squid緩存的初搭建

一、squid安裝：

1、yum安裝：sudo yum install squid

2、服務啓動：sudo service squid start

3、加入開機啓動：sudo chkconfig squid on

二、squid配置：

squid正向代理

在squid上配置：

acl http proto HTTP
acl allow_domain dstdomain test.vip.com
http_access allow http allow_domain
http_access deny http !allow_domain

# Recommended minimum configuration:

#

acl manager proto cache_object

acl localhost src 10.0.0.0/8

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network

acl localnet src 172.16.0.0/12  # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80          # http

#acl Safe_ports port 21         # ftp

#acl Safe_ports port 443                # https

#acl Safe_ports port 70         # gopher

#acl Safe_ports port 210                # wais

#acl Safe_ports port 1025-65535 # unregistered ports

#acl Safe_ports port 280                # http-mgmt

#acl Safe_ports port 488                # gss-http

#acl Safe_ports port 591                # filemaker

#acl Safe_ports port 777                # multiling http

acl CONNECT method CONNECT

visible_hostname mysquid

#

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

#http_access allow manager localhost

#http_access deny manager

# Deny requests to certain unsafe ports

#http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports

#http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

#http_access allow localnet

#http_access allow localhost

# And finally deny all other access to this proxy

http_access allow all

# Squid normally listens to port 3128

http_port 3128 accel vhost vport

 

#自定義允許訪問域名的ACL，協議，端口

acl http proto HTTP

acl allow_domain dstdomain test.vip.com

http_access allow http allow_domain

http_access deny http !allow_domain

cache_dir ufs /var/spool/squid 100 16 256

#設置緩存日誌文件路徑

logformat main %>a  %{%Y-%m-%d %H:%M:%S}tl  %>Hs     %<st    %ru     %{Referer}>h    %Ss:%Sh

cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

pid_filename /var/run/squid.pid

 

cache_effective_user squid

cache_effective_group squid

cache_mgr shan01.he@vipshop.com

cache_swap_low 90

cache_swap_high 95

maximum_object_size 4096 KB

maximum_object_size_in_memory 8 KB

cache_mem 3 MB

# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid

#設置針對錯誤status代碼緩存，如403、404等。如果不緩存則設置0

#negative_ttl 0 second

#設置用戶請求的HTTP頭大小

request_header_max_size 128 KB

#設置用戶的真實IP地址通過X-Forwarded-For中傳遞下去

forwarded_for on

 

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

 

squid反向代理

在squid上配置：

cache_peer xx.xx.xx.xx parent 80 0 no-query no-digest originserver name=web
#設置別名所對應的域名,如果cache_peer中使用域名而不是IP的話，那麼cache_peer_domain中一定要用相同的域名，否則無法訪問
cache_peer_domain web test.vip.com

# Recommended minimum configuration:

#

acl manager proto cache_object

acl localhost src 10.0.0.0/8

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing

# should be allowed

acl localnet src 10.0.0.0/8     # RFC1918 possible internal network

acl localnet src 172.16.0.0/12  # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80          # http

#acl Safe_ports port 21         # ftp

#acl Safe_ports port 443                # https

#acl Safe_ports port 70         # gopher

#acl Safe_ports port 210                # wais

#acl Safe_ports port 1025-65535 # unregistered ports

#acl Safe_ports port 280                # http-mgmt

#acl Safe_ports port 488                # gss-http

#acl Safe_ports port 591                # filemaker

#acl Safe_ports port 777                # multiling http

acl CONNECT method CONNECT

visible_hostname mysquid

#

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

#http_access allow manager localhost

#http_access deny manager

# Deny requests to certain unsafe ports

#http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports

#http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only

# one who can access services on "localhost" is a local user

#http_access deny to_localhost

#

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

#http_access allow localnet

#http_access allow localhost

# And finally deny all other access to this proxy

http_access allow all

# Squid normally listens to port 3128

http_port 3128 accel vhost vport

 

cache_peer xx.xx.xx.xx parent 80 0 no-query no-digest originserver name=web

#設置別名所對應的域名,如果cache_peer中使用域名而不是IP的話，那麼cache_peer_domain中一定要用相同的域名，否則無法訪問

cache_peer_domain web test.vip.com

 

cache_dir ufs /var/spool/squid 100 16 256

#設置緩存日誌文件路徑

logformat main %>a  %{%Y-%m-%d %H:%M:%S}tl  %>Hs     %<st    %ru     %{Referer}>h    %Ss:%Sh

cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

pid_filename /var/run/squid.pid

 

cache_effective_user squid

cache_effective_group squid

cache_mgr shan01.he@vipshop.com

cache_swap_low 90

cache_swap_high 95

maximum_object_size 4096 KB

maximum_object_size_in_memory 8 KB

cache_mem 3 MB

# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid

#設置針對錯誤status代碼緩存，如403、404等。如果不緩存則設置0

#negative_ttl 0 second

#設置用戶請求的HTTP頭大小

request_header_max_size 128 KB

#設置用戶的真實IP地址通過X-Forwarded-For中傳遞下去

forwarded_for on

 

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

三、測試：

squid正向代理：

squid反向代理：

四、問題：

1、訪問時出現訪問被拒絕：

解決方法：

1、代理服務器機器的DNS配置問題，代理服務器機器不能找到指定url的ip地址導致。檢查/etc/resolv.conf文件配置是否正確，如不正確添加正確的配置信息，比如說：

nameserver ###.###.###.###

nameserver ###.###.###.###

可以配置多個DNS server。

重新啓動squid服務。

2、訪問控制http_access allow all

2、使用squidclient命令出現403問題：

解決方法：在squid.conf配置中添加允許後重啓squid服務。

acl AdminBoxes src 127.0.0.1 172.16.0.1 192.168.0.1
acl Purge method PURGE
http_access allow AdminBoxes Purge
http_access deny Purge

 

squidclient基本用法：

*取得squid運行狀態信息： squidclient -p 80 mgr:info
*取得squid內存使用情況： squidclient -p 80 mgr:mem
*取得squid已經緩存的列表： squidclient -p 80 mgr:objects
*取得squid的磁盤使用情況： squidclient -p 80 mgr:diskd
*強制更新某個url：squidclient -p 80 -m PURGE http://www.php-oa.com/static.php

/usr/bin/squidclient -p 80 mgr:info 命令執行結果：

HTTP/1.0 200 OK

Server: squid/3.1.23

Mime-Version: 1.0

Date: Mon, 06 Mar 2017 12:35:46 GMT

Content-Type: text/plain

Expires: Mon, 06 Mar 2017 12:35:46 GMT

Last-Modified: Mon, 06 Mar 2017 12:35:46 GMT

X-Cache: MISS from mysquid

X-Cache-Lookup: MISS from mysquid:80

Via: 1.0 mysquid (squid/3.1.23)

Connection: close

Squid Object Cache: Version 3.1.23

Start Time:     Mon, 06 Mar 2017 12:30:06 GMT

Current Time:   Mon, 06 Mar 2017 12:35:46 GMT

Connection information for squid:

        Number of clients accessing cache:      2   訪問客戶端數量

        Number of HTTP requests received:       3   收到http 請求數量

        Number of ICP messages received:        0    收到的icp query數量 

        Number of ICP messages sent:    0    接受到的icp query數量

        Number of queued ICP replies:   0

        Number of HTCP messages received:       0

        Number of HTCP messages sent:   0

        Request failure ratio:   0.00

        Average HTTP requests per minute since start:   0.5   每分鐘http request的數量

        Average ICP messages per minute since start:    0.0

        Select loop called: 125518 times, 2.712 ms avg

Cache information for squid:

        Hits as % of all requests:      5min: 0.0%, 60min: 0.0%          #5分鐘/60分鐘 請求命中率

        Hits as % of bytes sent:        5min: 100.0%, 60min: 100.0%      #5分鐘/60分鐘 命中率，以 Byte 計算

        Memory hits as % of hit requests:       5min: 0.0%, 60min: 0.0%   內存中請求命中率

        Disk hits as % of hit requests: 5min: 0.0%, 60min: 0.0%   磁盤請求命中率

        Storage Swap size:      132 KB          cache對象佔用硬盤的存儲空間

        Storage Swap capacity:   0.1% used, 99.9% free

        Storage Mem size:       108 KB    cache對象佔用內存的存儲空間

        Storage Mem capacity:    3.6% used, 96.4% free

        Mean Object Size:       13.20 KB

        Requests given to unlinkd:      0

Median Service Times (seconds)  5 min    60 min:

        HTTP Requests (All):   0.00000  0.00000

        Cache Misses:          0.00000  0.00000

        Cache Hits:            0.00000  0.00000

        Near Hits:             0.00000  0.00000

        Not-Modified Replies:  0.00000  0.00000

        DNS Lookups:           0.00000  0.00000

        ICP Queries:           0.00000  0.00000

Resource usage for squid:

        UP Time:        340.464 seconds

        CPU Time:       0.096 seconds

        CPU Usage:      0.03%

        CPU Usage, 5 minute avg:        0.03%

        CPU Usage, 60 minute avg:       0.03%

        Process Data Segment Size via sbrk(): 3340 KB

        Maximum Resident Size: 182912 KB

        Page faults with physical i/o: 0

Memory usage for squid via mallinfo():

        Total space in arena:    3472 KB

        Ordinary blocks:         3412 KB      8 blks

        Small blocks:               0 KB      0 blks

        Holding blocks:        138212 KB     10 blks

        Free Small blocks:          0 KB

        Free Ordinary blocks:      59 KB

        Total in use:          141625 KB 100%

        Total free:                59 KB 0%

        Total size:            141684 KB

Memory accounted for:    記憶體使用狀態

        Total accounted:          196 KB 0%

        memPool accounted:        195 KB 0%

        memPool unaccounted:   141488 KB 100%

        memPoolAlloc calls:      1647

        memPoolFree calls:       1678

File descriptor usage for squid:

        Maximum number of file descriptors:   262143 #能使用的最大文件描述符

        Largest file desc currently in use:     17

        Number of file desc currently in use:   10

        Files queued for open:                   0

        Available number of file descriptors: 262133

        Reserved number of file descriptors:   100

        Store Disk files open:                   0

Internal Data Structures:

            37 StoreEntries

            27 StoreEntries with MemObjects

            26 Hot Object Cache Items

            10 on-disk objects