四、) 安装Squid

四、) 安装Squid

[root@localhost]#./configure --prefix=/usr/local/server/squid --enable-async-io=100 --disable-delay-pools \
--disable-mem-gen-trace --disable-useragent-log --enable-kill-parent-hack --disable-arp-acl \
--enable-epoll --disable-ident-lookups --enable-snmp --enable-large-cache-files --with-large-files
[root@localhost]#make && make install

如果是2.6的内核,才能支持epoll的IO模式,旧版本的内核则只能选择poll或其他模式了;另外,记得带上支持大文件的选项,否则在access log等文件达到2G的时候就会报错。
设定 squid 的配置大概如下内容:

#设定缓存目录为 /var/cache1 和 /var/lib/squid,每次处理缓存大小为128MB,当缓存空间使用达到95%时
#新的内容将取代旧的而不直接添加到目录中,直到空间又下降到90%才停止这一活动
#/var/cache1 最大1024MB,/var/lib/squid 最大 5000MB,都是 16*256 级子目录
cache_dir aufs /var/cache1 1024 16 256
cache_dir aufs /var/lib/squid 5000 16 256
cache_mem 128 MB
cache_swap_low 90
cache_swap_high 95

#设置存储策略等
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 80 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95

cache_replacement_policy lru
memory_replacement_policy lru

#设置超时策略
forward_timeout 20 seconds
connect_timeout 15 seconds
read_timeout 3 minutes
request_timeout 1 minutes
persistent_request_timeout 15 seconds
client_lifetime 15 minutes
shutdown_lifetime 5 seconds
negative_ttl 10 seconds

#限制一个ip最大只能有16个连接
acl OverConnLimit maxconn 16
http_access deny OverConnLimit

#限制baidu spider访问
#acl AntiBaidu req_header User-Agent Baiduspider
#http_access deny AntiBaidu

#常规设置
visible_hostname cache.yejr.com
cache_mgr webmaster@yejr.com
client_persistent_connections off
server_persistent_connections on

cache_effective_user nobody
cache_effective_group nobody
tcp_recv_bufsize 65535 bytes

half_closed_clients off

#设定不缓存的规则
hierarchy_stoplist cgi-bin
acl QUERY urlpath_regex cgi-bin
cache deny QUERY

#不要相信ETag 因为有gzip
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

#设置access log,并且令其格式和apache的格式一样,方便awstats分析
emulate_httpd_log   on
logformat apache %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h"
access_log /usr/local/server/squid/var/logs/access.log apache
cache_store_log none

#设置默认刷新规则
refresh_pattern -i ^ftp:       1440    20% 10080
refresh_pattern -i ^gopher:    1440    0%  1440
refresh_pattern .       0   20% 4320

#设定访问规则
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255 192.168.8.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 443     # https
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
icp_access allow all
http_reply_access allow all
http_access allow Safe_ports all
http_access deny all

coredump_dir /usr/local/server/squid/var/cache

#设定icp规则,icp用于实现squid的cache共享
icp_port 3030
udp_incoming_address 192.168.8.83
log_icp_queries on

#设定反向代理
http_port 192.168.8.84:80 vhost vport
cache_peer 192.168.8.84 parent 8080 0 no-query originserver name=web84
cache_peer_domain web84 www.yejr.com
cache_peer_domain web84 192.168.8.84

#设定squid sibling(同级协作squid)
cache_peer 192.168.8.83 sibling  80 3030 proxy-only

#设定snmp端口
snmp_port 3401

初始化和启动squid

[root@localhost]#/usr/local/server/squid/sbin/squid -z
[root@localhost]#/usr/local/server/squid/sbin/squid

第一条命令是先初始化squid缓存哈希子目录,只需执行一次即可。

技术相关: