yum install ntp
ntpdate time.nist.gov

1.Squid2.6-2.7安装
配置选项
./configure --prefix=/usr/local/squid \
--enable-async-io=320 \
--enable-storeio="aufs,diskd,ufs" \
--enable-useragent-log \
--enable-referer-log \
--enable-kill-parent-hack \
--enable-forward-log \
--enable-snmp \
--enable-cache-digests \
--enable-default-err-language=Simplify_Chinese \
--enable-epoll \
--enable-removal-policies="heap,lru" \
--enable-large-cache-files \
--disable-internal-dns \
--enable-x-accelerator-vary \
--enable-follow-x-forwarded-for \
--disable-ident-lookups \
//--enable-underscore \
//--enable-arp-acl \
--with-large-files \
--with-maxfd=65536

2.Squid3.0 安装
./configure --prefix=/usr/local/squid \
--enable-async-io=320 \
--enable-storeio="aufs,diskd,ufs" \
--enable-useragent-log \
--enable-referer-log \
--enable-kill-parent-hack \
--enable-forward-log \
--enable-snmp \
--enable-cache-digests \
--enable-default-err-language=Simplify_Chinese \
--enable-epoll \
--enable-removal-policies="heap,lru" \
--enable-large-cache-files \
--disable-internal-dns \
--enable-x-accelerator-vary \
--enable-follow-x-forwarded-for \
--disable-ident-lookups \
//--enable-underscore \
//--enable-arp-acl \
--with-large-files \
--with-filedescriptors=65536

解释：
--prefix=/usr/local/squid  :指定软件的安装路径
--enable-cache-digests     :使能缓存摘要，本来此项目的是为了在squid集群服务之间迅速发现缓存对象，这里在本地使用，可以加快请求时，检索缓存内容的速度。
--enable-gnuregex          :由于Squid大量使用字符串处理做各种判断，加入此项能更好的处理。
--disable-internal-dns     :Squid代理服务器在程序内部实现DNS解析，不会检查/etc/hosts文件，直接根据/etc/resolv.conf
--enable-async-io=320      :这个主要是设置async模式来运行squid，我的理解是设置用线程来运行squid，如果服务器配置很不错，有1G以上内存，cpu使用SMP的方式的话可以考虑设成160或者更高。如果服务器比较糟糕就根据实际情况设了。另外此项还另cache文件支持aufs
//--enable-icmp            :加入icmp支持
--enable-x-accelerator-vary :该高级功能可能在squid被配置成加速器时使用。它建议squid在响应请求时，从后台原始服务器中寻找X-Accelerator-Vary头。请见15.5章。
--enable-kill-parent-hack  :关掉suqid的时候，要不要连同父进程一起关掉，这个当然要啦
--enable-snmp              :此选项可以让cacti使用SNMP协议对服务器的流量状态进行监测，因此必须选择此项，使Squid支持SNMP接口。
--disable-ident-lookups    :防止系统使用RFC931规定的身份识别方法。
--enable-arp-acl           :可以在规则设置中直接通过客户端的MAC地址进行管理，防止客户使用IP欺骗。
--enable-err-language="Simplify_Chinese" 和
--enable-default-err-languages="Simplify_Chinese" :指定出错是显示的错误页面为简体中文
--enable-epoll             :linux2.6内核中提高I/O性能的新方法。
//--enable-poll            :应启用Poll()函数而不是select()函数，通常而言poll(轮询)比 select要好，但configure(脚本程序)已知Poll在某些平台下失效, 若你认为你比configure编译配置脚本程序要聪明的话，可以用这个选项启用Poll。总之就是用这个可以提升性能就是啦。
//--enable-linux-netfilter :可以支持透明代理
//--enable-underscore      :这个参数2.6－3.0都没有,:允许解析的URL中出现下划先，因为默认squid会认为带下划线的URL地址是非法的，并拒绝访问该地址。

--enable-follow-x-forwarded-for
然后在squid.conf中输入一行：
follow_x_forwarded_for allow all

后端的Apache取日志（httpd.conf）：
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %h %T" combined
取到的就是用户真实IP

make && make install

groupadd proxy
useradd -g proxy proxy

chown -R proxy.proxy /usr/local/squid/var/logs
chown -R proxy.proxy /var/spool/squid

ulimit -SHn 51200

/usr/local/squid/sbin/squid
/usr/local/squid/sbin/squid -z
/usr/local/squid/sbin/squid -k reconfigure
/usr/local/squid/bin/squidclient -h localhost -p 80 mgr:info
/usr/local/squid/sbin/squid -k rotate
/usr/local/squid/sbin/squidclient -m PURGE -p localhost:80

===============================================================================================================

# WELCOME TO SQUID 2.6.STABLE5

http_port 80 vhost vport
icp_port 0

#Mem And Disk Set
memory_replacement_policy heap LRU
cache_mem 768 MB
cache_swap_low 88
cache_swap_high 93

cache_replacement_policy heap LRU
cache_dir ufs /var/spool/squid 10240 16 256

maximum_object_size 4 MB
minimum_object_size 1 bytes
maximum_object_size_in_memory 1 MB

#Acl
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443

acl host1 dstdomain .abc.com 192.168.1.201
acl localhost src 127.0.0.1/255.255.255.255
#acl snmp src 192.168.1.203/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl CONNECT method CONNECT
acl PURGE method PURGE
http_access allow manager localhost
http_access allow PURGE localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow host1
http_access deny all

#snmp_port 3401
#acl snmppublic snmp_community snmp
#snmp_access allow snmppublic snmp
#snmp_access deny all

acl OverConnLimit maxconn 10
http_access deny OverConnLimit

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe
cache deny QUERY

#Refresh_pattern
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern (cgi-bin|\?)    0       0%      0
refresh_pattern .               0       20%     4320

refresh_pattern -i \.htm$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.html$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.js$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.css$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.xml$ 60 90% 1440 reload-into-ims

refresh_pattern -i \.gif$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 43200 reload-into-ims

refresh_pattern -i \.swf$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.flv$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.mp3$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.wma$ 1440 90% 43200 ignore-reload

#Timeout Set
negative_ttl 10 seconds
pconn_timeout 30 seconds
read_timeout 3 minutes
connect_timeout 1 minute
request_timeout 1 minute
pipeline_prefetch on
half_closed_clients off
shutdown_lifetime 1 minute
client_persistent_connections on
server_persistent_connections on
persistent_request_timeout 15 seconds

#Base
cache_vary on
follow_x_forwarded_for allow all
cache_effective_user proxy
cache_effective_group proxy
visible_hostname cache.abc.com

#Log
emulate_httpd_log on
#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh
#access_log /usr/local/squid/var/logs/access.log combined
access_log none
redirect_rewrites_host_header off

cache_log /usr/local/squid/var/logs/cache.log
cache_store_log none
cache_swap_log /usr/local/squid/var/logs/swap.log
log_ip_on_direct on
pid_filename /usr/local/squid/var/logs/squid.pid

logfile_rotate 1

#Net
cache_peer 192.168.1.202 parent 80 0 no-query originserver name=a
cache_peer 192.168.1.203 parent 80 0 no-query originserver name=b
cache_peer_domain a .abc.com
cache_peer_domain b .abc.com.cn

===========================================================================================================
# WELCOME TO SQUID 3.0.STABLE19

http_port 80 accel vport vhost
icp_port 0

#Mem And Disk Set
memory_replacement_policy heap LRU
cache_mem 768 MB
cache_swap_low 88
cache_swap_high 93

cache_replacement_policy heap LRU
cache_dir ufs /data/cache01 5120 16 128
cache_dir ufs /data/cache02 5120 16 128

maximum_object_size 4 MB
minimum_object_size 1 bytes
maximum_object_size_in_memory 1 MB

#Acl
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443

acl host1 dstdomain .abc.com
acl localhost src 127.0.0.1/255.255.255.255
#acl snmp src 192.168.1.201/255.255.255.255
acl manager proto cache_object
acl CONNECT method CONNECT
acl PURGE method PURGE
http_access allow manager localhost
http_access allow PURGE localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow host1
http_access deny all

#snmp_port 3401
#acl snmppublic snmp_community snmp
#snmp_access allow snmppublic snmp
#snmp_access deny all

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe
cache deny QUERY

#Refresh_pattern
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern (cgi-bin|\?)    0       0%      0
refresh_pattern .               0       20%     4320

refresh_pattern -i \.htm$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.html$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.js$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.css$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.xml$ 60 90% 1440 reload-into-ims

refresh_pattern -i \.gif$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 43200 reload-into-ims

refresh_pattern -i \.swf$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.flv$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.mp3$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.wma$ 1440 90% 43200 ignore-reload

#Timeout Set
negative_ttl 10 seconds
pconn_timeout 30 seconds
read_timeout 3 minutes
connect_timeout 1 minute
request_timeout 1 minute
pipeline_prefetch on
half_closed_clients off
shutdown_lifetime 1 minute
client_persistent_connections on
server_persistent_connections on
persistent_request_timeout 15 seconds

#Base
cache_effective_user proxy
cache_effective_group proxy
visible_hostname cache.abc.com

#Log
emulate_httpd_log on
#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh
#access_log /usr/local/squid/var/logs/access.log combined
access_log none
redirect_rewrites_host_header off

cache_log /usr/local/squid/var/logs/cache.log
cache_store_log none
cache_swap_log /usr/local/squid/var/logs/swap.log
log_ip_on_direct on
pid_filename /usr/local/squid/var/logs/squid.pid

logfile_rotate 1

#Net
cache_peer 192.168.1.202 parent 80 0 no-query originserver