centos下简单配置安装Squid 3.0反向代理
<p><strong>安装篇: </strong><br><br>
本教程应用环境为干净centos 5.5 ,预先分好并加载/data分区,并且关闭selinux及iptables<br><br>
首先修改文件描述符并设定临时端口范围,这些设置重启后生效</p>
<div class="codetitle">
<span><u>复制代码</u></span> 代码如下:</div>
<div class="codebody" id="code34785">
<br>
cat >> /etc/security/limits.conf <<DDD<br>
* soft nofile 8192<br>
* hard nofile 20480<br>
DDD<br><br>
cat >> /etc/sysctl.conf <<DDD<br>
#set temp port range<br>
net.ipv4.ip_local_port_range = 32768 61000<br>
DDD<br><br>
init 6</div>
<p>
<br>
确认修改是否正确</p>
<div class="codetitle">
<span><u>复制代码</u></span> 代码如下:</div>
<div class="codebody" id="code26499">
<br>
# ulimit -n<br>
8192<br>
# sysctl -n net.ipv4.ip_local_port_range<br>
net.ipv4.ip_local_port_range = 32768 61000</div>
<p>
<br>
添加squid专用账户</p>
<div class="codetitle">
<span><u>复制代码</u></span> 代码如下:</div>
<div class="codebody" id="code4472">
<br>
groupadd squid<br>
useradd -g squid -s /bin/false -M squid</div>
<p>
<br>
添加日志目录、设置缓存和日志目录的权限</p>
<div class="codetitle">
<span><u>复制代码</u></span> 代码如下:</div>
<div class="codebody" id="code43993">
<br>
mkdir /data/squidlog/<br>
chown -R squid.squid /data</div>
<p>
<br>
然后上传或者wget squid3.0软件tar包,tar zxvf解压,并且进入解压后的目录安装编译</p>
<div class="codetitle">
<span><u>复制代码</u></span> 代码如下:</div>
<div class="codebody" id="code25431">
<br>
./configure –prefix=/usr/local/squid3 –enable-async-io=100 –with-pthreads –enable-storeio="aufs,diskd,ufs" –enable-removal-policies="heap,lru" –enable-icmp –enable-delay-pools –enable-useragent-log –enable-referer-log –enable-kill-parent-hack –enable-arp-acl –enable-default-err-language=Simplify_Chinese –enable-err-languages="Simplify_Chinese English" –disable-poll –disable-wccp –disable-wccpv2 –disable-ident-lookups –disable-internal-dns –enable-basic-auth-helpers="NCSA" –enable-stacktrace –with-large-files –disable-mempools –with-filedescriptors=65535 –enable-ssl –enable-x-accelerator-var<br>
make<br>
make install<br>
make install-pinger</div>
<p>
<br>
至此squid已经成功安装了,然后大家自己所需的/usr/local/squid3/etc/squid.conf 配置文件,我这边的配置文件将会在本文末尾贴出来供大家研究。<br><br>
写好配置文件后执行下面的命令初始化cache目录<br>
/usr/local/squid3/sbin/squid -z<br>
然后运行squid,注:-D参数用来跳过DNS检测<br>
/usr/local/squid3/sbin/squid -D<br>
最后设置squid开机自动启动<br>
echo "/usr/local/squid3/sbin/squid -D " >>/etc/rc.local<br>
维护篇:<br><br>
以下是squid常用的命令<br>
如果修改过配置文件,则用下面的命令重读配置文件(即时生效)<br>
/usr/local/squid3/sbin/squid -k reconfigure<br>
检查配置文件配置的语法是否正确<br>
注:只有像这样的“cache_cf.cc(346) squid.conf:14 unrecognized: 'http1_port'”才是语法错误,<br>
“WARNING: use of 'reload-into-ims'……”这类提示属于意见建议,可以忽略。<br>
/usr/local/squid3/sbin/squid -k parse<br>
查看squid的日志和进程,看squid运行是否正常</p>
<div class="codetitle">
<span><u>复制代码</u></span> 代码如下:</div>
<div class="codebody" id="code7677">
<br>
ps -ef |awk '/^squid/'<br>
cat /data/squidlog/cache.log<br>
/usr/local/squid3/sbin/squid -k check ;echo $?</div>
<p>
<br>
关闭squid<br>
发出关闭信号,等会话结束后彻底关闭<br>
/usr/local/squid3/sbin/squid -k shutdown<br>
关闭squid(更高优先级,直接关闭squid)<br>
/usr/local/squid3/sbin/squid -k interrupt<br><br>
关闭squid(最高优先级,直接杀死squid进程)<br>
/usr/local/squid3/sbin/squid -k kill<br>
滚动日志文件<br>
/usr/local/squid3/sbin/squid -k rotate<br>
设置每周二凌晨四点30分自动滚动日志<br><br><br>
echo "30 4 * * 2 root /usr/local/squid3/sbin/squid -k rotate " >>/etc/crontab<br><br>
目前应用中的squid.conf文件,由于日志文件增长很快,所以直接输出到/dev/null丢弃掉了</p>
<div class="codetitle">
<span><u>复制代码</u></span> 代码如下:</div>
<div class="codebody" id="code34380">
<br>
#basic<br>
cache_effective_user squid<br>
cache_effective_group squid<br>
pid_filename /usr/local/squid3/var/logs/squid.pid<br>
visible_hostname squid.678114.com<br>
cache_mgr sudu@sudu.us<br>
error_directory /usr/local/squid3/share/errors/Simplify_Chinese<br>
icon_directory /usr/local/squid3/share/icons<br>
mime_table /usr/local/squid3/etc/mime.conf<br>
hosts_file /etc/hosts<br><br>
acl DEIpadd dstdom_regex $<br>
http_access deny DEIpadd<br><br>
cache_replacement_policy lru<br>
memory_replacement_policy lru<br><br>
http_port 80 vhost vport<br><br>
cache_mem 4024 MB<br>
maximum_object_size_in_memory 5120 KB<br><br>
icp_port 0<br><br>
#.cache_dir<br>
cache_dir aufs /data/cache 50000 64 128<br><br>
max_open_disk_fds 0<br>
maximum_object_size 20 MB<br><br>
#.cache_peer<br>
cache_peer 125.76.225.44 parent 80 0 no-query originserver no-digest name=all<br>
cache_peer_domain all .678114.com<br><br>
#acl<br>
acl Safe_ports port 80<br>
acl SSL_ports port 443<br>
acl LanSrc src 192.168.100.0/24<br>
acl webdomain dstdomain .678114.com<br>
acl manager proto cache_object<br>
acl localhost src 127.0.0.1/255.255.255.255<br>
acl CONNECT method CONNECT<br>
http_access allow manager localhost<br>
http_access deny manager<br>
http_access deny !Safe_ports<br>
http_access deny CONNECT !SSL_ports<br>
http_access allow LanSrc<br>
http_access allow webdomain<br>
http_access deny all<br><br>
#refresh_pattern<br>
refresh_pattern -i /$ 15 90% 600 reload-into-ims<br>
refresh_pattern -i .html$ 15 90% 600 reload-into-ims<br>
refresh_pattern -i .htm$ 15 90% 600 reload-into-ims<br>
refresh_pattern -i .shtml$ 15 90% 600 reload-into-ims<br>
refresh_pattern -i .hml$ 15 90% 600 reload-into-ims<br>
refresh_pattern -i .gif$ 1440 90% 129600 reload-into-ims<br>
refresh_pattern -i .swf$ 1440 90% 129600 reload-into-ims<br>
refresh_pattern -i .jpg$ 1440 90% 129600 reload-into-ims<br>
refresh_pattern -i .png$ 1440 90% 129600 reload-into-ims<br>
refresh_pattern -i .bmp$ 1440 90% 129600 reload-into-ims<br>
refresh_pattern -i .js$ 120 90% 129600 reload-into-ims<br>
refresh_pattern -i .css$ 120 90% 129600 reload-into-ims<br>
refresh_pattern -i .wma$ 1440 90% 21600 reload-into-ims<br>
refresh_pattern -i .zip$ 1440 90% 21600 reload-into-ims<br>
refresh_pattern -i .mp3$ 1440 90% 21600 reload-into-ims<br>
refresh_pattern -i .rar$ 1440 90% 21600 reload-into-ims<br>
refresh_pattern -i .rm$ 1440 90% 21600 reload-into-ims<br>
refresh_pattern -i .flv$ 1440 90% 21600 reload-into-ims<br>
refresh_pattern -i .rar$ 1440 90% 21600 reload-into-ims<br>
refresh_pattern -i .rm$ 1440 90% 21600 reload-into-ims<br>
refresh_pattern -i .avi$ 1440 90% 21600 reload-into-ims<br>
refresh_pattern -i .3gp$ 1440 90% 21600 reload-into-ims<br>
refresh_pattern -i .mp4$ 1440 90% 21600 reload-into-ims<br>
refresh_pattern -i .wmv$ 1440 90% 21600 reload-into-ims<br><br>
#keepalived<br>
client_persistent_connections off<br>
server_persistent_connections on<br><br>
#log<br>
emulate_httpd_log on<br>
logformat web1 %{X-Forwarded-For}>h %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh<br>
cache_log /data/squidlog/cache.log<br>
cache_access_log /dev/null web1<br>
cache_store_log /dev/null<br>
strip_query_terms off<br>
logfile_rotate 10<br><br>
#other<br>
forwarded_for on<br>
log_icp_queries off<br>
via off<br>
httpd_suppress_version_string off<br>
ie_refresh off<br>
tcp_recv_bufsize 32 KB<br>
ipcache_size 1024<br>
ipcache_low 90<br>
ipcache_high 95<br>
cache_swap_low 80<br>
cache_swap_high 90<br>
request_header_max_size 128 KB<br><br>
quick_abort_min 20 KB<br>
quick_abort_max 20 KB<br>
quick_abort_pct 95<br><br>
connect_timeout 1 minute<br>
negative_ttl 0 minutes<br><br>
read_timeout 30 seconds<br>
pconn_timeout 120 seconds<br>
half_closed_clients off<br>
client_lifetime 10 minutes<br>
shutdown_lifetime 5 seconds<br><br>
hierarchy_stoplist cgi-bin ?<br>
access_log /dev/null squid</div>
<p>
<br>
本文首发于http://www.sudu.us/simple-to-install-squid-3-0-reverse-proxy-configuration/</p>
頁:
[1]