反向代理(反向加速代理)
1對1
[web]---[squid]----internet
client
192.168.1.8 192.168.1.249 192.168.2.249 192.168.2.2
8080
squid server
需要有公網IP,需要在DNS上做好web服務域名和IP的對應關係:
www.51cto.com ---- 192.168.2.249
1、安裝squid軟件包
yum -y install squid
2、配置squid
574 acl all src 0.0.0.0/0.0.0.0
637 #http_access deny all
638 http_access allow all
639
921 http_port 80 accel vhost vport
accel 表示反向加速模式使用
vhost 在使用accel時,至少要加vhost,表示後面web服務器是基於域名的虛擬主機。
vport 如果後端 的web服務器是基於ip的虛擬主機,則使用
1183 cache_peer 192.168.1.8 parent 8080 0 originserver
3、啓動squid(80端口已經被佔用,如apache)
[root@localhost spool]# netstat -tnlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21040/(squi
4、客戶端驗證
訪問 squid的外網卡的80端口,看是否可以訪問到內部的web服務器的頁面信息
]# ab -n 1000 -c 1000 http://192.168.2.249/index.html
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.2.249 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Finished 1000 requests
Server Software: Apache/2.2.3
Server Hostname: 192.168.2.249
Server Port: 80
Document Path: /index.html
Document Length: 17 bytes
Concurrency Level: 1000
Time taken for tests: 0.483220 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 436000 bytes
HTML transferred: 17000 bytes
Requests per second: 2069.45 [#/sec] (mean)
Time per request: 483.220 [ms] (mean)
Time per request: 0.483 [ms] (mean, across all concurrent requests)
Transfer rate: 879.52 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 1 70 41.2 70 148
Processing: 45 177 79.2 175 384
Waiting: 44 175 78.8 174 384
Total: 58 247 91.7 276 385
Percentage of the requests served within a certain time (ms)
50% 276
66% 307
75% 319
80% 326
90% 348
95% 379
98% 384
99% 385
100% 385 (longest request)
1對多
後端 web服務器是相同內容
squid server
需要有公網IP,需要在DNS上做好web服務域名和IP的對應關係:
後端 web服務器是相同內容
192.168.1.8:8080 \
192.168.1.15:800 - squid----------------client
192.168.1.34:80 /
192.168.1.249 192.168.2.2
192.168.2.249
做DNS解析時: www.51cto.com ---- 192.168.2.249
1、安裝squid軟件包
yum -y install squid
2、配置squid
574 acl all src 0.0.0.0/0.0.0.0
637 #http_access deny all
638 http_access allow all
639
921 http_port 80 accel vhost vport
accel 表示反向加速模式使用
vhost 在使用accel時,至少要加vhost,表示後面web服務器是基於域名的虛擬主機。
vport 如果後端 的web服務器是基於ip的虛擬主機,則使用
#cache_peer 192.168.1.8 parent 8080 0 originserver
cache_peer 192.168.1.8 parent 8080 0 round-robin
cache_peer 192.168.1.15 parent 800 0 round-robin
cache_peer 192.168.1.34 parent 80 0 round-robin
3、啓動squid(80端口已經被佔用,如apache)
[root@localhost spool]# netstat -tnlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21040/(squid)
4、客戶端測試
]# elinks -dump http://192.168.2.249/
後端 web服務器是不相同內容
後端 web服務器是不相同內容
51cto1 192.168.1.8:8080 \
51cto2 192.168.1.34:800 - squid----------------client
51cto3 192.168.1.15:80 /
192.168.1.249 192.168.2.2
192.168.2.249
做DNS解析時: www.51cto1.com ---- 192.168.2.249
www.51cto2.com ---- 192.168.2.249
www.51cto3.com ---- 192.168.2.249
注意:如果不想搭建DNS,請在客戶端/etc/hosts文件中暫時定義測試一下
1、安裝squid軟件包
yum -y install squid
2、配置squid
574 acl all src 0.0.0.0/0.0.0.0
637 #http_access deny all
638 http_access allow all
639
921 http_port 80 accel vhost vport
accel 表示反向加速模式使用
vhost 在使用accel時,至少要加vhost,表示後面web服務器是基於域名的虛擬主機。
vport 如果後端 的web服務器是基於ip的虛擬主機,則使用
#cache_peer hostname type http-port icp-port [options]
##
#cache_peer 192.168.1.8 parent 8080 0 originserver
#cache_peer 192.168.1.8 parent 8080 0 round-robin weight=1
#cache_peer 192.168.1.15 parent 800 0 round-robin weight=1
#cache_peer 192.168.1.34 parent 80 0 round-robin weight=1
cache_peer 192.168.1.8 parent 8080 0 originserver name=51cto1
cache_peer 192.168.1.34 parent 80 0 originserver name=51cto2
cache_peer 192.168.1.15 parent 800 0 originserver name=51cto3
#cache_peer_domain cache-host domain [domain ...]
cache_peer_domain 51cto1 www.51cto1.com
cache_peer_domain 51cto2 www.51cto2.com
cache_peer_domain 51cto3 www.51cto3.com
cache_peer_access 51cto1 allow all
cache_peer_access 51cto2 allow all
cache_peer_access 51cto3 allow all
#注意這裏的all是已經定義的acl名稱,表示允許所有ip的客戶端訪問51cto1,51cto2,51cto3
# cache_peer_access cache-host allow|deny [!]aclname ...
3、啓動squid(80端口已經被佔用,如apache)
service squid restart
[root@localhost spool]# netstat -tnlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21040/(squid)
4、客戶端測試(的確可以通過域名訪問到後端的對應的web服務器)
[root@localhost ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.2.249 www.51cto1.com
192.168.2.249 www.51cto2.com
192.168.2.249 www.51cto3.com
]# elinks -dump http://www.51cto1.com/
]# elinks -dump http://www.51cto2.com/
]# elinks -dump http://www.51cto3.com/
[root@localhost ~]# elinks -dump http://www.51cto1.com/
Welcome to 192.168.1.8:8080
[root@localhost ~]# elinks -dump http://www.51cto2.com/
192.168.1.34
[root@localhost ~]# elinks -dump http://www.51cto3.com/
welcome to 192.168.1.15