基于Squid3.0的反向代理加速实现
Squid是一个更专用的代理服务器,性能和效率会比Apache的mod_proxy高很多。
下载squid3.0
squid的编译安装:
groupadd squid
adduser -g squid -d /dev/null -s /sbin/nologin squid
tar xzvf squid-3.0.STABLE15.tar.gz
cd squid-3.0.STABLE15./configure --prefix=/usr/local/squid --sysconfdir=/usr/local/squid/etc --enable-arp-acl --enable-linux-netfilter --enable-pthreads --enable-err-language="Simplify_Chinese" --enable-storeio='ufs,aufs,null' --enable-default-err-language="Simplify_Chinese" --enable-auth="basic" --enable-baisc-auth-helpers="NCSA" --enable-underscore --enable-cachemgr --enable-async-io --with-large-files --with-filedescriptors=65536 –enable-epoll
make make install
squid的配置
cd /usr/local/squid mkdir cache chown -R squid.squid var
chown -R squid.squid cache vi /usr/local/squid/etc/squid.conf在/etc/hosts中:加入内部的DNS解析,比如: 192.168.1.103 www.zhang.com 192.168.1.104 hehe.aa.zhang.com ---------------------cut here----------------------------------
# visible name
visible_hostname cache.zhang.com
# cache config: space use 1G and memory use 256M cache_dir ufs /usr/local/squid/cache 1024 16 256 cache_mem 256 MB
maximum_object_size 20000 KB maximum_object_size_in_memory 4096 KB cache_effective_user squid cache_effective_group squid
##设置端口http_port 80 vhost vport
#2.5版本的反向代理配置 httpd_accel_host virtual httpd_accel_single_host off httpd_accel_port 80 httpd_accel_uses_host_header on httpd_accel_with_proxy on
#2.5以上的反向代理加速配置 #代理到本机的80端口的服务,仅仅做为原始内容服务器 cache_peer 127.0.0.1 parent 80 0 no-query originserver
# accelerater my domain only acl acceleratedHostA dstdomain .example1.com acl acceleratedHostB dstdomain .example2.com acl acceleratedHostC dstdomain .example3.com
# access arc acl all src 0.0.0.0/0.0.0.0
acl QUERY urlpath_regex cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe cache deny QUERY # Allow requests when they are to the accelerated machine AND to the # right port with right protocol http_access allow acceleratedHostA http_access allow acceleratedHostB http_access allow acceleratedHostC
# log emulate_httpd_log on cache_store_log none
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
pid_filename /var/log/squid/var/logs/squid.pid cache_access_log /usr/local/squid/log/access.log combined
cache_log /usr/local/squid/log/cache.log
pid_filename /usr/local/squid/var/logs/squid.pid
# manager acl manager proto cache_object http_access allow manager all #cachemgr_passwd pass all
###配置多个服务器的代理
###cache_peer cache_peer x.x.x.x parent 80 0 no-query originserver name=foo cache_peer y.y.y.y parent 80 0 no-query originserver name=bar ###cache_peer_domain cache_peer_domain foo www.carl.com cache_peer_domain bar www.zhang.com
acl sites dstdomain .carl.com
acl sites dstdomain .zhang.com ###cache_peer_access cache_peer_access foo allow sites cache_peer_access bar allow sites
http_access allow all
----------------------cut here---------------------------------
附加功能:
#仅仅允许80端口的代理 acl Safe_ports port 80 # http http_access deny !Safe_ports http_access allow all
#设置防图片盗链的,其中aaa,和bbb分别是虚拟主机的域名,referer中必须包含有aaa或者bbb的域名才能访问图片
acl picurl url_regex -i \.bmp$ \.png$ \.jpg$ \.gif$ \.jpeg$ acl mystie1 referer_regex -i aaa http_access allow mystie1 picurl acl mystie2 referer_regex -i bbb http_access allow mystie2 picurl
测试配置文件:
#/usr/local/squid/sbin/squid -k parse 创建缓存目录: /usr/local/squid/sbin/squid -z启动squid /usr/local/squid/sbin/squid停止squid: /usr/local/squid/sbin/squid -k shutdown启用新配置: /usr/local/squid/sbin/squid -k reconfig通过crontab每天0点截断/轮循日志: 0 0 * * * (/usr/local/squid/sbin/squid -k rotate)
more /usr/local/squid/var/logs/page_zs_access_log |grep TCP_MEM_HIT
该指令可以看到在squid运行过程中,有那些文件被squid缓存到内存中,并返回给访问用户
more /usr/local/squid/var/logs/page_zs_access_log |grep TCP_HIT
该指令可以看到在squid运行过程中,有那些文件被squid缓存到cache目录中,并返回给访问用户
more /usr/local/squid/var/logs/page_zs_access_log |grep TCP_MISS
该指令可以看到在squid运行过程中,有那些文件没有被squid缓存,而是现重原始服务器获取并返回给访问用户
可以查看下命中率及其他相关信息
#/usr/local/squid/bin/squidclient -p 80 -h localhost mgr:info
有的时候我们可能还想手动删除一些缓存,这也可以使用squidclient命令来实现: /usr/local/squid/sbin/squidclient -h HOST -p PORT -m PURGE URL
使用简单的负载均衡:
cache_peer 192.168.1.103 parent 80 0 no-query originserver round-robin name=carl1
cache_peer 127.0.0.1 parent 80 0 no-query originserver round-robin name=carl2
cache_peer_domain carl1 www.carl.com
cache_peer_domain carl2 www.carl.com
配置实例:CentOS release 5.4环境下测试通过!
1、单域名!
cache_mgr jimo291@sohu.com
cache_effective_user squid
cache_effective_group squid
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /usr/local/squid/var/cache 1000 16 256
maximum_object_size 20000 KB maximum_object_size_in_memory 4096 KB
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
visible_hostname test.squid.com
http_port 80 accel vhost vport
cache_peer 192.168.1.103 parent 80 0 no-query originserver
acl carl dstdomain .carl.com
acl Purge method PURGE
acl Manager proto cache_object
acl Localhost src 127.0.0.1/32
http_access allow carl
http_access allow Purge Localhost
http_access allow Manager Localhost
http_access deny Manager
http_access deny All
2、多域名!
cache_mgr jimo291@sohu.com
cache_effective_user squid
cache_effective_group squid
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /usr/local/squid/var/cache 1000 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
visible_hostname test.squid.com
http_port 80 vhost vport
cache_peer 192.168.1.103 parent 80 0 no-query originserver name=carl
cache_peer 127.0.0.1 parent 81 0 no-query originserver name=zhang
cache_peer_domain carl www.carl.com
cache_peer_domain zhang www.zhang.com
acl sites1 dstdomain .carl.com
acl sites2 dstdomain .zhang.com
acl Purge method PURGE
acl Manager proto cache_object
acl Localhost src 127.0.0.1/32
#cache_peer_access deny All
cache_peer_access carl allow sites1
cache_peer_access zhang allow sites2
http_access allow sites1
http_access allow sites2
http_access allow Purge Localhost
http_access allow Manager Localhost
http_access deny Manager
http_access deny All
squid群集:
cache_mgr jimo291@sohu.com
cache_effective_user squid
cache_effective_group squid
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /usr/local/squid/var/cache 1000 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
visible_hostname 192.168.1.121
http_port 192.168.1.121:80 vhost vport
icp_port 3130
cache_peer 192.168.1.159 parent 80 0 no-query originserver name=carl1
#cache_peer 127.0.0.1 parent 80 0 no-query originserver name=carl2
cache_peer_domain carl1 www.carl.com
#cache_peer_domain carl2
cache_peer 192.168.1.108 sibling 80 3130 name=cache1
cache_peer 192.168.1.121 sibling 80 3130 name=cache2
acl Safe_ports port 80
acl Safe_ports port 3130
acl sites dstdomain .carl.com
acl Purge method PURGE
acl Manager proto cache_object
acl Localhost src 127.0.0.1/32
#cache_peer_access carl allow sites1
#cache_peer_access zhang allow sites2
#cache_peer_access deny All
http_access allow sites
http_access allow Safe_ports
http_access allow Purge Localhost
http_access allow Manager Localhost
http_access deny Manager
http_access deny All