标签:squid
[root@cache01 squid-3.0.STABLE20]# uname -r 2.6.32-358.el6.x86_64 [root@cache01 squid-3.0.STABLE20]# cat /etc/redhat-release CentOS release 6.4 (Final) hostname cache01 vi /etc/sysconfig/network ulimit -Hn 20480 echo "ulimit -Hn 20480" >>/etc/rc.local echo "net.ipv4.ip_local_port_range = 4000 65000" >>/etc/sysctl.conf sysctl -p |grep port_range yum -y install openssl-devel yum -y install gcc gcc-c++ wget http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE20.tar.gz tar xf squid-3.0.STABLE20.tar.gz cd squid-3.0.STABLE20 ./configure --prefix=/application/squid3.0 --enable-async-io=100 --with-pthreads --enable-storeio="aufs,diskd,ufs" --enable-removal-policiles="heap,lru" --enable-icmp --enable-delay-pools --enable-useragent-log --enable-referer-log --enable-kill-parent-hack --enable-cachemgr-hostname=localhost --enable-arp-acl --enable-default-err-language=English --enable-err-languages="Simplify_Chinese English" --disable-pool --disable-wccp --disable-wccpv2 --disable-ident-lookups --disable-internal-dns --enable-basic-auth-helpers="NCSA" --enable-stacktrace --with-large-files --disable-mempools --with-filedescriptors=64000 --enable-ssl --enable-x-accelerator-vary --disable-snmp --with-aio --enable-linux-netfilter --enable-linux-tproxy echo $? make echo $? make install echo $? ln -s /application/squid3.0 /application/squid cd /application/squid/etc/ wc -l squid.conf egrep -v "^#|^$" squid.conf useradd squid -s /sbin/nologin -M id squid vim squid.conf /application/squid/sbin/squid -k parse chown -R squid /application/squid3.0/var/ /application/squid/sbin/squid -k parse echo ‘export PATH=$PATH:/application/squid/sbin:/application/squid/bin‘ >>/etc/profile . /etc/profile echo $PATH squid -z yum install -y tree telnet dos2unix tree /application/squid/var/cache/ find /application/squid/var/cache/ -type f squid -N -d1 #前台运行测试 ss -lntup|grep squid ip add #浏览器设置 tail /application/squid/var/logs/access.log find /application/squid/var/cache/ -type f squid -D echo "/application/squid/sbin/squid -D" >>/etc/rc.local vi /etc/init.d/squid chmod +x /etc/init.d/squid #ACL应用 ------------ vi squid.conf acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl sex url_regex -i ^http://.*oldboy.* acl sex_path urlpath_regex 465726687 acl CONNECT method CONNECT http_access deny sex http_access deny sex_path http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access deny all icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? cache_dir ufs /application/squid3.0/var/cache 100 16 256 access_log /application/squid3.0/var/logs/access.log squid cache_log /application/squid3.0/var/logs/cache.log cache_store_log /application/squid3.0/var/logs/store.log refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_mgr 121361146@qq.com cache_effective_user squid cache_effective_group squid visible_hostname img1.etiantian.org icp_port 3130 coredump_dir /application/squid3.0/var/cache ------------ squid -k parse squid -k reconfigure #通过配置WEB页面查看Squid相关信息 yum install -y httpd find / -name "cachemgr.cgi" vi /etc/httpd/conf/httpd.conf ScriptAlias "/squid" "/application/squid3.0/libexec/cachemgr.cgi" <Location "/squid"> Order deny,allow Deny from all Allow from all </location> sed -i ‘s#Listen 80#Listen 8080#‘ /etc/httpd/conf/httpd.conf http://10.6.3.151:8080/squid #反向代理 [root@cache01 etc]# vi squid.conf http_port 80 accel vhost vport cache_peer img01.etiantian.org parent 80 0 no-query no-digest max-conn=32 originserver cache_swap_low 90 cache_swap_high 95 #icp_port 3130 [root@cache01 etc]# cat /etc/hosts 10.6.3.152 img01.etiantian.org [root@salt-client1 html] yum install -y httpd cd /var/www/html/ rz [root@salt-client1 html]# ls 1.png 2.png 3.png 4.png /etc/init.d/httpd start http://10.6.3.151/1.png [root@cache01 etc]# tail -f ../var/logs/access.log 1472031672.139 2 10.6.2.6 TCP_REFRESH_UNMODIFIED/304 245 GET http://10.6.3.151/1.png - FIRST_UP_PARENT/img01.etiantian.org - 1472031672.347 0 10.6.2.6 TCP_IMS_HIT/304 237 GET http://10.6.3.151/1.png - NONE/- image/png 1472031672.562 0 10.6.2.6 TCP_IMS_HIT/304 237 GET http://10.6.3.151/1.png - NONE/- image/png 1472031672.864 0 10.6.2.6 TCP_IMS_HIT/304 237 GET http://10.6.3.151/1.png - NONE/- image/png 1472031673.100 2 10.6.2.6 TCP_REFRESH_UNMODIFIED/304 245 GET http://10.6.3.151/1.png - FIRST_UP_PARENT/img01.etiantian.org - 1472031673.413 1 10.6.2.6 TCP_IMS_HIT/304 237 GET http://10.6.3.151/1.png - NONE/- image/png 1472031673.659 0 10.6.2.6 TCP_IMS_HIT/304 237 GET http://10.6.3.151/1.png - NONE/- image/png 1472031673.923 0 10.6.2.6 TCP_IMS_HIT/304 237 GET http://10.6.3.151/1.png - NONE/- image/png 1472031674.091 2 10.6.2.6 TCP_REFRESH_UNMODIFIED/304 245 GET http://10.6.3.151/1.png - FIRST_UP_PARENT/img01.etiantian.org - 1472031674.297 0 10.6.2.6 TCP_IMS_HIT/304 237 GET http://10.6.3.151/1.png - NONE/- image/png 1472031724.279 3 10.6.2.6 TCP_REFRESH_UNMODIFIED/304 245 GET http://10.6.3.151/1.png - FIRST_UP_PARENT/img01.etiantian.org - 1472031724.988 0 10.6.2.6 TCP_IMS_HIT/304 237 GET http://10.6.3.151/1.png - NONE/- image/png 1472031725.323 1 10.6.2.6 TCP_REFRESH_UNMODIFIED/304 245 GET http://10.6.3.151/1.png - FIRST_UP_PARENT/img01.etiantian.org - 1472031725.547 0 10.6.2.6 TCP_IMS_HIT/304 237 GET http://10.6.3.151/1.png - NONE/- image/png
标签:squid
原文地址:http://youxianguang.blog.51cto.com/12081522/1854569
