function and forwards the request. Received by the real Web server, the Web server returns a response. When the squid receives a response, the response header determines whether the cache is cached. The squid at this point is just a cache server.

Suppose you add Accel Vhost Vport to show that your squidsquid from a cache server into a Web server, this time squid in 80port listening requests. At the same time, the request to the Web server port (vhost vport) is bound. This time the request to the SQUID,SQUID is not forwarded request. Instead, it either takes the data directly from the cache or requests the data directly from the bound port. Another advantage of binding port is the ability to take advantage of the expiry time header and ETag header in the HTTP response header.  

Cache_peer 127.0.0.1 Parent Bayi 0 no-query Originserver name=test

Reverse proxy 81port. 81port for apache;no-query do not do query, direct access to data; Orginserver is the source server; name defines the name of the reverse proxy. Ability to control ACLs

(4) Cache_mem MB

Set the size of the memory used
Maximum_object_size_in_memory 6 MB

Set the maximum memory consumed by the cache object
Memory_replacement_policy LRU

Cache_replacement_policy LRU

Replacement mechanism
Cache_dir Ufs/data/squid/cache 1024 16 256

The size of the cache folder. Should be no less than cache_mem
Maximum_object_size 6 MB

The largest single Cache object

(5) Access_log/var/log/squid/access.log
Cache_log/var/log/squid/cache.log

Set the log folder for squid. Pay attention to log permissions, or it may cause squid to fail to start

(6) Refresh_pattern \. (jpg|png|gif|mp3|xml|html|htm|css|js|aspx) 1440 50% 2880 ignore-reload

Set the length of time that files in a JPG suffix format stay in the cache

(7) Cache_vary on

Suppose you find that squid cache hit rate is very low. Even if the Refresh_pattern is adjusted. Maximum_object_size_in_memory, increasing memory is useless. With the in-memory and In-transit Objects in the CACHEMGR.CGI statistics tool, Html/js/css not_in_memory is found, and images such as jpg/png are cached, possibly due to this parameter off.

This is because Apache returns a vary:accept-encoding in the response header, and squid needs to store the browser request header when storing the cache file. The value of the Accept-encoding field in the information (gzip. Deflate) as part of the cache key, so for different accept-encoding field values. are required to save different files. (IE and Firefox request header of the Accept-encoding field value there is a space difference the next time

Request to squid, you need to find a cache file index file, according to the index file in the different accep-encoding values to find the corresponding cache file. Cache vary off, then gzip compressed and contain vary headers. Will not be the cache, so and the above caching strategy has no effect, and JPG was compressed, without vary, will naturally be the cache.

(8) Cache_effective_user squid
Cache_effective_group Squid

Set up users and groups for squid

(9) Icp_port 0

Disable the ICP neighbor, assuming you want to use squid cluster to change this number of parameters

(Ten) Reload_into_ims on

Turn on this global parameter. Convert client-sent No-cache into if-modified-since to handle

This parameter setting can be a reference to this blog http://blog.sina.com.cn/s/blog_56d8ea9001018xev.html

(one) hierarchy_stoplist Cgi-bin?

This is the default number of parameters. Any request that includes a question mark or Cgi-bin string matches the list and becomes non-cascading.

Squid internally marks each client request as cascading or non-cascading. Non-cascading requests do not appear to cause a cache hit. Like what. The response to the POST request almost never gets the cache. When squid can simply connect to the original server, the request to the cache destination is forwarded to the neighbor cache. is purely a waste of resources.
Some rules that distinguish between cascading and non-cascading requests are difficult to encode in squid. Like what. The post and put methods are always non-cascading.

However, the Hierarchy_stoplist directive agrees with you to customize such algorithms. It includes a list of strings. When they are found in the URI. Squid marks the request as non-cascading.

After you change the configuration file, you can initialize the cache folder and start squid.

/usr/local/squid2.7/sbin/squid-z

/usr/local/squid2.7/sbin/squid

Lsof-i:80

COMMAND PID USER FD TYPE DEVICE size/off NODE NAME
Squid 1399 squid 17u IPv4 9965038 0t0 TCP *:http (LISTEN)

Description startup successful, if Discovery boot is unsuccessful, check configuration file

6.CACHEMGR.CGI Statistical tools

Vim/usr/local/squid2.7/etc/cachemgr.conf

Localhost:80

80port for Squid Http_portport

Cd/var/www/html

mkdir Squid/cgi-bin

Cp/usr/local/squid2.7/libexec/cachemgr.cgi/var/www/html/squid/cgi-bin

Set up a corresponding interview in Apache

Vim/etc/httpd/conf.d/squid.conf

scriptalias/squid/cgi-bin/cachemgr.cgi/usr/local/squid2.7/libexec/cachemgr.cgi

# Only allow access from the localhost by default
<Location/squid/cgi-bin/cachemgr.cgi>
Order Allow,deny
# Allow from Localhost.localdomain
Allow from all
# ADD additional allowed hosts as needed
# Allow from. example.com
</Location>

Service httpd Restart make the configuration file effective.

Because Apache uses 81port, we can access it directly with 81port.

http://172.16.8.102:81/squid/cgi-bin/cachemgr.cgi

Because we do not have a direct access to the Usernamepassword, but apply to the line must be set.

7.apache Configuration

Website Access configuration I am directly using a test site, in this do not do too much introduction. But here's an introduction to the Apache Mod_expoires module. This module can reduce the repeated request of about 10%, so that the repeated user to the specified page request results cache locally, do not make a request to the server at all.

Check Apache by installing the Mod_expires module, so we just need to configure it in/etc/httpd/conf.d/mod_expires.conf.

Vim/etc/httpd/conf.d/mod_expires.conf

<ifmodule mod_expires.c>
Expiresactive on
ExpiresDefault "Access plus hours"
Expiresbytype text/html "Access plus 3 days"
Expiresbytype text/plain "Access plus 3 days"
Expiresbytype text/css "Access plus 7 Days"
Expiresbytype image/gif "Access Plus"
Expiresbytype image/png "Access Plus"
Expiresbytype image/jpeg "Access Plus"
Expiresbytype image/jpg "Access Plus"
Expiresbytype Image/x-icon "Access Plus"
Expiresbytype video/x-flv "Access Plus"
Expiresbytype Application/x-shockwave-flash "Access Plus"
</IfModule>

All files can be cached by default set to 12 hours, the Text/image/video and other types of files are set to the corresponding cache time.

After the setup is complete, the service httpd restart is available.

Finally, we visit the test. Then look at the cache hit.

watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqvewfuz2dkmtk4nw==/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/ Dissolve/70/gravity/southeast ">

Also, after adding squid to the Apache front end. I can load up to 4000. But squid consumes a bit too much CPU.

[email protected] webbench-1.5]# webbench-c 4000-t http://172.16.8.102/Login.php
webbench-simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source software.

Benchmarking:get http://172.16.8.102/Login.php
4000 clients, running SEC.

speed=685846 pages/min, 4664574 bytes/sec.
requests:342923 susceed, 0 failed.

Squid+apache Implementing Cache acceleration