Use Dnspod and squid to build your own CDN (vii) configuration Squid_linux

The 7th chapter is equipped with squid
1. Set up the Hosts table
First, we need to understand the role squid plays in Cdn. Squid in the CDN is actually just a proxy + cache. Like a typical proxy server, squid makes a request to a server that actually has content, and caches it, instead of the user. The difference is that squid as a similar Apache web server exists, users do not feel the access to a proxy server, but a real Web server. In general, we call this approach "reverse proxy."
So, we need to let squid know where the content is going to be taken. Because we have set the domain name naizhao.com intelligent DNS, and this squid server is also netcom, in accordance with the normal DNS resolution, will naizhao.com resolution to 2.2.2.2 this IP (that is, the Netcom machine itself). But this IP does not have any required content, all the content is actually on the 1.1.1.1 (source server). So we need to fix an IP for naizhao.com, which is 1.1.1.1.
There are two ways for the system to get this IP, one is to set the hosts table, the other is to build a DNS server inside the system. Windows, you should often go to the Hosts file, Linux also exists in this file, we have mentioned in the previous Vim tutorial. To build a DNS system This method is too large, or edit the Hosts file relatively simple, so we used to edit the hosts table method.
Linux below the hosts table is located in/etc/hosts, the format is similar to Windows, we open the following line to the end

1.1.1.1 naizhao.com www.naizhao.com cnc.naizhao.com

If you've added 1.1.1.1 this record to the previous tutorial, modify it to look like the one above.
2. Set Squid
Squid's configuration file is located in/usr/local/squid/etc/squid.conf and will be opened with detailed instructions in English. We do not need to understand the meaning of each configuration in this document for the time being, I believe we can see a lot of English will be the first big. Everyone just needs to know how to run the squid according to their own needs and not make mistakes.
Let's delete the squid.conf first with the RM command. Do not be afraid to delete the Squid.conf.default, there is also a default in the. General Linux programs, including Apache, will have a. default file, which makes it easy for you to restore the default settings, or as a reference for modification.
squid.conf deleted, we use VI squid.conf, new this file, and then put the following content into, save
Http_port Vhost vport=80
ACL Apache Rep_header Server ^apache
Broken_vary_encoding Allow Apache
Cache_mem 1024 MB
Maximum_object_size 4096 KB
Minimum_object_size 0 KB
Maximum_object_size_in_memory 256 KB
Cache_dir Ufs/var/spool/squid 20480 16 256
Cache_swap_low 80
Cache_swap_high 97
Strip_query_terms off
Request_body_max_size 5 MB
Memory_pools on
Memory_pools_limit MB
Access_log None
Cache_log/var/log/squid/cache.log
Cache_store_log None
Pid_filename/var/run/squid.pid
Hosts_file/etc/hosts
Refresh_pattern ^ftp:1440 20% 10080
Refresh_pattern ^gopher:1440 0% 1440
Refresh_pattern-i naizhao\.com 100% 1440 ignore-reload
Refresh_pattern-i www\.naizhao\.com 100% 1440 ignore-reload
Refresh_pattern-i. gif 180 20% 10080 override-expire ignore-reload reload-into-ims
refresh_pattern-i. jpg 180 20% 10080 override-expire ignore-reload reload-into-ims
Refresh_pattern. 120 50% 1440
ACL all src 0.0.0.0/0.0.0.0
ACL P-manager Proto Cache_object
ACL s-localhost src 127.0.0.1/255.255.255.255
ACL D-localhost DST 127.0.0.0/8
ACL d-domains dstdomain. naizhao.com
ACL P-ssl Port 443 563
ACL P-safe Port 80 443 563
ACL M-conn Method CONNECT
ACL M-purge method Purge
ACL N-maxconn maxconn 15
Http_access Allow P-manager s-localhost
Http_access Allow M-purge
Http_access Deny!p-safe
Http_access deny M-conn!p-ssl
Http_access Deny N-maxconn
Http_access Allow P-manager
Http_access Allow D-domains
Http_access Deny All
Http_reply_access Allow all
ACL R-url Urlpath_regex Realtime
Cache Deny R-url
Icp_access Allow all
Follow_x_forwarded_for Allow all
Acl_uses_indirect_client offrange_offset_limit-1
Dns_timeout 2 seconds
Forward_timeout seconds
Connect_timeout seconds
Peer_connect_timeout 6 seconds
Read_timeout seconds
Request_timeout 6 seconds
Persistent_request_timeout seconds
Cache_mgr silence.z@gmail.com
Cache_effective_user Nobody
Cache_effective_group Nobody
Visible_hostname cnc.naizhao.com
Logfile_rotate 0
Always_direct Allow all
Error_directory/usr/local/squid/share/errors/simplify_chinese
Coredump_dir/var/spool/squid

Several parameters to be described:
Cache_mem 1024 MB (squid Use memory size, note must be left about 500M of memory to the system use, recommended system memory 2G, and then allocate 1G to squid)

Cache_dir Ufs/var/spool/squid 20480 16 256 (cached directory, placed under/var/spool/squid, size is 20G, the first level directory is 16, and the second level directory is 256.) Because the number of files and directories placed under a directory is limited, there is a need to set up multiple directories to fit the needs of squid to store a large number of files. Directory tens of millions of not set too large, otherwise it will cause system panic

Memory_pools_limit MB (memory pool, used to store cached files in the list, convenient to find the location of the file storage, do not need to be too large.) Don't know, just leave it.

Cache_log/var/log/squid/cache.log (log file location, must have read and write permission, said later)

Refresh_pattern-i naizhao\.com 100% 1440 ignore-reload
Refresh_pattern-i www\.naizhao\.com 100% 1440 ignore-reload
Refresh_pattern-i. gif 180 20% 10080 override-expire ignore-reload reload-into-ims
refresh_pattern-i. jpg 180 20% 10080 override-expire ignore-reload reload-into-ims
(The above lines specify the time of the file cache, you can specify a domain name, or you can specify a file type.) More domain names or file types are added as needed. -I is ignoring case, naizhao.com and. gif are file types, 240 is the minimum cache time, 1440 is the maximum cache time, all minutes. These are not to be used, and adjustments will be made when necessary. Our slogan is: Run first.

ACL d-domains dstdomain. naizhao.com (List of domain names allowed to access. If you want to run multiple sites add a few, separated by a space. There is an English naizhao.com front, which means all *.naizhao.com are allowed. If this point is not available, then only naizhao.com is allowed, and access is prompted for access to www.naizhao.com. ）

Cache_mgr silence.z@gmail.com (Administrator's email address, change to own)

Cache_effective_user Nobody
Cache_effective_group Nobody
(The user and user group used to run squid.) In order to avoid the use of the root account of the unsafe factors, most of the Linux program will first run with Root, and then immediately run the user from root to other users, so that even if the program has a loophole is black, hackers can only get this common user's permissions, the system will be greatly reduced harm. Leave it by default)

Visible_hostname cnc.naizhao.com (server output machine name, multiple squid distribution when this is important, by setting a number of different names, it is easy to find out which server has problems)

Coredump_dir/var/spool/squid (squid hangs off, the last words to put to where.) Don't worry, the average person can not understand

After modifying the configuration file, we still need to do some final work.
First build a log directory, used to store log files. In accordance with squid.conf, we enter the following command

Mkdir/var/log/squid
Chown Nobody:nobody/var/log/squid

The Chown command is to set the owner and group. Just now, squid will use the user nobody group nobody to run. The Nobody:nobody Colon is preceded by a user, followed by a user group.
Also have squid cache directory, also need to set permissions for Nobody:nobody

Chown Nobody:nobody/var/spool/squid

To see if the command was successful, you can use the LS-LH

ls-lh/var/spool/
......
Drwxr-xr-x 3 Nobody Nobody 4.0K June 08:19 Squid

The last step is to initialize the cache directory structure of squid. (That is, the 16-level directory, 256 level two directory mentioned earlier.) itself these folders do not exist and need to be established by squid command

Squid commands under/usr/local/squid/sbin, we enter this directory, and then look at the squid command to help

./squid-h
Usage:squid [-hvzcdfnryx] [-D level] [s | l facility] [-F config-file] [-u port] [-K signal]
-D level Write debugging to stderr also.
-F file Use given config-file instead of
/usr/local/squid/etc/squid.conf
-h Print help message.
-K Reconfigure|rotate|shutdown|interrupt|kill|debug|check|parse
Parse configuration file, then send signal to
Running copy (Except-k parse) and exit.
-S | -L Facility
Enable logging to Syslog.
-U Port Specify ICP port number (default:3130), disable with 0.
-V Print version.
-Z Create swap directories
-C do not catch fatal signals.
-D Disable Initial DNS tests.
-F Don ' t serve any requests until the store is rebuilt.
-N No daemon mode.
-R do isn't set REUSEADDR on port.
-S double-check swap during rebuild.
-X Force full debugging.
-Y only return udp_hit or Udp_miss_nofetch during fast reload.

We can see that the-Z command is to create the cache directory, so we enter

./squid-z
2007/07/07 07:52:03| Creating Swap Directories

There are no error prompts, the description directory has been established successfully, we can use LS/VAR/SPOOL/SQUID to see the effect.

Finally, we let squid run up

./squid-nd 10

2007/07/07 07:53:50| Starting Squid Cache version 2.6.stable13 for I686-pc-linux-gnu ...
2007/07/07 07:53:50| Process ID 3135
2007/07/07 07:53:50| With 1024 file descriptors available
2007/07/07 07:53:50| Using poll for the IO loop
2007/07/07 07:53:50| Performing DNS Tests ...
2007/07/07 07:53:50| Successful DNS name lookup tests ...
2007/07/07 07:53:50| DNS Socket created at 0.0.0.0, Port 1026, FD 4
2007/07/07 07:53:50| adding nameserver 211.147.6.3 from/etc/resolv.conf
2007/07/07 07:53:50| adding nameserver 61.233.9.9 from/etc/resolv.conf
2007/07/07 07:53:50| UNLINKD Pipe opened on FD 8
2007/07/07 07:53:50| Swap maxSize 20971520 KB, estimated 1613193 objects
2007/07/07 07:53:50| Target Number of buckets:80659
2007/07/07 07:53:50| Using 131072 Store Buckets
2007/07/07 07:53:50| Max Mem size:1048576 KB
2007/07/07 07:53:50| Max Swap size:20971520 KB
2007/07/07 07:53:50| Store Logging Disabled
2007/07/07 07:53:50| Rebuilding storage in/var/spool/squid (DIRTY)
2007/07/07 07:53:50| Using Least Load Store dir selection
2007/07/07 07:53:50| Set Current Directory To/var/spool/squid
2007/07/07 07:53:50| Loaded Icons.
2007/07/07 07:53:52| Accepting accelerated HTTP connections at 0.0.0.0, Port, FD 7.
2007/07/07 07:53:52| Accepting ICP messages at 0.0.0.0, Port 3130, FD 9.
2007/07/07 07:53:52| WCCP Disabled.
2007/07/07 07:53:52| Ready to serve requests.
2007/07/07 07:53:52| Done Scanning/var/spool/squid (0 entries)
2007/07/07 07:53:52| Finished rebuilding storage from disk.
2007/07/07 07:53:52| 0 Entries scanned
2007/07/07 07:53:52| 0 Invalid entries.
2007/07/07 07:53:52| 0 with invalid flags.
2007/07/07 07:53:52| 0 Objects Loaded.
2007/07/07 07:53:52| 0 Objects expired.
2007/07/07 07:53:52| 0 Objects cancelled.
2007/07/07 07:53:52| 0 Duplicate URLs purged.
2007/07/07 07:53:52| 0 Swapfile clashes avoided.
2007/07/07 07:53:52| Took 2.0 seconds (0.0 objects/sec).
2007/07/07 07:53:52| Beginning Validation Procedure
2007/07/07 07:53:52| Completed Validation Procedure
2007/07/07 07:53:52| Validated 0 Entries
2007/07/07 07:53:52| Store_swap_size = 0k
2007/07/07 07:53:53| Storelaterelease:released 0 Objects

Open the browser, enter http://2.2.2.2, you will see Access denied error prompts, that squid has been normal running up.

Because the-d parameter is specified, squid now outputs all debugging information to the terminal. Press CTRL + C on the keyboard and then enter Killall squid to kill squid, which can terminate the squid process.