基于Squid3.0的反向代理加速实现

2015/12/08 10:14
阅读数 86

基于Squid3.0的反向代理加速实现

Squid是一个更专用的代理服务器,性能和效率会比Apachemod_proxy高很多。

下载squid3.0

http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE15.tar.gz


squid
的编译安装:

groupadd squid

adduser -g squid -d /dev/null -s /sbin/nologin squid

tar xzvf squid-3.0.STABLE15.tar.gz

cd squid-3.0.STABLE15
./configure --prefix=/usr/local/squid --sysconfdir=/usr/local/squid/etc --enable-arp-acl --enable-linux-netfilter --enable-pthreads --enable-err-language="Simplify_Chinese" --enable-storeio='ufs,aufs,null' --enable-default-err-language="Simplify_Chinese" --enable-auth="basic" --enable-baisc-auth-helpers="NCSA" --enable-underscore --enable-cachemgr --enable-async-io --with-large-files --with-filedescriptors=65536  --enable-epoll


make && make install


squid
的配置

cd /usr/local/squid
mkdir cache
chown -R squid.squid var

chown -R squid.squid cache
vi /usr/local/squid/etc/squid.conf


/etc/hosts中:加入内部的DNS解析,比如:
192.168.1.103 www.zhang.com 
192.168.1.104 hehe.aa.zhang.com

# visible name

visible_hostname cache.zhang.com


# cache config: space use 1G and memory use 256M
cache_dir ufs /usr/local/squid/cache 1024 16 256 
cache_mem 256 MB

maximum_object_size 20000 KB
maximum_object_size_in_memory 4096 KB
cache_effective_user squid
cache_effective_group squid

##
设置端口
http_port 80 vhost vport

 

#2.5版本的反向代理配置
httpd_accel_host virtual
httpd_accel_single_host off
httpd_accel_port 80
httpd_accel_uses_host_header on
httpd_accel_with_proxy on

 

#2.5以上的反向代理加速配置
#
代理到本机的80端口的服务,仅仅做为原始内容服务器
cache_peer 127.0.0.1 parent 80 0 no-query originserver


# accelerater my domain only
acl acceleratedHostA dstdomain .example1.com
acl acceleratedHostB dstdomain .example2.com
acl acceleratedHostC dstdomain .example3.com

 
# access arc
acl all src 0.0.0.0/0.0.0.0

acl QUERY urlpath_regex cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe
cache deny QUERY
# Allow requests when they are to the accelerated machine AND to the right port with right protocol
http_access allow acceleratedHostA
http_access allow acceleratedHostB
http_access allow acceleratedHostC

# log
emulate_httpd_log on
cache_store_log none

logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %

pid_filename /var/log/squid/var/logs/squid.pid
cache_access_log /usr/local/squid/log/access.log combined

cache_log /usr/local/squid/log/cache.log

pid_filename /usr/local/squid/var/logs/squid.pid

# manager
acl manager proto cache_object
http_access allow manager all
#cachemgr_passwd pass all

###配置多个服务器的代理

###cache_peer
cache_peer x.x.x.x parent 80 0 no-query originserver name=foo
cache_peer y.y.y.y parent 80 0 no-query originserver name=bar

###cache_peer_domain
cache_peer_domain foo www.carl.com
cache_peer_domain bar www.zhang.com

 acl sites dstdomain .carl.com

acl sites dstdomain .zhang.com

###cache_peer_access
cache_peer_access foo allow sites
cache_peer_access bar allow sites

http_access allow all


----------------------cut here---------------------------------

 

附加功能:

#仅仅允许80端口的代理
acl Safe_ports port 80 # http
http_access deny !Safe_ports
http_access allow all

 

#设置防图片盗链的,其中aaa,bbb分别是虚拟主机的域名,referer中必须包含有aaa或者bbb的域名才能访问图片

acl picurl url_regex -i \.bmp$ \.png$ \.jpg$ \.gif$ \.jpeg$
acl mystie1 referer_regex -i aaa
http_access allow mystie1 picurl
acl mystie2 referer_regex -i bbb
http_access allow mystie2 picurl

 

测试配置文件:

#/usr/local/squid/sbin/squid -k parse 
创建缓存目录:
/usr/local/squid/sbin/squid -z
启动squid
/usr/local/squid/sbin/squid
停止squid
/usr/local/squid/sbin/squid -k shutdown
启用新配置:
/usr/local/squid/sbin/squid -k reconfig
通过crontab每天0点截断/轮循日志:
0 0 * * * (/usr/local/squid/sbin/squid -k rotate)

 

more /usr/local/squid/var/logs/page_zs_access_log |grep TCP_MEM_HIT

该指令可以看到在squid运行过程中,有那些文件被squid缓存到内存中,并返回给访问用户

 

more /usr/local/squid/var/logs/page_zs_access_log |grep TCP_HIT

该指令可以看到在squid运行过程中,有那些文件被squid缓存到cache目录中,并返回给访问用户

 

more /usr/local/squid/var/logs/page_zs_access_log |grep TCP_MISS

该指令可以看到在squid运行过程中,有那些文件没有被squid缓存,而是现重原始服务器获取并返回给访问用户

可以查看下命中率及其他相关信息

 

#/usr/local/squid/bin/squidclient -p 80 -h localhost mgr:info

 

有的时候我们可能还想手动删除一些缓存,这也可以使用squidclient命令来实现:
/usr/local/squid/sbin/squidclient -h HOST -p PORT -m PURGE URL

 

使用简单的负载均衡:

cache_peer 192.168.1.103 parent 80 0 no-query originserver round-robin name=carl1

cache_peer 127.0.0.1 parent 80 0 no-query originserver round-robin name=carl2

cache_peer_domain carl1 www.carl.com

cache_peer_domain carl2 www.carl.com

 

  

配置实例:CentOS release 5.4环境下测试通过!

1、单域名!

 

cache_mgr jimo291@sohu.com

cache_effective_user squid

cache_effective_group squid

 

cache_mem 256 MB

cache_swap_low 90

cache_swap_high 95

cache_dir ufs /usr/local/squid/var/cache 1000 16 256

maximum_object_size 20000 KB
maximum_object_size_in_memory 4096 KB

 

cache_access_log /usr/local/squid/var/logs/access.log

cache_log /usr/local/squid/var/logs/cache.log

cache_store_log /usr/local/squid/var/logs/store.log

 

visible_hostname  test.squid.com

http_port 80 accel vhost vport

 

cache_peer 192.168.1.103 parent 80 0 no-query originserver

 

acl carl dstdomain .carl.com

acl Purge method PURGE

acl Manager proto cache_object

acl Localhost src 127.0.0.1/32

http_access allow carl

http_access allow Purge Localhost

http_access allow Manager Localhost

http_access deny Manager

http_access deny All

 

 

2、多域名!

 

cache_mgr jimo291@sohu.com

cache_effective_user squid

cache_effective_group squid

 

cache_mem 256 MB

cache_swap_low 90

cache_swap_high 95

cache_dir ufs /usr/local/squid/var/cache 1000 16 256

 

cache_access_log /usr/local/squid/var/logs/access.log

cache_log /usr/local/squid/var/logs/cache.log

cache_store_log /usr/local/squid/var/logs/store.log

 

visible_hostname  test.squid.com

http_port 80 vhost vport

 

cache_peer 192.168.1.103 parent 80 0 no-query originserver name=carl

cache_peer 127.0.0.1 parent 81 0 no-query originserver name=zhang

cache_peer_domain carl www.carl.com

cache_peer_domain zhang www.zhang.com

 

acl sites1 dstdomain .carl.com

acl sites2 dstdomain .zhang.com

acl Purge method PURGE

acl Manager proto cache_object

acl Localhost src 127.0.0.1/32

#cache_peer_access deny All

cache_peer_access carl allow sites1

cache_peer_access zhang allow sites2

http_access allow sites1

http_access allow sites2

http_access allow Purge Localhost

http_access allow Manager Localhost

http_access deny Manager

http_access deny All

 

 

squid群集:



cache_mgr jimo291@sohu.com

cache_effective_user squid

cache_effective_group squid

 

cache_mem 256 MB

cache_swap_low 90

cache_swap_high 95

cache_dir ufs /usr/local/squid/var/cache 1000 16 256

 

cache_access_log /usr/local/squid/var/logs/access.log

cache_log /usr/local/squid/var/logs/cache.log

cache_store_log /usr/local/squid/var/logs/store.log

 

visible_hostname  192.168.1.121

http_port 192.168.1.121:80 vhost vport

icp_port 3130

 

cache_peer 192.168.1.159 parent 80 0 no-query originserver  name=carl1

#cache_peer 127.0.0.1 parent 80 0 no-query originserver  name=carl2

cache_peer_domain carl1 www.carl.com

#cache_peer_domain carl2 www.carl.com

 

cache_peer 192.168.1.108 sibling 80 3130 name=cache1

cache_peer 192.168.1.121 sibling 80 3130 name=cache2

 

acl Safe_ports port 80

acl Safe_ports port 3130

acl sites dstdomain .carl.com

acl Purge method PURGE

acl Manager proto cache_object

acl Localhost src 127.0.0.1/32

#cache_peer_access carl allow sites1

#cache_peer_access zhang allow sites2

#cache_peer_access deny All

http_access allow sites

http_access allow Safe_ports

http_access allow Purge Localhost

http_access allow Manager Localhost

http_access deny Manager

http_access deny All

 

展开阅读全文
打赏
0
5 收藏
分享
打赏
0 评论
5 收藏
0
分享
返回顶部
顶部