Shulou(Shulou.com)06/01 Report--

Xiaobian to share with you Squid3.0 reverse proxy how to configure and install, I believe most people do not know how, so share this article for your reference, I hope you have a lot of harvest after reading this article, let us go to understand it together!

Download Squid 3.0

1. Squid can be obtained with the following command

wget http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE13.tar.gz

2. Create a squid user

useradd squid -M -c "Squid user" -d /dev/null -s /sbin/nologin

3. preparation system environment

Running on our Linux:

# ulimit -n

1024

Obviously 1024 may not be able to meet demand. Reset.

# ulimit -HSn 65536

# ulimit -n

65536

ulimit -HSn 65536 needs to be set in/etc/rc.d/rc.local to prevent failure after restart. It takes time to increase the size of this limit. Otherwise, squid will perform poorly under high loads.

Of course, you can also execute the echo and ulimit commands after each system boot, or at least before squid boots. If you use some rc.d script to start squid, that's a good place to put these commands.

Temporary Port Range

Temporary ports are local ports assigned by the TCP/IP stack to outgoing connections. In other words, when squid initiates a connection to another server, the kernel assigns a port number to the local socket. These local port numbers have specific range limitations. For example, on FreeBSD, the default temporary port range is 1024-5000.

A shortage of temporary port numbers can have a significant impact on performance for very busy proxy servers (e.g. hundreds of connections per second). This is because some TCP connections enter the TIME_WAIT state when they are closed. Temporary port numbers cannot be reused when a connection enters the TIME_WATI state.

You can use the netstat command to show how many connections are in this state:

% netstat -n | grep TIME_WAIT

Proto Recv-Q Send-Q Local Address Foreign Address (state)

tcp4 0 0 192.43.244.42.19583 212.67.202.80.80 TIME_WAIT

tcp4 0 0 192.43.244.42.19597 202.158.66.190.80 TIME_WAIT

tcp4 0 0 192.43.244.42.19600 207.99.19.230.80 TIME_WAIT

tcp4 0 0 192.43.244.42.19601 216.131.72.121.80 TIME_WAIT

tcp4 0 0 192.43.244.42.19602 209.61.183.115.80 TIME_WAIT

tcp4 0 0 192.43.244.42.3128 128.109.131.47.25666 TIME_WAIT

tcp4 0 0 192.43.244.42.3128 128.109.131.47.25795 TIME_WAIT

tcp4 0 0 192.43.244.42.3128 128.182.72.190.1488 TIME_WAIT

tcp4 0 0 192.43.244.42.3128 128.182.72.190.2194 TIME_WAIT

Note that there are both client and server connections in this example. The client connection has 3128 as the temporary port number, and the server connection has 80 as the port number of the remote host. The temporary port number appears in the local address bar. In this example, they are 19000 seconds.

On Linux, simply write a pair of numbers to the following specified file:

# echo "1024 40000″ > /proc/sys/net/ipv4/ip_local_port_range

Don't forget to add these commands to your system startup script so that they take effect every time the machine restarts.

4. compile and install

tar -zxvf squid-3.0.STABLE13.tar.gz

cd squid-3.0.STABLE13

./ configure -prefix=/usr/local/squid3 -enable-dlmalloc -enable-gnuregex -enable-async-io -enable-removal-policies='heap,lru' -enable-delay-pools -disable-snmp -enable-storeio='ufs,aufs,null' -disable-wccp -enable-kill-parent-hack -disable-select -enable-auth=basic -with-aio -disable-ident-lookup -with-filedescriptors=65536 -enable-err-languages="Simplify_Chinese" -enable-default-err-languages="Simplify_Chinese"

make

make install

Each of the following parameters has a corresponding meaning. There is no explanation here, there are many online.

In fact, the most important thing about squid is the configuration of squid. conf.

/usr/local/squid3/etc/squid.conf

Refer to the following example to understand the configuration file

visible_hostname squid1.ihompy.com

#Set the hostname of squid, without this squid will not start

http_port 80 accel vhost vport

#Set squid to accel acceleration mode,vhost must be added. Otherwise, host headers cannot be forwarded to backend servers, and access will result in host header not found errors

cache_peer www.contentchina.com parent 80 0 no-query originserver name=contentchina

cache_peer bbs.contentchina.com parent 80 0 no-query originserver name=bbs

cache_peer www.ihompy.com parent 80 0 no-query originserver name=ihompy

#Define different parent nodes, set nodes to no-query and originserver to indicate that these nodes are actual servers

cache_peer_domain contentchina www.contentchina.com

cache_peer_domain bbs bbs.contentchina.com

cache_peer_domain ihompy www.ihompy.com

#Set different domain names to forward to different cache_peers, if this is not available. Domain names for different domains may be distributed to the same server.

acl all src 0.0.0.0/0.0.0.0

http_access allow all

#Allow all clients access

cache_log /var/log/squid/cache.log

#Log in

#*********ACL Access Control ************

acl QueryString url_regex \. php?

#******************************

no_cache deny QueryString

#Do not buffer ACL content that matches QueryString

#*****************************

maximum_object_size 320010 KB

#Objects larger than this capacity will not be saved on disk, the default size is 4M, if the squid server is used to buffer large files such as flash, it is recommended to increase this value. Otherwise oversized files will need to be retrieved after the next restart

maximum_object_size_in_memory 100 KB

#Maximum size of objects in memory, default size is 8K if server memory is large. You can increase the size of this value appropriately. It is recommended to set the size according to 80% of the images on the website. Or customize according to the size of the most frequently accessed file in the actual access file of the WEB server

#*********** Other optional configurations *********

dns_nameservers 10.0.0.1 192.172.0.4

#Configure DNS server addresses. Get backend gets IP address from this dns

cache_mgr code_tin@msn.com

#Webmaster address appearing in error log.

Squid 3.0 is the same as 2.6. Compared to 2.5 accel mode configuration is much simpler

cache_peer parent originserver

you can reverse proxy.

The httpd_accel parameter configuration is no longer required.

When configuring squid, it is best to make internal dns, or modify the/etc/hosts file

Otherwise squid may loop back to itself and cause problems.

Your own configuration process:

http_port 80 option http_port specifies the port on which squid listens for HTTP requests, generally set to port 80, so that users do not feel the presence of reverse proxies, just like accessing real

Same as the WEB server.

http_port 80 accel vhost vport

cache_mem 128 MB shared memory size (memory used by squid when providing services)

maximum_object_size_in_memory 512 KB Maximum cache file size, no cache above this value

memory_replacement_policy lru replacement mechanism (lru is called recently infrequently used unit, which is generally referred to as object, that is, when the contents of cache, such as memory or hard disk, reach the upper limit, then data needs to be exchanged in and out)

cache_dir null /tmp cache_dir stores cache contents, i.e. the physical repository of objects

cache_dir ufs /tmp1 10000 16 256 (/tmp size L1 L2)

100G has 16 level 1 directories and 256 level 2 directories under each level 1 directory.

#Disk cache type and directory, size, first level directory settings, where the disk cache size is 10G

ufs is a file storage method, because os generally obtains data from memory, then the memory must be written last on the hard disk ~

The same is true for UFS used for sync synchronization, and for squid.

ufs generally writes to memory and hard disk at the same time

Note: size is the upper limit of the maximum storage capacity in this directory in M units

max_open_disk_fds 0

minimum_object_size 0 KB

maximum_object_size 4096 KB

logformat squid %ts.tu %6tr %>a %Ss/Hs %

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.