一、squid安裝:
1、yum安裝:sudo yum install squid
2、服務啓動:sudo service squid start
3、加入開機啓動:sudo chkconfig squid on
二、squid配置:
squid正向代理
在squid上配置:
acl http proto HTTP
acl allow_domain dstdomain test.vip.com
http_access allow http allow_domain
http_access deny http !allow_domain
#
Recommended minimum configuration: # acl
manager proto cache_object acl
localhost src 10.0 . 0.0 / 8 acl
to_localhost dst 127.0 . 0.0 / 8
0.0 . 0.0 / 32
:: 1 #
Example rule allowing access from your local networks. #
Adapt to list your (internal) IP networks from where browsing #
should be allowed acl
localnet src 10.0 . 0.0 / 8
# RFC1918 possible internal network acl
localnet src 172.16 . 0.0 / 12
# RFC1918 possible internal network acl
localnet src 192.168 . 0.0 / 16
# RFC1918 possible internal network acl
localnet src fc00::/ 7
# RFC 4193
local private
network range acl
localnet src fe80::/ 10
# RFC 4291
link-local (directly plugged) machines acl
SSL_ports port 443 acl
Safe_ports port 80
# http #acl
Safe_ports port 21
# ftp #acl
Safe_ports port 443
# https #acl
Safe_ports port 70
# gopher #acl
Safe_ports port 210
# wais #acl
Safe_ports port 1025 - 65535
# unregistered ports #acl
Safe_ports port 280
# http-mgmt #acl
Safe_ports port 488
# gss-http #acl
Safe_ports port 591
# filemaker #acl
Safe_ports port 777
# multiling http acl
CONNECT method CONNECT visible_hostname
mysquid # #
Recommended minimum Access Permission configuration: # #
Only allow cachemgr access from localhost #http_access
allow manager localhost #http_access
deny manager #
Deny requests to certain unsafe ports #http_access
deny !Safe_ports #
Deny CONNECT to other than secure SSL ports #http_access
deny CONNECT !SSL_ports #
We strongly recommend the following be uncommented to protect innocent #
web applications running on the proxy server who think the only #
one who can access services on "localhost"
is a local user #http_access
deny to_localhost # #
INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # #
Example rule allowing access from your local networks. #
Adapt localnet in the ACL section to list your (internal) IP networks #
from where browsing should be allowed #http_access
allow localnet #http_access
allow localhost #
And finally
deny all other access to this
proxy http_access
allow all #
Squid normally listens to port 3128 http_port
3128
accel vhost vport #自定義允許訪問域名的ACL,協議,端口 acl
http proto HTTP acl
allow_domain dstdomain test.vip.com http_access
allow http allow_domain http_access
deny http !allow_domain cache_dir
ufs /var/spool/squid 100
16
256 #設置緩存日誌文件路徑 logformat
main %>a %{%Y-%m-%d %H:%M:%S}tl %>Hs %<st %ru %{Referer}>h %Ss:%Sh cache_access_log
/var/log/squid/access.log cache_log
/var/log/squid/cache.log cache_store_log
/var/log/squid/store.log pid_filename
/var/run/squid.pid cache_effective_user
squid cache_effective_group
squid cache_mgr
shan01.he @vipshop .com cache_swap_low
90 cache_swap_high
95 maximum_object_size
4096
KB maximum_object_size_in_memory
8
KB cache_mem
3
MB #
Leave coredumps in the first cache dir coredump_dir
/var/spool/squid #設置針對錯誤status代碼緩存,如 403 、 404 等。如果不緩存則設置 0 #negative_ttl
0
second #設置用戶請求的HTTP頭大小 request_header_max_size
128
KB #設置用戶的真實IP地址通過X-Forwarded-For中傳遞下去 forwarded_for
on #
Add any of your own refresh_pattern entries above these. refresh_pattern
^ftp: 1440
20 %
10080 refresh_pattern
^gopher: 1440
0 %
1440 refresh_pattern
-i (/cgi-bin/|\?) 0
0 %
0 refresh_pattern
. 0
20 %
4320 |
squid反向代理
在squid上配置:
cache_peer xx.xx.xx.xx parent 80 0 no-query no-digest originserver name=web
#設置別名所對應的域名,如果cache_peer中使用域名而不是IP的話,那麼cache_peer_domain中一定要用相同的域名,否則無法訪問
cache_peer_domain web test.vip.com
#
Recommended minimum configuration: # acl
manager proto cache_object acl
localhost src 10.0 . 0.0 / 8 acl
to_localhost dst 127.0 . 0.0 / 8
0.0 . 0.0 / 32
:: 1 #
Example rule allowing access from your local networks. #
Adapt to list your (internal) IP networks from where browsing #
should be allowed acl
localnet src 10.0 . 0.0 / 8
# RFC1918 possible internal network acl
localnet src 172.16 . 0.0 / 12
# RFC1918 possible internal network acl
localnet src 192.168 . 0.0 / 16
# RFC1918 possible internal network acl
localnet src fc00::/ 7
# RFC 4193
local private
network range acl
localnet src fe80::/ 10
# RFC 4291
link-local (directly plugged) machines acl
SSL_ports port 443 acl
Safe_ports port 80
# http #acl
Safe_ports port 21
# ftp #acl
Safe_ports port 443
# https #acl
Safe_ports port 70
# gopher #acl
Safe_ports port 210
# wais #acl
Safe_ports port 1025 - 65535
# unregistered ports #acl
Safe_ports port 280
# http-mgmt #acl
Safe_ports port 488
# gss-http #acl
Safe_ports port 591
# filemaker #acl
Safe_ports port 777
# multiling http acl
CONNECT method CONNECT visible_hostname
mysquid # #
Recommended minimum Access Permission configuration: # #
Only allow cachemgr access from localhost #http_access
allow manager localhost #http_access
deny manager #
Deny requests to certain unsafe ports #http_access
deny !Safe_ports #
Deny CONNECT to other than secure SSL ports #http_access
deny CONNECT !SSL_ports #
We strongly recommend the following be uncommented to protect innocent #
web applications running on the proxy server who think the only #
one who can access services on "localhost"
is a local user #http_access
deny to_localhost # #
INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # #
Example rule allowing access from your local networks. #
Adapt localnet in the ACL section to list your (internal) IP networks #
from where browsing should be allowed #http_access
allow localnet #http_access
allow localhost #
And finally
deny all other access to this
proxy http_access
allow all #
Squid normally listens to port 3128 http_port
3128
accel vhost vport cache_peer
xx.xx.xx.xx
parent 80
0
no-query no-digest originserver name=web #設置別名所對應的域名,如果cache_peer中使用域名而不是IP的話,那麼cache_peer_domain中一定要用相同的域名,否則無法訪問 cache_peer_domain
web test.vip.com cache_dir
ufs /var/spool/squid 100
16
256 #設置緩存日誌文件路徑 logformat
main %>a %{%Y-%m-%d %H:%M:%S}tl %>Hs %<st %ru %{Referer}>h %Ss:%Sh cache_access_log
/var/log/squid/access.log cache_log
/var/log/squid/cache.log cache_store_log
/var/log/squid/store.log pid_filename
/var/run/squid.pid cache_effective_user
squid cache_effective_group
squid cache_mgr
shan01.he @vipshop .com cache_swap_low
90 cache_swap_high
95 maximum_object_size
4096
KB maximum_object_size_in_memory
8
KB cache_mem
3
MB #
Leave coredumps in the first cache dir coredump_dir
/var/spool/squid #設置針對錯誤status代碼緩存,如 403 、 404 等。如果不緩存則設置 0 #negative_ttl
0
second #設置用戶請求的HTTP頭大小 request_header_max_size
128
KB #設置用戶的真實IP地址通過X-Forwarded-For中傳遞下去 forwarded_for
on #
Add any of your own refresh_pattern entries above these. refresh_pattern
^ftp: 1440
20 %
10080 refresh_pattern
^gopher: 1440
0 %
1440 refresh_pattern
-i (/cgi-bin/|\?) 0
0 %
0 refresh_pattern
. 0
20 %
4320 |
三、測試:
squid正向代理:
squid反向代理:
四、問題:
1、訪問時出現訪問被拒絕:
解決方法:
1、代理服務器機器的DNS配置問題,代理服務器機器不能找到指定url的ip地址導致。檢查/etc/resolv.conf文件配置是否正確,如不正確添加正確的配置信息,比如說:
nameserver ###.###.###.###
nameserver ###.###.###.###
可以配置多個DNS server。
重新啓動squid服務。
2、訪問控制http_access allow all
2、使用squidclient命令出現403問題:
解決方法:在squid.conf配置中添加允許後重啓squid服務。
acl AdminBoxes src 127.0.0.1 172.16.0.1 192.168.0.1
acl Purge method PURGE
http_access allow AdminBoxes Purge
http_access deny Purge
squidclient基本用法:
*取得squid運行狀態信息: squidclient -p 80 mgr:info
*取得squid內存使用情況: squidclient -p 80 mgr:mem
*取得squid已經緩存的列表: squidclient -p 80 mgr:objects
*取得squid的磁盤使用情況: squidclient -p 80 mgr:diskd
*強制更新某個url:squidclient -p 80 -m PURGE http://www.php-oa.com/static.php
/usr/bin/squidclient -p 80 mgr:info 命令執行結果:
HTTP/ 1.0
200
OK Server:
squid/ 3.1 . 23 Mime-Version:
1.0 Date:
Mon, 06
Mar 2017
12 : 35 : 46
GMT Content-Type:
text/plain Expires:
Mon, 06
Mar 2017
12 : 35 : 46
GMT Last-Modified:
Mon, 06
Mar 2017
12 : 35 : 46
GMT X-Cache:
MISS from mysquid X-Cache-Lookup:
MISS from mysquid: 80 Via:
1.0
mysquid (squid/ 3.1 . 23 ) Connection:
close Squid
Object Cache: Version 3.1 . 23 Start
Time: Mon, 06
Mar 2017
12 : 30 : 06
GMT Current
Time: Mon, 06
Mar 2017
12 : 35 : 46
GMT Connection
information for
squid: Number
of clients accessing cache: 2
訪問客戶端數量 Number
of HTTP requests received: 3
收到http 請求數量 Number
of ICP messages received: 0
收到的icp query數量 Number
of ICP messages sent: 0
接受到的icp query數量 Number
of queued ICP replies: 0 Number
of HTCP messages received: 0 Number
of HTCP messages sent: 0 Request
failure ratio: 0.00 Average
HTTP requests per minute since start: 0.5
每分鐘http request的數量 Average
ICP messages per minute since start: 0.0 Select
loop called: 125518
times, 2.712
ms avg Cache
information for
squid: Hits
as % of all requests: 5min: 0.0 %,
60min: 0.0 %
# 5 分鐘/ 60 分鐘
請求命中率 Hits
as % of bytes sent: 5min: 100.0 %,
60min: 100.0 %
# 5 分鐘/ 60 分鐘
命中率,以 Byte 計算 Memory
hits as % of hit requests: 5min: 0.0 %,
60min: 0.0 %
內存中請求命中率 Disk
hits as % of hit requests: 5min: 0.0 %,
60min: 0.0 %
磁盤請求命中率 Storage
Swap size: 132
KB cache對象佔用硬盤的存儲空間 Storage
Swap capacity: 0.1 %
used, 99.9 %
free Storage
Mem size: 108
KB cache對象佔用內存的存儲空間 Storage
Mem capacity: 3.6 %
used, 96.4 %
free Mean
Object Size: 13.20
KB Requests
given to unlinkd: 0 Median
Service Times (seconds) 5
min 60
min: HTTP
Requests (All): 0.00000
0.00000 Cache
Misses: 0.00000
0.00000 Cache
Hits: 0.00000
0.00000 Near
Hits: 0.00000
0.00000 Not-Modified
Replies: 0.00000
0.00000 DNS
Lookups: 0.00000
0.00000 ICP
Queries: 0.00000
0.00000 Resource
usage for
squid: UP
Time: 340.464
seconds CPU
Time: 0.096
seconds CPU
Usage: 0.03 % CPU
Usage, 5
minute avg: 0.03 % CPU
Usage, 60
minute avg: 0.03 % Process
Data Segment Size via sbrk(): 3340
KB Maximum
Resident Size: 182912
KB Page
faults with physical i/o: 0 Memory
usage for
squid via mallinfo(): Total
space in arena: 3472
KB Ordinary
blocks: 3412
KB 8
blks Small
blocks: 0
KB 0
blks Holding
blocks: 138212
KB 10
blks Free
Small blocks: 0
KB Free
Ordinary blocks: 59
KB Total
in use: 141625
KB 100 % Total
free: 59
KB 0 % Total
size: 141684
KB Memory
accounted for :
記憶體使用狀態 Total
accounted: 196
KB 0 % memPool
accounted: 195
KB 0 % memPool
unaccounted: 141488
KB 100 % memPoolAlloc
calls: 1647 memPoolFree
calls: 1678 File
descriptor usage for
squid: Maximum
number of file descriptors: 262143
#能使用的最大文件描述符 Largest
file desc currently in use: 17 Number
of file desc currently in use: 10 Files
queued for
open: 0 Available
number of file descriptors: 262133 Reserved
number of file descriptors: 100 Store
Disk files open: 0 Internal
Data Structures: 37
StoreEntries 27
StoreEntries with MemObjects 26
Hot Object Cache Items 10
on-disk objects |