共计 8148 个字符,预计需要花费 21 分钟才能阅读完成。
Squid 正向代理配置过程
一、编译安装
http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.3.tar.gz
# tar xvzf squid-3.2.3.tar.gz
# cd squid-3.2.3
# ./configure –prefix=/usr/local/squid \
–enable-dlmalloc \
–enable-gnuregex \
–disable-carp \
–enable-async-io=100 \
–with-aufs-threads=32 \
–with-pthreads \
–enable-storeio=”ufs,aufs” \
–enable-removal-policies=”heap,lru” \
–enable-icmp \
–enable-htcp \
–enable-delay-pools \
–enable-useragent-log \
–enable-referer-log \
–disable-wccp \
–disable-wccpv2 \
–enable-kill-parent-hack \
–enable-arp-acl \
–disable-snmp \
–enable-default-err-language=Simplify_Chinese \
–enable-err-languages=”Simplify_Chinese English” \
–disable-poll \
–disable-select \
–enable-epoll \
–enable-auth \
–enable-auth-basic=”DB,NCSA,PAM,RADIUS,SASL” \
–with-aio \
–disable-ident-lookups \
–enable-truncate \
–enable-stacktraces \
–with-maxfd=65535 \
–disable-ipv6 \
–enable-ipf-transparent \
–enable-linux-netfilter
# make && make install
#———————————————————————————————————————————————
二、配置过程
(1)、创建相关目录及权限
# mkdir -p /data/squid/{cache,coredump,logs}
# /usr/sbin/groupadd squid
# /usr/sbin/useradd squid -g squid -s /sbin/nologin
# chmod -R 777 /data/squid/{cache,coredump,logs}
# chown -R squid:squid /data/squid/{cache,coredump,logs}
(2)、配置文件内容
# vim /usr/local/squid/etc/squid.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | http_port 内网口 IP:8080 cache_effective_user squidcache_effective_group squid cache_mem 2048 MBcache_swap_low 90cache_swap_high 95 ipcache_size 1024ipcache_low 90ipcache_high 95 cache_replacement_policy lrumemory_replacement_policy lru cache_dir aufs /data/squid/cache 20480 16 256coredump_dir /data/squid/coredump memory_pools_limit 1024 MBmax_open_disk_fds 0minimum_object_size 0 KBmaximum_object_size 32768 KBmaximum_object_size_in_memory 2048 KB access_log /dev/nullcache_access_log none cache_log /dev/nullcache_store_log none cache_swap_log /data/squid/logs/swap.log logfile_rotate 1pid_filename /usr/local/squid/var/logs/squid.pid cache_mgr lovezym5@126.comstrip_query_terms offvisible_hostname ProxySrverror_directory /usr/local/squid/share/errors/zh-cn request_header_max_size 64 KBrequest_body_max_size 0 KB negative_ttl 5 minutesread_timeout 1 minutesclient_lifetime 10 minutesconnect_timeout 1 minutepeer_connect_timeout 30 secondsrequest_timeout 2 minutespersistent_request_timeout 1 minute client_persistent_connections offserver_persistent_connections ontcp_recv_bufsize 65535 byteshalf_closed_clients offhttpd_suppress_version_string offie_refresh offallow_underscore on refresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern . 0 20% 4320 dns_nameservers DNS 服务器 IP acl OverConnLimit maxconn 300http_access deny OverConnLimit acl our_network src 192.168.0.0/16http_access allow our_network acl SSL_ports port 443acl CONNECT method CONNECThttp_access deny CONNECT !SSL_ports request_header_access Via deny allrequest_header_access X-Forwarded-For deny all |
(3)、检查配置是否正确
# /usr/local/squid/sbin/squid -k parse
#———————————————————————————————————————————————
三、启动脚本
# vim /etc/init.d/squid
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 | #!/bin/sh##squid - this script start and stop the squid daemon## chkconfig: - 90 25# description: squid is a pagecache reverse proxy.# processname: squid# pidfile: /usr/local/squid/var/logs/squid.pid# config: /usr/local/squid/etc/squid.conf#PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin BINFILE="/usr/local/squid/sbin/squid"CFGFILE="/usr/local/squid/etc/squid.conf"PIDFILE="/usr/local/squid/var/logs/squid.pid"LOCKFILE="/var/lock/squid.lock"CACHEPATH="/data/squid/cache"OUTFILE="/data/squid/logs/squid.out" SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100} [[-f $BINFILE]] && SQUID="${BINFILE}" CACHE_SWAP=`sed -e 's/#.*//g' ${CFGFILE} | grep cache_dir | awk '{print $3}'`[-z "$CACHE_SWAP" ] && CACHE_SWAP="${CACHEPATH}" RETVAL=0 start() { if [[! -f ${CFGFILE} ]]; then echo "The configuration file: ${CFGFILE} has no found!" 1>&2 exit 6 fi SQUID_OPTS="-s -f ${CFGFILE}" [[-z "$SQUID" ]] && echo "Insufficient privilege" 1>&2 && exit 4 for adir in $CACHE_SWAP do if [[! -d $adir/00 ]]; then echo -n "init_cache_dir $adir" $SQUID -z -F -D >> ${OUTFILE} 2>&1 fi done echo -n "Starting squid..." $SQUID $SQUID_OPTS >> ${OUTFILE} 2>&1 RETVAL=$? if [[$RETVAL -eq 0 ]]; then timeout=0; while : do [[! -f ${PIDFILE} ]] || break [[$timeout -ge $SQUID_PIDFILE_TIMEOUT ]] && RETVAL=1 && break sleep 1 && echo -n "." timeout=$((timeout+1)) done fi echo "" [[$RETVAL -eq 0 ]] && touch ${LOCKFILE} [[$RETVAL -eq 0 ]] && echo "start squid is ok!" [[$RETVAL -ne 0 ]] && echo "start squid is failed!" return $RETVAL} stop() { SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100} echo -n "Stopping squid..." $SQUID -k check >> ${OUTFILE} 2>&1 RETVAL=$? if [[$RETVAL -eq 0 ]]; then $SQUID -k shutdown & rm -f ${LOCKFILE} timeout=0 while : do [[-f ${PIDFILE} ]] || break [[$timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]] && echo "" && return 1 sleep 2 && echo -n "." timeout=$((timeout+2)) done echo "" echo "Stop squid is ok!" else echo "" echo "Stop squid is failed!" [[! -e ${LOCKFILE} ]] && RETVAL=0 fi return $RETVAL} restart() { stop sleep 1 start} case "$1" instart) start ;; stop) stop ;; reload) SQUID_OPTS=${SQUID_OPTS:-"-D"} $SQUID -k reconfigure -f ${CFGFILE} ;; restart) restart ;; condrestart) [[-e ${LOCKFILE} ]] && restart || : ;; *) echo $"Usage: $0 {start|stop|reload|restart|condrestart}" exit 2esac exit $? |
# chmod 700 /etc/init.d/squid
# chkconfig –add squid
# service squid start
#———————————————————————————————————————————————
四、squid 健康检查
# vim /data/scripts/check_squid.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | #!/bin/shPATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin PORT='8080'ETH1_ADDR=`/sbin/ifconfig eth1 | awk -F ':' '/inet addr/{print $2}' | sed 's/[a-zA-Z]//g'` if [[! -e /usr/local/squid/sbin/squid ]]; then echo "The squid service has no been installed ^_^" exit 1fi # 服务挂掉的情况 retval=`ps aux | grep 'sbin/squi[d]' | wc -l`if [[${retval} -eq 0 ]]; then /sbin/service squid restart >/dev/null 2>&1 exit 0fi ## 服务僵死的情况 retval=`/usr/local/squid/bin/squidclient -s -h ${ETH1_ADDR} -p ${PORT}`if [["${retval}X" != "X" ]]; then /sbin/service squid restart >/dev/null 2>&1fi |
# crontab -e
*/5 * * * * /data/scripts/check_squid.sh
#———————————————————————————————————————————————
五、测试
curl -I -s -x http:// 代理服务 IP:8080 www.qq.com
配置 Squid 代理 http 和 rsync http://www.linuxidc.com/Linux/2013-05/84642.htm
Squid:实现高速的 Web 访问 http://www.linuxidc.com/Linux/2013-04/83512.htm
CentOS 6.2 编译安装 Squid 配置反向代理服务器 http://www.linuxidc.com/Linux/2012-11/74529.htm
简单配置 Squid 代理和反向代理 http://www.linuxidc.com/Linux/2014-04/99465.htm
CentOS 6.4 下 DNS+Squid+Nginx+MySQL 搭建高可用 Web 服务器 http://www.linuxidc.com/Linux/2014-04/99984.htm
Squid 的详细介绍 :请点这里
Squid 的下载地址 :请点这里
本文永久更新链接地址 :http://www.linuxidc.com/Linux/2015-09/123066.htm
