基於Squid的反向加速多個WEB伺服器
基於Squid的反向加速多個WEB伺服器[安裝文檔]
出處
基於Squid的反向加速多個WEB伺服器
Step I - Downloading and compiling Squid
Wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE13.tar.gz
# tar zxvf squid-2.5.STABLE13.tar.gz
# cd squid-2.5.STABLE13
# vi config.sh
寫入內容如下:
代碼:
#!/bin/bash
SQUID_ROOT="/Data/apps/squid"
./configure --prefix=$SQUID_ROOT \
--enable-useragent-log \
--enable-referer-log \
--enable-default-err-language=Simplify_Chinese \
--enable-err-languages="Simplify_Chinese English" \
--disable-internal-dns
# sh config.sh
# make
# make install
Step II - Basic Configuration
# cd /Data/apps/squid/
# mkdir cache
# chown squid.squid *
A、 在/etc/hosts中:加入內部的DNS解析,比如:
61.135.132.176 www.sohu.com
202.108.33.32 www.sina.com
202.108.9.16 www.163.com
202.108.12.68 www.tom.com
B、vi /Data/apps/squid/etc/squid.conf
詳見附件,重點都在這裡了
Step III - Starting Squid
A、創建緩存目錄
# ./squid –z
B、測試Squid運行狀況
# ./ squid –NCd1
成功后將出現"Ready to serve requests".否則請檢查配置文件
C、建立Squid啟動腳本
# cd /etc/rc.local
#vi squid.sh
代碼:
#!/bin/sh
# if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then
# echo "$0: Cannot determine the PREFIX" >&2
# exit 1
# fi
case "$1" in
start)
if [ -x /Data/apps/squid/sbin/squid -a -f /Data/apps/squid/etc/squid.conf ]; then
(cd /Data/apps/squid/var/logs; /Data/apps/squid/sbin/squid >/dev/null 2>&1 &) ; echo -n ' squid'
fi
;;
stop)
/Data/apps/squid/sbin/squid -k shutdown 2>&1
# Uncomment this if you'd like the system to (attempt to
# wait for) squid to shut down cleanly
#echo "Sleeping for 45 seconds to allow squid to shutdown.."
#sleep 45
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
;;
esac
exit 0
啟動squid
/etc/rc.local/squid.sh start 啟動squid
/etc/rc.d/squid.sh stop 停止squid
啟用新配置:
/Data/apps/squid/sbin/squid -k reconfig
通過crontab每天0點截斷/輪循日誌:
0 0 * * * (/Data/apps/squid/sbin/squid -k rotate)
停止squid:
《解決方案》
基於Squid的反向加速多個WEB伺服器[配置文檔]
出處
#Support for External functions
##############
# Auth
############
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
#Tuning the Squid Cache
###############
#refresh_pattern
#控制對象的超時時間
################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern -i \.gif$ 10 1000% 10 ignore-reload
refresh_pattern -i \.jpg$ 10 1000% 10 ignore-reload
refresh_pattern -i \.png$ 10 1000% 10 ignore-reload
refresh_pattern -i \.bmp$ 10 1000% 10 ignore-reload
refresh_pattern -i \.css$ 10 50% 60 reload-into-ims
refresh_pattern -i \.js$ 10 50% 60 reload-into-ims
refresh_pattern -i \.htm$ 5 50% 10 reload-into-ims
refresh_pattern -i \.shtm$ 5 50% 10 reload-into-ims
refresh_pattern -i \.html$ 5 50% 10 reload-into-ims
#refresh_pattern -i \.aspx$ 5 50% 10 reload-into-ims
quick_abort_min 0 KB
quick_abort_max 0 KB
range_offset_limit -1 KB
###negative_ttl 30 seconds
# Timeouts
# forward_timeout 4 minutes
forward_timeout 20 seconds
# connect_timeout 1 minute
connect_timeout 15 seconds
# read_timeout 15 minutes
read_timeout 3 minutes
# request_timeout 5 minutes
request_timeout 1 minutes
# persistent_request_timeout 1 minute
persistent_request_timeout 15 seconds
# client_lifetime 1 day
client_lifetime 15 minutes
# pconn_timeout 120 seconds
# shutdown_lifetime 30 seconds
shutdown_lifetime 5 seconds
# Administrative parameters
#設置管理信息
visible_hostname cachebj.csdn.net
#cachemgr_passwd csdnadmin all
#設置運行時的用戶和組許可權
cache_effective_user squid
cache_effective_group squid
# Peer cache servers and Squid hierarchy
#hierarchy_stoplist cgi-bin ?
###acl QUERY urlpath_regex cgi-bin \?
#acl QUERY urlpath_regex \?
#no_cache deny QUERY
#Cache size
#設置squid用戶hot object的物理內存的大小以及設置cache目錄
cache_mem 512 MB
maximum_object_size 32768 KB
maximum_object_size_in_memory 512 KB
#Swap性能微調
half_closed_clients off
cache_swap_high 95%
cache_swap_low 80%
maximum_object_size 1024 KB
###cache_replacement_policy heap GDSF
###memory_replacement_policy heap GDSF
#Log file path names and cache directories
cache_dir ufs /Data/apps/squid/cache 40960 56 256
###cache_dir null /Data/apps/squid/cache
coredump_dir /Data/apps/squid/cache
#對日誌文件和pid文件位置進行設置
#cache_access_log /Data/apps/squid/var/logs/access.log
###cache_access_log none
cache_log /Data/apps/squid/var/logs/cache.log
###cache_log /dev/null
###useragent_log /opt/itc/squid/logs/useragent.log
cache_store_log none
emulate_httpd_log on
# logfile_rotate 10
logfile_rotate 0
#pid_filename /Data/apps/squid/var/logs/squid.pid
# TAG: relaxed_header_parser on|off|warn
# relaxed_header_parser on
# Delaypool parameters (all require delay_pools compilation options)
#####
#Tag Name strip_query_terms
#Usage strip_query_terms on|off
#Description
#Squid by default does not log query parameters.
#These parameters are however forwarded to the server verbatim.
#If we want to enable logging of query parameters, the strip_query_terms
#directive can be used .
#By default, Squid strips query terms from requested URLs before logging.
#This protects your user's privacy
#Default strip_query_terms on
strip_query_terms off
client_persistent_connections off
# if need "long" connection set it to on
server_persistent_connections on
# Tag Name dns_children
#Usage dns_children number (1 to 32)
#Description
#The number of processes spawn to service DNS name lookups are specified here.
#For heavily loaded caches on large servers, There is probably need to increase
#this value to at least 10. The maximum is 32. The default is 5. This option is
#only available if Squid is rebuilt with the --disable-internal-dns option. The
#number of processes increases, the performance of DNS lookups also increases.
#It is recommended to use maximum child processes (32).
#
dns_children 5
#dns_nameservers 202.99.8.1
####
# Network
http_port 80
# Access controls
####
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl Srvip dst 211.100.23.0/24 61.135.131.0/24 202.108.33.32/24 202.108.9.0/24 202.108.12.0/24
acl Srvdm dstdomain .sina.com .sohu.com .163.com .tom.com
acl to_localhost dst 127.0.0.0/8 61.135.170.231/255.255.255.255
acl purgehost src 127.0.0.0/8 61.135.170.231/255.255.255.255
acl purgemethod method PURGE
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl CONNECT method CONNECT
###always_direct allow Srvdm
###never_direct allow !Srvdm
http_access allow manager localhost
http_access deny manager
http_access allow purgemethod purgehost
http_access deny !Safe_ports
http_access deny CONNECT all
http_access allow localhost
http_access allow Srvip
http_access allow Srvdm
http_access deny all
# http_reply_access allow all
icp_access deny all
#透明代理設置
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# Miscellaneous
tcp_recv_bufsize 4096 bytes
client_db off
# reload_into_ims off
《解決方案》
Squid反向代理N個後台WEB實現說明
出處
1. Squid反向代理單個後台WEB伺服器
A、如果WEB伺服器和反向代理伺服器是兩台單獨的機器(一般的反向代理應該有兩塊網卡分別連接了內外部網路)。那麼,應該修改下面的內容來設置反向代理服務。
http_port 80 # squid監聽的埠
httpd_accel_host 192.168.0.100 # 內部WEB伺服器的IP地址
httpd_accel_port 80 # WEB伺服器的IP地址
httpd_accel_single_host on # 轉發為緩衝的請求到一台單獨的機器
httpd_accel_with_proxy on #
httpd_accel_uses_host_header off
B、如果WEB伺服器和反向代理伺服器是同一台機器。那麼,應該設置WEB伺服器的監聽埠為非80埠(比如:81埠)。要修改的內容如下:
http_port 80 # squid監聽的埠
httpd_accel_host localhost # 內部WEB伺服器的IP地址
httpd_accel_port 81 # WEB伺服器的IP地址
httpd_accel_single_host on # 轉發為緩衝的請求到一台單獨的機器
httpd_accel_with_proxy on #
httpd_accel_uses_host_header off
下面解釋一下配置指令。
http_port 80
選項 http_port 指定squid監聽HTTP請求的埠,一般都設置成80埠,這樣使用戶感覺不到反向代理的存在,就像訪問真正的WEB伺服器一樣。
httpd_accel_host 192.168.0.100 和 httpd_accel_port 80
選項httpd_accel_host 和 httpd_accel_port 指定WEB伺服器的IP地址和埠號,可以根據自己的WEB伺服器的實際情況而定。
httpd_accel_single_host on
選項httpd_accel_single_host 為on 時,squid被設置成僅對單一的web伺服器作反向代理。不考慮HTTP頭信息,Squid轉發所有的為被緩衝的頁面請求到這個web伺服器。如果squid需要做多個web伺服器反向代理,必須將此選項設置為off,並且使用轉向器或者DNS去映射請求到合適的後台WEB伺服器。
httpd_accel_with_proxy on
如果希望squid既作反向代理伺服器又作本地機器的上網代理,需要將httpd_accel_with_proxy 改為 on,默認情況下是off
httpd_accel_uses_host_header off
在HTTP協議1.1中,HTTP請求包括一個主機頭信息,指定URL的主機名或者主機的IP地址。這個選項可以用來完成多個後台WEB伺服器的反向代理功能。
2. Squid反向代理多個後台WEB伺服器
我們可以用Squid反向代理多個後台WEB伺服器。例如:我們可以配置squid同時反向代理www.xxx.com, www.yyy.com, www.zzz.com三個後台WEB伺服器,
Squid的配置如下:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_uses_host_header on
注意:編譯Squid時需激活Internal DNS選項: --disable-internal-dns
然後設置設置反響代理需要的域名解析(加入hosts)如下:
www.xxx.com 111.222.333.444
www.yyy.com 111.222.333.444
www.zzz.com 111.222.333.444
使三個域名都指向反向代理伺服器的IP地址111.222.333.444。
下面設置反向代理所需要的DNS入口信息(即設置內部DNS,僅僅是squid在內部使用,Internet用戶不可見)。有兩種方法可以設置內部DNS,使用內部DNS伺服器來解析或者使用/etc/hosts文件來實現。
使用內部DNS伺服器的資源記錄如下:
www.xxx.com IN A 192.168.0.101
www.yyy.com IN A 192.168.0.102
www.zzz.com IN A 192.168.0.103
如果使用/etc/hosts文件來實現內部DNS(編譯時應使用disable internal dns選項),編輯/etc/hosts文件添加如下條目:
192.168.0.101 www.xxx.com
192.168.0.102 www.yyy.com
192.168.0.103 www.zzz.com
《解決方案》
現在是2.6的版本了,其配置,在proxy版的精華裡面,我發有一個配置的。