A preliminary peek into squid service 01/20 Update SLTechnology News&Howtos

A preliminary peek into squid service

2025-01-20 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

What is the installation of squid services and simple use of squid

Squid is a high-performance proxy cache server, and Squid supports FTP, gopher, HTTPS and HTTP protocols. Unlike normal proxy caching software, Squid uses a separate, non-modular, Imax O-driven process to handle all client requests.

Squid source package installation

Download address http://www.squid-cache.org/Versions/

The tar zxvf squid-3.5.27.tar.gzcd squid-3.5.27/./configuremake & & make installsquid configuration file # acl all src 0.0.0.0amp 0.0.0.0 and http_access allow all option defines an access control list. For details, see the documentation carried with the Squid software #. The access control list here allows all access to the proxy service, because here the agent is the accelerated web server. Acl all src 0.0.0.0Univer 0.0.0 # allows all IP to access acl manager proto http # manager url protocol is httpacl localhost src 127.0.0.1 engine 255.255.255.255 # Yun noon native IPacl to_localhost dst 127.0.0.1 # Yun noon destination address is native IPacl Safe_ports port 80 The port that allows security updates is 80acl CONNECT method CONNECT # request method to allow everyone to use the agent with CONNECThttp_access allow all #. Because here is the proxy acceleration web server http_reply_access allow all # allows all clients to use this proxy acl OverConnLimit maxconn 16 # limit a maximum of 16 connections per IP Prevent http_access deny OverConnLimiticp_access deny all # from sending and receiving ICP requests from the neighbor server buffer. Allow direct update request ident_lookup_access deny all # prevent lookup from checking DNShttp_port 8080 transparent # Specifies the port number on which Squid listens for browser customer requests. Hierarchy_stoplist cgi-bin? # is used to force certain objects not to be cached, mainly for security purposes. Acl QUERY urlpath_regex cgi-bin\? cache deny QUERYcache_mem 1 GB # this is an optimization option, and increasing this memory value is good for caching. It should be noted that: # generally speaking, if the system has memory, set this value to (n /) 3m. Now it's 3G, so here's 1Gfqdncache_size 1024 # FQDN cache size maximum_object_size_in_memory 2 MB # allows the largest files to be loaded into memory memory_replacement_policy heap LFUDA # dynamically use the smallest, move out of memory cachecache_replacement_policy heap LFUDA # dynamically use the least Remove hard disk cachecache_dir ufs / home/cache 5000 32 512 # cache directory ufs type maximum allowable 1000MB space, # 32 first-level directories 512 secondary directories max_open_disk_fds 0 # maximum number of open files allowed 0 unlimited minimum_object_size 1 KB # minimum noon file request body size maximum_object_size 20 MB # maximum noon file request body size cache_swap_low 90 # minimum allowed swap 90%cache_swap_high 95 # maximum allowed swap 95%ipcache_size 2048 # IP address cache size 2Mipcache_low 90 # minimum allow ipcache to use swap 90%ipcache_high 95 # maximum allow ipcache to use swap 90%access_log / var/log/squid/access.log squid # to define log storage Logging cache_log / var/log/squid/cache.log squidcache_store_log none # disabling store log emulate _ httpd_log on # causes Squid to create access records in the same format as the Web server. If you want to use # Web to access the record analyzer, you need to set this parameter. Refresh_pattern. 0 20% 4320 override-expire override-lastmod reload-into-ims ignore-reload # Update cache rules acl buggy_server url_regex ^ http://.... Http:// # only http requests broken_posts allow buggy_serveracl apache rep_header Server ^ Apache # allow apache encoding broken_vary_encoding allow apacherequest_entities off # to disable non-http standard marking requests Prevent * * header_access header allow all # allow all http headers relaxed_header_parser on # not strictly analyze http headers. Client_lifetime 120 minute # maximum customer connection time 120 minutes cache_mgr sky@test.com # specified When there is a problem with the buffer, the address information of the alarm information is sent to the buffer manager. Cache_effective_user squid # here the Squid server cache_effective_group squidicp_port 0 # as user squid specifies the port number on which Squid sends and receives ICP requests from the neighbor server buffer. # set to 0 here because Squid is configured as the accelerator of the internal Web server, # so there is no need to use the buffer of the neighbor server. 0 is the host on which the # cache_peer setting is disabled to allow cache updates 127.0.0.1cache_peer 127.0.0.1 parent 800 no-query default multicast-responder no-netdb-exchangecache_peer_domain 127.0.0.1 hostname_aliases 127.0.0.1error_directory / usr/share/squid/errors/Simplify_Chinese # definition error path always_direct allow all # cache is missing or does not exist because it is native Is to allow all requests to be forwarded directly to the original server ignore_unknown_nameservers on # to open anti-DNS queries When the domain name address is different, disable access to the directory where coredump_dir / var/log/squid # defines dump max_filedesc 2048 # maximum open file description half_closed_clients off # causes Squid to close the client connection immediately when read no longer returns data. # sometimes read no longer returns data because some customers turn off TCP's sending data # and still keep receiving data. However, Squid can not tell the difference between semi-closed and completely closed TCP. If buffered_logs on # turns on the option "buffered_logs", it can speed up some writes to log files slightly, which mainly implements the optimization feature. # prevent Tianya theft chain, pass it on to Baidu acl tianya referer_regex-I tianyahttp_access deny tianyadeny_info tianya# to prevent baidu spider acl baidu req_header User-Agent Baiduspiderhttp_access deny baidu# from limiting the maximum number of connections of the same IP client acl OverConnLimit maxconn 128http_access deny OverConnLimit# to prevent being used as a HTTP proxy Set the IP address acl myip dst 222.18.63.37http_access deny! myip# to allow local administration acl Manager proto cache_objectacl Localhost src 127.0.0.1 222.18.63.37http_access allow Manager Localhostcachemgr_passwd 53034338 allhttp_access deny Manager# only allow proxy acl all src 0.0.0.0/0.0.0.0acl Safe_ports port 80 # httphttp_access deny! Safe_portshttp_access allow all#Squid information settings for port 80 Visible_hostname happy.swjtu.edu.cncache_mgr ooopic2008@qq.com# basic Settings cache_effective_user squidcache_effective_group squidtcp_recv_bufsize 65535 bytes#2.6 reverse proxy acceleration configuration cache_peer 127.0.0.1 parent 800 no-query originserver# error document error_directory / usr/local/squid/share/errors/Simplify_Chinese# single use Do not use this feature icp_port 0hierarchy_stoplist cgi-bin? acl QUERY urlpath_regex cgi-bin\? .php .cgi .avi .wmv .rm .mpg .mpeg .zip .execache deny QUERYacl apache rep_header Server ^ Apachebroken_vary_encoding allow apacherefresh_pattern ^ ftp: 1440 10080refresh_pattern ^ gopher: 1440 1440refresh_pattern. 0 20% 4320cache_store_log nonepid_filename / usr/local/squid/var/logs/squid.pidemulate_httpd_log on

My configuration is as follows:

The most important thing is to focus on regional visits.

Squdi startup # squid common command 1 initialize the cache directory configured in squid.conf squid-z if there is an error prompt, please check the permissions of the cache directory, you can change the directory permissions chown-R squid:squid / cache directory 2 to squid.conf error, that is, verify the syntax and configuration of squid.conf squid-k parse if there is a syntax or configuration error in squid.conf, it will return a prompt, if not returned Try to start squid3 foreground launch squid and output startup process / usr/local/squid/sbin/squid-N-D1 if ready to server reques related information is available. Indicates that squid starts successfully and then ctrl+c, stops squid, and starts it in the background. 4 start squid to run squid-s in the background. You can use ps-ax | grep squid to check whether the squid process exists. 5 stop squid squid-k shutdown6 reboot modified squid.conf squid-k reconfigure-f / XXX/squid.conf when squid makes configuration changes You can use this command to configure squid overload 7 add squid to the system startup item vim / etc/rc.local / usr/local/squid/sbin/squid-s modify the permissions of the cache cache directory chown-R squid.squid / cache directory cache cache directory changes according to your own configuration, squid users and groups are squid Squid8 modify the permissions of the squid log directory chown-R squid.squid defines the directory where the log files are located this step is not suitable for every user who uses squid, which means that squid has permission to write in this directory 9 to view your log document more / usr/local/squid/var/logs/access.log | grep TCP_MEM_HIT this directive can be seen during the run of squid. Those files are cached in memory by squid and returned to the visiting user. More / usr/local/squid/var/logs/access.log | grep TCP_HIT this instruction can see which files are cached in the cache directory by squid during the squid run and returned to the visiting user. More / usr/local/squid/var/logs/access.log | grep TCP_MISS this directive can see which files are not cached by squid while the squid is running, but are fetched from the original server and returned to the visiting user.

Run the service

# / usr/local/squid/sbin/squid-z makes the configuration file effective (need to be executed after modifying the configuration file) # / usr/local/squid/sbin/squid-k parse starts squid# / usr/local/squid/sbin/squid-s in the form of a background process ERROR: No forward-proxy ports configured.

Solution: https://www.cnblogs.com/AloneSword/p/4090827.htmlWARNING: Cannot write log file: / usr/local/squid/var/logs/cache.log

/ usr/local/squid/var/logs/cache.log: Permission denied

Messages will be sent to 'stderr'.

Solution: chmod-R 777 / usr/local/squid/var/logs