阿里云-云小站(无限量代金券发放中)
【腾讯云】云服务器、云数据库、COS、CDN、短信等热卖云产品特惠抢购

Squid正向代理配置过程

211次阅读
没有评论

共计 8148 个字符,预计需要花费 21 分钟才能阅读完成。

Squid 正向代理配置过程

一、编译安装

http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.3.tar.gz

# tar xvzf squid-3.2.3.tar.gz

# cd squid-3.2.3

# ./configure –prefix=/usr/local/squid \

–enable-dlmalloc \

–enable-gnuregex \

–disable-carp \

–enable-async-io=100 \

–with-aufs-threads=32 \

–with-pthreads \

–enable-storeio=”ufs,aufs” \

–enable-removal-policies=”heap,lru” \

–enable-icmp \

–enable-htcp \

–enable-delay-pools \

–enable-useragent-log \

–enable-referer-log \

–disable-wccp \

–disable-wccpv2 \

–enable-kill-parent-hack \

–enable-arp-acl \

–disable-snmp \

–enable-default-err-language=Simplify_Chinese \

–enable-err-languages=”Simplify_Chinese English” \

–disable-poll \

–disable-select \

–enable-epoll \

–enable-auth \

–enable-auth-basic=”DB,NCSA,PAM,RADIUS,SASL” \

–with-aio \

–disable-ident-lookups \

–enable-truncate \

–enable-stacktraces \

–with-maxfd=65535 \

–disable-ipv6 \

–enable-ipf-transparent \

–enable-linux-netfilter

# make && make install

 

#———————————————————————————————————————————————

二、配置过程

(1)、创建相关目录及权限

# mkdir -p /data/squid/{cache,coredump,logs}

 

# /usr/sbin/groupadd squid

# /usr/sbin/useradd squid -g squid -s /sbin/nologin

 

# chmod -R 777 /data/squid/{cache,coredump,logs}

# chown -R squid:squid /data/squid/{cache,coredump,logs}

 

(2)、配置文件内容

# vim /usr/local/squid/etc/squid.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
http_port 内网口 IP:8080
                                           
cache_effective_user squid
cache_effective_group squid
                                           
cache_mem 2048 MB
cache_swap_low 90
cache_swap_high 95
                                           
ipcache_size 1024
ipcache_low 90
ipcache_high 95
                                           
cache_replacement_policy lru
memory_replacement_policy lru
                                           
cache_dir aufs /data/squid/cache 20480 16 256
coredump_dir /data/squid/coredump
                                           
memory_pools_limit 1024 MB
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 32768 KB
maximum_object_size_in_memory 2048 KB
                                           
access_log /dev/null
cache_access_log none
                                           
cache_log /dev/null
cache_store_log none
                                           
cache_swap_log /data/squid/logs/swap.log
                                           
logfile_rotate 1
pid_filename /usr/local/squid/var/logs/squid.pid
                                           
cache_mgr lovezym5@126.com
strip_query_terms off
visible_hostname ProxySrv
error_directory /usr/local/squid/share/errors/zh-cn
                                           
request_header_max_size 64 KB
request_body_max_size 0 KB
                                           
negative_ttl 5 minutes
read_timeout 1 minutes
client_lifetime 10 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
request_timeout 2 minutes
persistent_request_timeout 1 minute
                                           
client_persistent_connections off
server_persistent_connections on
tcp_recv_bufsize 65535 bytes
half_closed_clients off
httpd_suppress_version_string off
ie_refresh off
allow_underscore on
                                           
refresh_pattern ^ftp:          1440    20%    10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
refresh_pattern .              0      20%    4320
                                           
dns_nameservers DNS 服务器 IP
                                           
acl OverConnLimit maxconn 300
http_access deny OverConnLimit
                                           
acl our_network src 192.168.0.0/16
http_access allow our_network
                                           
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
                                           
request_header_access Via deny all
request_header_access X-Forwarded-For deny all

(3)、检查配置是否正确

# /usr/local/squid/sbin/squid -k parse

 

#———————————————————————————————————————————————

三、启动脚本

# vim /etc/init.d/squid

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
#!/bin/sh
#
#squid - this script start and stop the squid daemon
#
# chkconfig: - 90 25
# description: squid is a pagecache reverse proxy.
# processname: squid
# pidfile: /usr/local/squid/var/logs/squid.pid
# config: /usr/local/squid/etc/squid.conf
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
              
BINFILE="/usr/local/squid/sbin/squid"
CFGFILE="/usr/local/squid/etc/squid.conf"
PIDFILE="/usr/local/squid/var/logs/squid.pid"
LOCKFILE="/var/lock/squid.lock"
CACHEPATH="/data/squid/cache"
OUTFILE="/data/squid/logs/squid.out"
              
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
              
[[-f $BINFILE]] && SQUID="${BINFILE}"
              
CACHE_SWAP=`sed -e 's/#.*//g' ${CFGFILE} | grep cache_dir | awk '{print $3}'`
[-z "$CACHE_SWAP" ] && CACHE_SWAP="${CACHEPATH}"
              
RETVAL=0
              
start() {
    if [[! -f ${CFGFILE} ]]; then
        echo "The configuration file: ${CFGFILE} has no found!" 1>&2
        exit 6
    fi
                 
    SQUID_OPTS="-s -f ${CFGFILE}"
                 
    [[-z "$SQUID" ]] && echo "Insufficient privilege" 1>&2 && exit 4
                 
    for adir in $CACHE_SWAP
    do
        if [[! -d $adir/00 ]]; then
            echo -n "init_cache_dir $adir"
            $SQUID -z -F -D >> ${OUTFILE} 2>&1
        fi
    done
                 
    echo -n "Starting squid..."
    $SQUID $SQUID_OPTS >> ${OUTFILE} 2>&1
                 
    RETVAL=$?
                 
    if [[$RETVAL -eq 0 ]]; then
        timeout=0;
                     
        while :
        do
            [[! -f ${PIDFILE} ]] || break
            [[$timeout -ge $SQUID_PIDFILE_TIMEOUT ]] && RETVAL=1 && break
                         
            sleep 1 && echo -n "."
            timeout=$((timeout+1))
        done
    fi
                 
    echo ""
    [[$RETVAL -eq 0 ]] && touch ${LOCKFILE}
    [[$RETVAL -eq 0 ]] && echo "start squid is ok!"
    [[$RETVAL -ne 0 ]] && echo "start squid is failed!"
                 
    return $RETVAL
}
              
stop() {
    SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
    echo -n "Stopping squid..."
    $SQUID -k check >> ${OUTFILE} 2>&1
                 
    RETVAL=$?
                 
    if [[$RETVAL -eq 0 ]]; then
        $SQUID -k shutdown &
        rm -f ${LOCKFILE}
                     
        timeout=0
                     
        while :
        do
            [[-f ${PIDFILE} ]] || break
            [[$timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]] && echo "" && return 1
                         
            sleep 2 && echo -n "."
            timeout=$((timeout+2))
        done
                     
        echo ""
        echo "Stop squid is ok!"
    else
        echo ""
        echo "Stop squid is failed!"
        [[! -e ${LOCKFILE} ]] && RETVAL=0
    fi
                 
    return $RETVAL
}
              
restart() {
    stop
    sleep 1
    start
}
              
case "$1" in
start)
    start
    ;;
                 
stop)
    stop
    ;;
                 
reload)
    SQUID_OPTS=${SQUID_OPTS:-"-D"}
    $SQUID -k reconfigure -f ${CFGFILE}
    ;;
                 
restart)
    restart
    ;;
                 
condrestart)
    [[-e ${LOCKFILE} ]] && restart || :
    ;;
                 
*)
    echo $"Usage: $0 {start|stop|reload|restart|condrestart}"
    exit 2
esac
              
exit $?

# chmod 700 /etc/init.d/squid

# chkconfig –add squid

# service squid start

 

#———————————————————————————————————————————————

四、squid 健康检查

# vim /data/scripts/check_squid.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
                                                
PORT='8080'
ETH1_ADDR=`/sbin/ifconfig eth1 | awk -F ':' '/inet addr/{print $2}' | sed 's/[a-zA-Z]//g'`
                                                
if [[! -e /usr/local/squid/sbin/squid ]]; then
    echo "The squid service has no been installed ^_^"
    exit 1
fi
                                                
# 服务挂掉的情况
retval=`ps aux | grep 'sbin/squi[d]' | wc -l`
if [[${retval} -eq 0 ]]; then
    /sbin/service squid restart >/dev/null 2>&1
    exit 0
fi
                                                
## 服务僵死的情况
retval=`/usr/local/squid/bin/squidclient -s -h ${ETH1_ADDR} -p ${PORT}`
if [["${retval}X" != "X" ]]; then
    /sbin/service squid restart >/dev/null 2>&1
fi

# crontab -e

*/5 * * * * /data/scripts/check_squid.sh 

#———————————————————————————————————————————————

五、测试

curl -I -s -x http:// 代理服务 IP:8080 www.qq.com

配置 Squid 代理 http 和 rsync http://www.linuxidc.com/Linux/2013-05/84642.htm

Squid:实现高速的 Web 访问 http://www.linuxidc.com/Linux/2013-04/83512.htm

CentOS 6.2 编译安装 Squid 配置反向代理服务器 http://www.linuxidc.com/Linux/2012-11/74529.htm

简单配置 Squid 代理和反向代理 http://www.linuxidc.com/Linux/2014-04/99465.htm

CentOS 6.4 下 DNS+Squid+Nginx+MySQL 搭建高可用 Web 服务器 http://www.linuxidc.com/Linux/2014-04/99984.htm

Squid 的详细介绍 :请点这里
Squid 的下载地址 :请点这里

本文永久更新链接地址 :http://www.linuxidc.com/Linux/2015-09/123066.htm

正文完
星哥说事-微信公众号
post-qrcode
 0
星锅
版权声明:本站原创文章,由 星锅 于2022-01-21发表,共计8148字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
【腾讯云】推广者专属福利,新客户无门槛领取总价值高达2860元代金券,每种代金券限量500张,先到先得。
阿里云-最新活动爆款每日限量供应
评论(没有评论)
验证码
【腾讯云】云服务器、云数据库、COS、CDN、短信等云产品特惠热卖中