This example is squid and Apache on the same machine, squid do front-end reverse proxy. Port is 80,apache as back-end Web,port is 81
serverip:172.16.8.102
1. First introduce the next version number selection, before the test must be selected a suitable squid version number, in this recommendation 2.7. She and 2.6 similar but better support http1.1, also has more than 3.0 version number of features.
2.squid2.7 Installation
Cd/usr/local/src
TAR-ZXVF squid-2.7.stable9.tar.gz
CD Squid-2.7.stable9
./configure-prefix=/usr/local/squid2.7-enable-xmalloc-statistics--enable-async-io=320--with-maxfd=65536- Enable-useragent-log-enable-referer-log-enable-epoll-disable-poll-enable-large-cache-files- Disable-internal-dns-enable-linux-netfilter-enable-truncate-enable-x-accelerator-vary- enable-follow-x-forwarded-for-with-large-files-with-pthreads-enable-storeio= "Aufs,coss,diskd,ufs"- Enable-kill-parent-hack-enable-gnuregex-enable-cache-digests-enable-delay-pools-enable-stacktraces- enable-default-err-language=simplify_chinese-enable-err-languages= "Simplify_chinese 中文版"--enable-auth= " Basic "--enable-basic-auth-helpers=" NCSA "--enable-snmp
Make && make install
3. Create Suqid Users
Useradd Squid
Chown-r Squid.squid Squid
Set the properties of the Suqid installation file folder, or squid may not start
4. Create a slow folder
Cd/data
Mkdir-p Squid/cache
Chown-r Squid.squid Squid
5. Create a log folder
Cd/var/log
mkdir Squid
Chown-r Squid.squid Squid
Set the properties of the Suqid log, or squid may not start
5. Configure squid.conf
cd/usr/local/squid2.7
Vim squid.conf
ACL all src all
ACL manager Proto Cache_object
ACL localhost src 127.0.0.1/32
ACL to_localhost DST 127.0.0.0/8 0.0.0.0/32
ACL localnet src 10.0.0.0/8 # RFC1918 Possible Internal network
ACL localnet src 172.16.0.0/12 # RFC1918 Possible Internal network
ACL localnet src 192.168.0.0/16 # RFC1918 Possible Internal network
ACL ssl_ports port 443
ACL safe_ports Port 80 # HTTP
ACL safe_ports Port bayi # http
ACL safe_ports Port 3128 # http
ACL safe_ports port 8080 # http
ACL Safe_ports Port 21 # FTP
ACL safe_ports port 443 # HTTPS
ACL Safe_ports Port 70 # Gopher
ACL Safe_ports Port 210 # WAIS
ACL Safe_ports Port 1025-65535 # unregistered ports
ACL Safe_ports Port 280 # HTTP-MGMT
ACL Safe_ports Port 488 # gss-http
ACL Safe_ports Port 591 # FileMaker
ACL Safe_ports Port 777 # multiling HTTP
ACL Connect method Connect
http_access allow manager localhost localnet
Http_access Deny! Safe_ports
Http_access Deny CONNECT! Ssl_ports
http_access Allow all
Icp_access Allow LocalNet
Icp_access Deny All
http_port Accel Vhost vport
cache_peer 127.0.0.1 Parent Bayi 0 no-query originserver name=test
Cache_peer_access test Allow all
Hierarchy_stoplist Cgi-bin?
Cache_mem MB
maximum_object_size_in_memory 6 MB
Memory_replacement_policy LRU
Cache_replacement_policy LRU
Cache_dir Ufs/data/squid/cache
maximum_object_size 6 MB
Cache_swap_low 90
Cache_swap_high 95
Access_log/var/log/squid/access.log
Cache_log/var/log/squid/cache.log
Refresh_pattern ^ftp: 144020%10080
Refresh_pattern ^gopher: 14400%1440
Refresh_pattern-i (/cgi-bin/|\?) 0 0%0
refresh_pattern \. (jpg|png|gif|mp3|xml|html|htm|css|js|aspx) 1440 50% 2880 ignore-reload
Refresh_pattern. 020%4320
ACL Shoutcast rep_header x-http09-first-line ^icy. [0-9]
cache_vary on
ACL Apache Rep_header Server ^apache
Broken_vary_encoding Allow all
Cache_effective_user Squid
Cache_effective_group Squid
Visible_hostname 172.16.8.102
Icp_port 0
Reload_into_ims on
Coredump_dir/usr/local/squid2.7/var/cache
The changed parameters are explained:
(1) ACL safe_ports Port Bayi # http
ACL safe_ports Port 3128 # http
ACL safe_ports port 8080 # http
This defines the ports that can be visited because http_access deny! Safe_ports, only if the port that appears in the Safe_ports is limited, this can depend on the actual situation.
(2) http_access allow all
What I've defined here is that all IPs have access to squid, which is also to facilitate my use in the test environment, assuming that the online application should make the corresponding restrictions.
(3) Http_port Accel Vhost Vport
Define the port where the squid is to be asked.
Assuming that you don't add Accel vhost vport your squid by default as a cache server. This is the time to assume that the client has a request to send squid. Squid plays the routing function and forwards the request. Received by the real Web server, the Web server returns a response. When the squid receives a response, the response header determines whether the cache is cached. The squid at this point is just a cache server.
Suppose you add Accel Vhost Vport to show that your squidsquid from a cache server into a Web server, this time squid in 80port listening requests. At the same time, the request to the Web server port (vhost vport) is bound. This time the request to the SQUID,SQUID is not forwarded request. Instead, it either takes the data directly from the cache or requests the data directly from the bound port. Another advantage of binding port is the ability to take advantage of the expiry time header and ETag header in the HTTP response header.
Cache_peer 127.0.0.1 Parent Bayi 0 no-query Originserver name=test
Reverse proxy 81port. 81port for apache;no-query do not do query, direct access to data; Orginserver is the source server; name defines the name of the reverse proxy. Ability to control ACLs
(4) Cache_mem MB
Set the size of the memory used
Maximum_object_size_in_memory 6 MB
Set the maximum memory consumed by the cache object
Memory_replacement_policy LRU
Cache_replacement_policy LRU
Replacement mechanism
Cache_dir Ufs/data/squid/cache 1024 16 256
The size of the cache folder. Should be no less than cache_mem
Maximum_object_size 6 MB
The largest single Cache object
(5) Access_log/var/log/squid/access.log
Cache_log/var/log/squid/cache.log
Set the log folder for squid. Pay attention to log permissions, or it may cause squid to fail to start
(6) Refresh_pattern \. (jpg|png|gif|mp3|xml|html|htm|css|js|aspx) 1440 50% 2880 ignore-reload
Set the length of time that files in a JPG suffix format stay in the cache
(7) Cache_vary on
Suppose you find that squid cache hit rate is very low. Even if the Refresh_pattern is adjusted. Maximum_object_size_in_memory, increasing memory is useless. With the in-memory and In-transit Objects in the CACHEMGR.CGI statistics tool, Html/js/css not_in_memory is found, and images such as jpg/png are cached, possibly due to this parameter off.
This is because Apache returns a vary:accept-encoding in the response header, and squid needs to store the browser request header when storing the cache file. The value of the Accept-encoding field in the information (gzip. Deflate) as part of the cache key, so for different accept-encoding field values. are required to save different files. (IE and Firefox request header of the Accept-encoding field value there is a space difference the next time
Request to squid, you need to find a cache file index file, according to the index file in the different accep-encoding values to find the corresponding cache file. Cache vary off, then gzip compressed and contain vary headers. Will not be the cache, so and the above caching strategy has no effect, and JPG was compressed, without vary, will naturally be the cache.
(8) Cache_effective_user squid
Cache_effective_group Squid
Set up users and groups for squid
(9) Icp_port 0
Disable the ICP neighbor, assuming you want to use squid cluster to change this number of parameters
(Ten) Reload_into_ims on
Turn on this global parameter. Convert client-sent No-cache into if-modified-since to handle
This parameter setting can be a reference to this blog http://blog.sina.com.cn/s/blog_56d8ea9001018xev.html
(one) hierarchy_stoplist Cgi-bin?
This is the default number of parameters. Any request that includes a question mark or Cgi-bin string matches the list and becomes non-cascading.
Squid internally marks each client request as cascading or non-cascading. Non-cascading requests do not appear to cause a cache hit. Like what. The response to the POST request almost never gets the cache. When squid can simply connect to the original server, the request to the cache destination is forwarded to the neighbor cache. is purely a waste of resources.
Some rules that distinguish between cascading and non-cascading requests are difficult to encode in squid. Like what. The post and put methods are always non-cascading.
However, the Hierarchy_stoplist directive agrees with you to customize such algorithms. It includes a list of strings. When they are found in the URI. Squid marks the request as non-cascading.
After you change the configuration file, you can initialize the cache folder and start squid.
/usr/local/squid2.7/sbin/squid-z
/usr/local/squid2.7/sbin/squid
Lsof-i:80
COMMAND PID USER FD TYPE DEVICE size/off NODE NAME
Squid 1399 squid 17u IPv4 9965038 0t0 TCP *:http (LISTEN)
Description startup successful, if Discovery boot is unsuccessful, check configuration file
6.CACHEMGR.CGI Statistical tools
Vim/usr/local/squid2.7/etc/cachemgr.conf
Localhost:80
80port for Squid Http_portport
Cd/var/www/html
mkdir Squid/cgi-bin
Cp/usr/local/squid2.7/libexec/cachemgr.cgi/var/www/html/squid/cgi-bin
Set up a corresponding interview in Apache
Vim/etc/httpd/conf.d/squid.conf
scriptalias/squid/cgi-bin/cachemgr.cgi/usr/local/squid2.7/libexec/cachemgr.cgi
# Only allow access from the localhost by default
<Location/squid/cgi-bin/cachemgr.cgi>
Order Allow,deny
# Allow from Localhost.localdomain
Allow from all
# ADD additional allowed hosts as needed
# Allow from. example.com
</Location>
Service httpd Restart make the configuration file effective.
Because Apache uses 81port, we can access it directly with 81port.
http://172.16.8.102:81/squid/cgi-bin/cachemgr.cgi
Because we do not have a direct access to the Usernamepassword, but apply to the line must be set.
7.apache Configuration
Website Access configuration I am directly using a test site, in this do not do too much introduction. But here's an introduction to the Apache Mod_expoires module. This module can reduce the repeated request of about 10%, so that the repeated user to the specified page request results cache locally, do not make a request to the server at all.
Check Apache by installing the Mod_expires module, so we just need to configure it in/etc/httpd/conf.d/mod_expires.conf.
Vim/etc/httpd/conf.d/mod_expires.conf
<ifmodule mod_expires.c>
Expiresactive on
ExpiresDefault "Access plus hours"
Expiresbytype text/html "Access plus 3 days"
Expiresbytype text/plain "Access plus 3 days"
Expiresbytype text/css "Access plus 7 Days"
Expiresbytype image/gif "Access Plus"
Expiresbytype image/png "Access Plus"
Expiresbytype image/jpeg "Access Plus"
Expiresbytype image/jpg "Access Plus"
Expiresbytype Image/x-icon "Access Plus"
Expiresbytype video/x-flv "Access Plus"
Expiresbytype Application/x-shockwave-flash "Access Plus"
</IfModule>
All files can be cached by default set to 12 hours, the Text/image/video and other types of files are set to the corresponding cache time.
After the setup is complete, the service httpd restart is available.
Finally, we visit the test. Then look at the cache hit.
watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqvewfuz2dkmtk4nw==/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma==/ Dissolve/70/gravity/southeast ">
Also, after adding squid to the Apache front end. I can load up to 4000. But squid consumes a bit too much CPU.
[email protected] webbench-1.5]# webbench-c 4000-t http://172.16.8.102/Login.php
webbench-simple Web Benchmark 1.5
Copyright (c) Radim Kolar 1997-2004, GPL Open Source software.
Benchmarking:get http://172.16.8.102/Login.php
4000 clients, running SEC.
speed=685846 pages/min, 4664574 bytes/sec.
requests:342923 susceed, 0 failed.
Squid+apache Implementing Cache acceleration