Squid正向代理配置过程
Squid正向代理配置过程
Squid正向代理配置过程
一、编译安装
http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.3.tar.gz
# tar xvzf squid-3.2.3.tar.gz
# cd squid-3.2.3
# ./configure --prefix=/usr/local/squid \
--enable-dlmalloc \
--enable-gnuregex \
--disable-carp \
--enable-async-io=100 \
--with-aufs-threads=32 \
--with-pthreads \
--enable-storeio="ufs,aufs" \
--enable-removal-policies="heap,lru" \
--enable-icmp \
--enable-htcp \
--enable-delay-pools \
--enable-useragent-log \
--enable-referer-log \
--disable-wccp \
--disable-wccpv2 \
--enable-kill-parent-hack \
--enable-arp-acl \
--disable-snmp \
--enable-default-err-language=Simplify_Chinese \
--enable-err-languages="Simplify_Chinese English" \
--disable-poll \
--disable-select \
--enable-epoll \
--enable-auth \
--enable-auth-basic="DB,NCSA,PAM,RADIUS,SASL" \
--with-aio \
--disable-ident-lookups \
--enable-truncate \
--enable-stacktraces \
--with-maxfd=65535 \
--disable-ipv6 \
--enable-ipf-transparent \
--enable-linux-netfilter
# make && make install
#---------------------------------------------------------------------------------------------------------------------------------------------
二、配置过程
(1)、创建相关目录及权限
# mkdir -p /data/squid/{cache,coredump,logs}
# /usr/sbin/groupadd squid
# /usr/sbin/useradd squid -g squid -s /sbin/nologin
# chmod -R 777 /data/squid/{cache,coredump,logs}
# chown -R squid:squid /data/squid/{cache,coredump,logs}
(2)、配置文件内容
# vim /usr/local/squid/etc/squid.conf
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
http_port 内网口IP:8080
cache_effective_user squid
cache_effective_group squid
cache_mem 2048 MB
cache_swap_low 90
cache_swap_high 95
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir aufs /data/squid/cache 20480 16 256
coredump_dir /data/squid/coredump
memory_pools_limit 1024 MB
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 32768 KB
maximum_object_size_in_memory 2048 KB
access_log /dev/null
cache_access_log none
cache_log /dev/null
cache_store_log none
cache_swap_log /data/squid/logs/swap.log
logfile_rotate 1
pid_filename /usr/local/squid/var/logs/squid.pid
cache_mgr lovezym5@126.com
strip_query_terms off
visible_hostname ProxySrv
error_directory /usr/local/squid/share/errors/zh-cn
request_header_max_size 64 KB
request_body_max_size 0 KB
negative_ttl 5 minutes
read_timeout 1 minutes
client_lifetime 10 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
request_timeout 2 minutes
persistent_request_timeout 1 minute
client_persistent_connections off
server_persistent_connections on
tcp_recv_bufsize 65535 bytes
half_closed_clients off
httpd_suppress_version_string off
ie_refresh off
allow_underscore on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
dns_nameservers DNS服务器IP
acl OverConnLimit maxconn 300
http_access deny OverConnLimit
acl our_network src 192.168.0.0/16
http_access allow our_network
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
|
(3)、检查配置是否正确
# /usr/local/squid/sbin/squid -k parse
#---------------------------------------------------------------------------------------------------------------------------------------------
三、启动脚本
# vim /etc/init.d/squid
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 |
#!/bin/sh
#
#squid - this script start and stop the squid daemon
#
# chkconfig: - 90 25
# description: squid is a pagecache reverse proxy.
# processname: squid
# pidfile: /usr/local/squid/var/logs/squid.pid
# config: /usr/local/squid/etc/squid.conf
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
BINFILE="/usr/local/squid/sbin/squid"
CFGFILE="/usr/local/squid/etc/squid.conf"
PIDFILE="/usr/local/squid/var/logs/squid.pid"
LOCKFILE="/var/lock/squid.lock"
CACHEPATH="/data/squid/cache"
OUTFILE="/data/squid/logs/squid.out"
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
[[ -f $BINFILE ]] && SQUID="${BINFILE}"
CACHE_SWAP=`sed -e 's/#.*//g' ${CFGFILE} | grep cache_dir | awk '{print $3}'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP="${CACHEPATH}"
RETVAL=0
start() {
if [[ ! -f ${CFGFILE} ]]; then
echo "The configuration file: ${CFGFILE} has no found!" 1>&2
exit 6
fi
SQUID_OPTS="-s -f ${CFGFILE}"
[[ -z "$SQUID" ]] && echo "Insufficient privilege" 1>&2 && exit 4
for adir in $CACHE_SWAP
do
if [[ ! -d $adir/00 ]]; then
echo -n "init_cache_dir $adir"
$SQUID -z -F -D >> ${OUTFILE} 2>&1
fi
done
echo -n "Starting squid..."
$SQUID $SQUID_OPTS >> ${OUTFILE} 2>&1
RETVAL=$?
if [[ $RETVAL -eq 0 ]]; then
timeout=0;
while :
do
[[ ! -f ${PIDFILE} ]] || break
[[ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]] && RETVAL=1 && break
sleep 1 && echo -n "."
timeout=$((timeout+1))
done
fi
echo ""
[[ $RETVAL -eq 0 ]] && touch ${LOCKFILE}
[[ $RETVAL -eq 0 ]] && echo "start squid is ok!"
[[ $RETVAL -ne 0 ]] && echo "start squid is failed!"
return $RETVAL
}
stop() {
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
echo -n "Stopping squid..."
$SQUID -k check >> ${OUTFILE} 2>&1
RETVAL=$?
if [[ $RETVAL -eq 0 ]]; then
$SQUID -k shutdown &
rm -f ${LOCKFILE}
timeout=0
while :
do
[[ -f ${PIDFILE} ]] || break
[[ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]] && echo "" && return 1
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo ""
echo "Stop squid is ok!"
else
echo ""
echo "Stop squid is failed!"
[[ ! -e ${LOCKFILE} ]] && RETVAL=0
fi
return $RETVAL
}
restart() {
stop
sleep 1
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
SQUID_OPTS=${SQUID_OPTS:-"-D"}
$SQUID -k reconfigure -f ${CFGFILE}
;;
restart)
restart
;;
condrestart)
[[ -e ${LOCKFILE} ]] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|condrestart}"
exit 2
esac
exit $?
|
# chmod 700 /etc/init.d/squid
# chkconfig --add squid
# service squid start
#---------------------------------------------------------------------------------------------------------------------------------------------
四、squid健康检查
# vim /data/scripts/check_squid.sh
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
PORT='8080'
ETH1_ADDR=`/sbin/ifconfig eth1 | awk -F ':' '/inet addr/{print $2}' | sed 's/[a-zA-Z ]//g'`
if [[ ! -e /usr/local/squid/sbin/squid ]]; then
echo "The squid service has no been installed ^_^"
exit 1
fi
#服务挂掉的情况
retval=`ps aux | grep 'sbin/squi[d]' | wc -l`
if [[ ${retval} -eq 0 ]]; then
/sbin/service squid restart >/dev/null 2>&1
exit 0
fi
##服务僵死的情况
retval=`/usr/local/squid/bin/squidclient -s -h ${ETH1_ADDR} -p ${PORT}`
if [[ "${retval}X" != "X" ]]; then
/sbin/service squid restart >/dev/null 2>&1
fi
|
# crontab -e
*/5 * * * * /data/scripts/check_squid.sh
#---------------------------------------------------------------------------------------------------------------------------------------------
五、测试
curl -I -s -x http://代理服务IP:8080 www.qq.com
配置Squid代理http和rsync
Squid:实现高速的Web访问
CentOS 6.2 编译安装Squid 配置反向代理服务器
简单配置Squid代理和反向代理
CentOS 6.4下DNS+Squid+Nginx+MySQL搭建高可用Web服务器
Squid 的详细介绍:请点这里
Squid 的下载地址:请点这里
本文永久更新链接地址:
评论暂时关闭