yum install ntp
ntpdate time.nist.gov
1.Squid2.6-2.7安装
配置选项
./configure --prefix=/usr/local/squid \
--enable-async-io=320 \
--enable-storeio="aufs,diskd,ufs" \
--enable-useragent-log \
--enable-referer-log \
--enable-kill-parent-hack \
--enable-forward-log \
--enable-snmp \
--enable-cache-digests \
--enable-default-err-language=Simplify_Chinese \
--enable-epoll \
--enable-removal-policies="heap,lru" \
--enable-large-cache-files \
--disable-internal-dns \
--enable-x-accelerator-vary \
--enable-follow-x-forwarded-for \
--disable-ident-lookups \
//--enable-underscore \
//--enable-arp-acl \
--with-large-files \
--with-maxfd=65536
2.Squid3.0 安装
./configure --prefix=/usr/local/squid \
--enable-async-io=320 \
--enable-storeio="aufs,diskd,ufs" \
--enable-useragent-log \
--enable-referer-log \
--enable-kill-parent-hack \
--enable-forward-log \
--enable-snmp \
--enable-cache-digests \
--enable-default-err-language=Simplify_Chinese \
--enable-epoll \
--enable-removal-policies="heap,lru" \
--enable-large-cache-files \
--disable-internal-dns \
--enable-x-accelerator-vary \
--enable-follow-x-forwarded-for \
--disable-ident-lookups \
//--enable-underscore \
//--enable-arp-acl \
--with-large-files \
--with-filedescriptors=65536
解释:
--prefix=/usr/local/squid :指定软件的安装路径
--enable-cache-digests :使能缓存摘要,本来此项目的是为了在squid集群服务之间迅速发现缓存对象,这里在本地使用,可以加快请求时,检索缓存内容的速度。
--enable-gnuregex :由于Squid大量使用字符串处理做各种判断,加入此项能更好的处理。
--disable-internal-dns :Squid代理服务器在程序内部实现DNS解析,不会检查/etc/hosts文件,直接根据/etc/resolv.conf
--enable-async-io=320 :这个主要是设置async模式来运行squid,我的理解是设置用线程来运行squid,如果服务器配置很不错,有1G以上内存,cpu使用SMP的方式的话可以考虑设成160或者更高。如果服务器比较糟糕就根据实际情况设了。另外此项还另cache文件支持aufs
//--enable-icmp :加入icmp支持
--enable-x-accelerator-vary :该高级功能可能在squid被配置成加速器时使用。它建议squid在响应请求时,从后台原始服务器中寻找X-Accelerator-Vary头。请见15.5章。
--enable-kill-parent-hack :关掉suqid的时候,要不要连同父进程一起关掉,这个当然要啦
--enable-snmp :此选项可以让cacti使用SNMP协议对服务器的流量状态进行监测,因此必须选择此项,使Squid支持SNMP接口。
--disable-ident-lookups :防止系统使用RFC931规定的身份识别方法。
--enable-arp-acl :可以在规则设置中直接通过客户端的MAC地址进行管理,防止客户使用IP欺骗。
--enable-err-language="Simplify_Chinese" 和
--enable-default-err-languages="Simplify_Chinese" :指定出错是显示的错误页面为简体中文
--enable-epoll :linux2.6内核中提高I/O性能的新方法。
//--enable-poll :应启用Poll()函数而不是select()函数,通常而言poll(轮询)比 select要好,但configure(脚本程序)已知Poll在某些平台下失效, 若你认为你比configure编译配置脚本程序要聪明的话,可以用这个选项启用Poll。总之就是用这个可以提升性能就是啦。
//--enable-linux-netfilter :可以支持透明代理
//--enable-underscore :这个参数2.6-3.0都没有,:允许解析的URL中出现下划先,因为默认squid会认为带下划线的URL地址是非法的,并拒绝访问该地址。
--enable-follow-x-forwarded-for
然后在squid.conf中输入一行:
follow_x_forwarded_for allow all
后端的Apache取日志(httpd.conf):
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %h %T" combined
取到的就是用户真实IP
make && make install
groupadd proxy
useradd -g proxy proxy
chown -R proxy.proxy /usr/local/squid/var/logs
chown -R proxy.proxy /var/spool/squid
ulimit -SHn 51200
/usr/local/squid/sbin/squid
/usr/local/squid/sbin/squid -z
/usr/local/squid/sbin/squid -k reconfigure
/usr/local/squid/bin/squidclient -h localhost -p 80 mgr:info
/usr/local/squid/sbin/squid -k rotate
/usr/local/squid/sbin/squidclient -m PURGE -p localhost:80
===============================================================================================================
# WELCOME TO SQUID 2.6.STABLE5
http_port 80 vhost vport
icp_port 0
#Mem And Disk Set
memory_replacement_policy heap LRU
cache_mem 768 MB
cache_swap_low 88
cache_swap_high 93
cache_replacement_policy heap LRU
cache_dir ufs /var/spool/squid 10240 16 256
maximum_object_size 4 MB
minimum_object_size 1 bytes
maximum_object_size_in_memory 1 MB
#Acl
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl host1 dstdomain .abc.com 192.168.1.201
acl localhost src 127.0.0.1/255.255.255.255
#acl snmp src 192.168.1.203/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl CONNECT method CONNECT
acl PURGE method PURGE
http_access allow manager localhost
http_access allow PURGE localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow host1
http_access deny all
#snmp_port 3401
#acl snmppublic snmp_community snmp
#snmp_access allow snmppublic snmp
#snmp_access deny all
acl OverConnLimit maxconn 10
http_access deny OverConnLimit
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe
cache deny QUERY
#Refresh_pattern
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern -i \.htm$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.html$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.js$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.css$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.xml$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.gif$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.swf$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.flv$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.mp3$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.wma$ 1440 90% 43200 ignore-reload
#Timeout Set
negative_ttl 10 seconds
pconn_timeout 30 seconds
read_timeout 3 minutes
connect_timeout 1 minute
request_timeout 1 minute
pipeline_prefetch on
half_closed_clients off
shutdown_lifetime 1 minute
client_persistent_connections on
server_persistent_connections on
persistent_request_timeout 15 seconds
#Base
cache_vary on
follow_x_forwarded_for allow all
cache_effective_user proxy
cache_effective_group proxy
visible_hostname cache.abc.com
#Log
emulate_httpd_log on
#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh
#access_log /usr/local/squid/var/logs/access.log combined
access_log none
redirect_rewrites_host_header off
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log none
cache_swap_log /usr/local/squid/var/logs/swap.log
log_ip_on_direct on
pid_filename /usr/local/squid/var/logs/squid.pid
logfile_rotate 1
#Net
cache_peer 192.168.1.202 parent 80 0 no-query originserver name=a
cache_peer 192.168.1.203 parent 80 0 no-query originserver name=b
cache_peer_domain a .abc.com
cache_peer_domain b .abc.com.cn
===========================================================================================================
# WELCOME TO SQUID 3.0.STABLE19
http_port 80 accel vport vhost
icp_port 0
#Mem And Disk Set
memory_replacement_policy heap LRU
cache_mem 768 MB
cache_swap_low 88
cache_swap_high 93
cache_replacement_policy heap LRU
cache_dir ufs /data/cache01 5120 16 128
cache_dir ufs /data/cache02 5120 16 128
maximum_object_size 4 MB
minimum_object_size 1 bytes
maximum_object_size_in_memory 1 MB
#Acl
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl host1 dstdomain .abc.com
acl localhost src 127.0.0.1/255.255.255.255
#acl snmp src 192.168.1.201/255.255.255.255
acl manager proto cache_object
acl CONNECT method CONNECT
acl PURGE method PURGE
http_access allow manager localhost
http_access allow PURGE localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow host1
http_access deny all
#snmp_port 3401
#acl snmppublic snmp_community snmp
#snmp_access allow snmppublic snmp
#snmp_access deny all
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe
cache deny QUERY
#Refresh_pattern
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern -i \.htm$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.html$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.js$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.css$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.xml$ 60 90% 1440 reload-into-ims
refresh_pattern -i \.gif$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 43200 reload-into-ims
refresh_pattern -i \.swf$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.flv$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.mp3$ 1440 90% 43200 ignore-reload
refresh_pattern -i \.wma$ 1440 90% 43200 ignore-reload
#Timeout Set
negative_ttl 10 seconds
pconn_timeout 30 seconds
read_timeout 3 minutes
connect_timeout 1 minute
request_timeout 1 minute
pipeline_prefetch on
half_closed_clients off
shutdown_lifetime 1 minute
client_persistent_connections on
server_persistent_connections on
persistent_request_timeout 15 seconds
#Base
cache_effective_user proxy
cache_effective_group proxy
visible_hostname cache.abc.com
#Log
emulate_httpd_log on
#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh
#access_log /usr/local/squid/var/logs/access.log combined
access_log none
redirect_rewrites_host_header off
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log none
cache_swap_log /usr/local/squid/var/logs/swap.log
log_ip_on_direct on
pid_filename /usr/local/squid/var/logs/squid.pid
logfile_rotate 1
#Net
cache_peer 192.168.1.202 parent 80 0 no-query originserver