Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of "how to deploy Squid proxy service in CentOS". The editor shows you the operation process through an actual case. The operation method is simple, fast and practical. I hope this article "how to deploy Squid proxy service in CentOS" can help you solve the problem.

Squid cache (Squid for short) is a popular proxy server and Web cache server for free software (GNU General Public license). Squid has a wide range of uses, from the front-end cache server as a web server to cache related requests to increase the speed of the Web server, to cache the World wide Web for a group of people to share network resources, domain name system and other web searches, to help network security by filtering traffic, to surfing the Internet through proxies in the local area network. Squid is mainly designed to run on systems such as Unix.

System environment

Operating system: CentOS release 6.5Squid version: squid-3.1.10-20.el6_5.3.x86_64 turn off httpd turn off firewall

Install the Squid service

Check to see if squid software is installed

# rpm-qa | grep squid

If it is not installed, install it using yum

# yum-y install squid

Set Boot self-boot

# chkconfig-- level 35 squid on / / automatically runs the squid service at levels 3 and 5

Profile description of the squid server

The main configuration file for squid is / etc/squid/squid.conf, where all squid settings are configured. Here are some common configuration options.

Http_port 3128 / / set the listening IP and port number cache_mem 64 MB / / provide additional memory for squid. The total memory footprint of squid is X * 10cm 15 + "cache_mem", where X is the capacity occupied by squid cache (in GB). / / for example, if the following cache size is 100m, that is, 0.1GB, then the total memory footprint is 0.1 "10m 15" 6480m. It is recommended that the size of the physical memory is 1 / 3-1 / 2 or more. Maximum_object_size 4 MB / / set squid disk cache maximum file, files over 4m are not saved to hard disk minimum_object_size 0 KB / / set squid disk cache minimum file maximum_object_size_in_memory 4096 KB / / set squid memory cache maximum file Files exceeding 4m are not saved to memory cache_dir ufs / var/spool/squid 10016256 / / define the cache storage path of squid, the cache directory capacity (in M), the number of primary cache directories, Number of secondary cache directories logformat combined% > a% ui% un [% tl] "% rm% ru HTTP/%rv"% Hs% h "% {User-Agent} > h"% Ss:%Sh / / log file log format access_log / var/log/squid/access.log combined / / log file storage path and log format cache_log / var/log/squid/cache.log / / set cache log logfile _ rotate 60 / / log takes 60 days when cache_swap_high 95 / / cache directory usage is more than 95% Start cleaning the old cachecache_swap_low 90 / / cache directory and stop when you clean up to 90%. Acl localnet src 192.168.1.0 http_access allow localnet 24 / define local network segment http_access allow localnet / / allow local network segments to use http_access deny all / / deny all visible_hostname squid.david.dev / / hostname cache_mgr example@test.com / / administrator mailboxes

General agent service

The standard, traditional proxy service requires the client to specify the address and port of the proxy server in the browser. The diagram of the lab topology is as follows:

Configure the Squid proxy server IP address

Modify the IP address of eth2 to 200.168.10.1

# ifconfig eth2 200.168.10.1

Edit squid main configuration file / etc/squid/squid.conf

Http_port 3128cache_mem 64 MBmaximum_object_size 4 MBcache_dir ufs / var/spool/squid 100 16 256access_log / var/log/squid/access.logacl localnet src 192.168.1.0/24http_access allow localnethttp_access deny allvisible_hostname squid.david.devcache_mgr mchina_tang@qq.com

Initialization

# squid-z

Start Squid

# / etc/init.d/squid start

Configure the Web server

a. Install Apache

# rpm-qa | grep httpd# yum-y install httpd

b. Start Apache and join boot boot

# / etc/init.d/httpd start# chkconfig httpd on

c. Create index.html

# echo "Squid-Web1/200.168.10.2" > / var/www/html/index.html

d. Modify the Web server IP address to change the IP address of the web server to 200.168.10.2

# ifconfig eth0 200.168.10.2

Configure the client IP address

Configure browser proxy

Open the browser (take IE as an example, other similar), menu bar-> tools-> Internet options-> connection-> LAN Settings-> proxy server, and set according to the following format.

test

Transparent proxy service

Suitable for the gateway host of the enterprise, the client does not need to specify the proxy server address, port and other information, and transfers the client's Web access data to the proxy server program through iptables. The diagram of the lab topology is as follows:

Modify squid main configuration file / etc/squid/squid.conf

Http_port 3128 transparentcache_mem 64 MBmaximum_object_size 4 MBcache_dir ufs / var/spool/squid 100 16 256access_log / var/log/squid/access.logacl localnet src 192.168.1.0/24http_access allow localnethttp_access deny allvisible_hostname squid.david.devcache_mgr mchina_tang@qq.com

Add the transparent keyword after http_port 3128.

Reload

Reload allows the above configuration to take effect.

# / etc/init.d/squid reload

Add iptables rules to redirect internal http requests to port 3128

a. Start the iptables service

# / etc/init.d/iptables start

b. Clear existing iptables filter rules

# iptables-F

c. Save iptables settings

# / etc/init.d/iptables save

d. Add a rule to the nat table

# iptables-t nat-I PREROUTING-I eth0-s 192.168.1.0 dport 24-p tcp-- dport 80-j REDIRECT-- to-port 3128

e. Save

# / etc/init.d/iptables save

Modify client IP address

Set the default gateway to the private network ip address of the squid server.

In the browser, cancel the proxy settings

Reverse proxy service

Provides caching acceleration for Internet users to access corporate Web sites. Lab Topology:

Turn off the firewall

# / etc/init.d/iptables stop

Modify the Web Server home page

Web1:# echo "Squid-Web1/192.168.1.18" > / var/www/html/index.htmlWeb2:# echo "Squid-Web1/192.168.1.19" > / var/www/html/index.html

Configure squid

Http_port 80 accel vhosthttp_access allow allcache_peer 192.168.1.18 parent 80 0 originserver round-robin weight=1cache_peer 192.168.1.19 parent 80 0 originserver round-robin weight=1visible_hostname squid.david.devcache_mgr mchina_tang@qq.com

Start the Squid service

Squid failed to start because the listening port of squid is set to 80, which conflicts with the http service of the system, so stop the http service and then start squid.

test

Squid uses round-robin, so client access will poll two web servers and use "Ctrl + F5" to deeply refresh the test.

Web1:

Web2:

This is the end of the introduction on "how to deploy the Squid proxy service in CentOS". Thank you for reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.