Shulou(Shulou.com)05/31 Report--

This article mainly introduces "the method of erection and maintenance of Squid proxy server under Linux". In the daily operation, I believe that many people have doubts about the method of erection and maintenance of Squid proxy server under Linux. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "the method of erection and maintenance of Squid proxy server under Linux". Next, please follow the editor to study!

I. Analysis of users

Existing network conditions:

Our campus network has connected 31 buildings through optical cable. The total length of optical cable is about 15km. Structured wiring has been realized in most buildings. There are dozens of network multimedia classrooms, teaching bases, laboratories and computer rooms connected to the campus network, and more than 3000 computers are connected to the campus network. At present, our school has two exits, one with a speed of 10m bps, which is connected to China Education and Research Network cernet through optical fiber, and the other is connected to China Telecom at a speed of 4m bps.

User requirements:

The main users of our campus network are students and teachers. According to statistics, about 80% of users use www, ftp and other resources. There are 126 chinanet ip in our school, which can not be distributed to all users. Setting up a proxy server to enable all users to use network resources is the simplest and relatively safe and reliable way. Through the establishment of a special www (ftp) agent to meet the main needs of users, through the establishment of socks5 agent to meet the other needs of users.

Second, the choice of hardware and software

Hardware

Cache server can be an ordinary pc server plus cache software (such as squid, inktomi), or it can be a software and hardware system and a special cache server. According to the actual situation of chinanet exit, the maximum amount of incoming data per second for the exit of 4mbps rate is about 500k/s. There is a double gigabit connection between the nodes of the backbone network of our school, which is 100 megabytes to some laboratories and 10m to the dormitory. The maximum amount of data sent is about 12m/s. The amount of data transmitted is not very large, and the traditional ia32 architecture server can meet the demand. The main computer room of the network center of our school uses cabinets to store servers. Hewlett-Packard's lh6000 server, with strong scalability, is a new type of six-way server. The computing load of the proxy server is not very heavy, and the requirement for io is high. Lh6000 can achieve this by customizing the configuration. The use of raid can improve disk performance and increase the reliability of data. The proxy server software takes up a lot of memory. Lh6000 can support 8gb memory. The final selection configuration is as follows:

Configuration

Processor: intel xeon processor

Memory: 2g

Disk controller: integrated dual-channel ultra3 scsi hp netraid controller with 32mb cache

Additional single channel: ultra wide scsi controller

Built-in storage: hot-swappable 5x18g half-height drive

Network card: built-in intel 82559 100m network card

Power supply: 3 hot-swappable power supplies

Raid uses the raid5 mode, which writes data to the disks in the array, and parity data is stored on each disk in the array, allowing individual disk errors. Raid 5 also uses the check bits of the data to ensure the security of the data, but it does not store the check bits of the data on a separate hard disk, but stores the check bits of the data segments on each hard disk interactively. In this way, if any hard disk is damaged, the damaged data can be reconstructed according to the check bits on other hard drives.

Software

Squid internet object cache (the later version of harvest project) is a research project supported by the US government. Squid is an open source proxy server software. It is a full-featured proxy server software running under unix system. It can be cached for http protocol, ftp protocol and other protocols that use url to locate. It supports the client to transfer data using ssl protocol. It can use icp, htcp, carp, cache digests and other protocols and methods to cooperate with other servers running squid. It supports snmp protocol and can be coordinated and managed with corresponding software. And can configure detailed access control lists (acl).

Operating system

In the past, the school proxy server used linux as the operating system. This is because the previous proxy server usually doubles as other servers. Many server software is developed specifically for linux or runs most efficiently on linux. Squid itself was developed for the unix-like operating system. Itself does not have too many requirements for the system. At present, our school chinanet proxy server uses freebsd as the operating system.

There are several reasons for not choosing linux:

The development of the core part of linux is relatively open, and the core of freebsd is completed by a strict core team. Relative inspection is more stringent. The kernel of bsd is more stable than the kernel.

The bearing capacity of linux for high load is not as good as freebsd. For the tolerance of program errors under high load, bsd is much stronger than linux.

Many famous websites, such as yahoo, netease and other famous commercial websites, use freebsd, and their stability and performance have long been evaluated by many experts, which is far better than linux.

In the famous article "linux vs bsd: a tale of two system", the evaluation of freebsd is as follows: freebsd focuses on the intel architecture pc and server platforms, and on providing the best performance and stability possible. The dec/compaq alpha is also supported.

But freebsd also has weaknesses that are not as good as linux. It is mainly shown in the performance of disk io. This is mainly because the file system used by freebsd, ufs, is not as good as ext2/ext3 used on linux. But with the addition of softupdate, there will be a lot of improvement. And the overseas agent is configured to use raid5 mode, and the disk uses a high-speed scsi hard disk. In the case of the above hardware configuration, the difference between the efficiency of reading several k-sized small files of squid cache using ext2 and ufs+softupdate is less than 1/10000. Such efficiency differences can be ignored for proxy servers that load thousands of users.

Based on the above reasons, freebsd is finally chosen as the operating system of the proxy server.

III. Installation of proxy server software

Installation of squid

Freebsd's own ports program comes with a stable version of squid. Currently, the latest version of squid is 2.4.stable6. Executing make;make install under the / usr/ports/www/squid directory of freebsd downloads, compiles, and finally installs the latest version of squid code to the appropriate path in / usr.

Squid itself will be installed under / usr/local/sbin

The cache directory of squid defaults to / usr/local/squid/cache

The log directory of squid defaults to / usr/local/squid/logs

The profile directory for squid defaults to / usr/local/etc/squid

This installation is better than using binary package installation directly. Because binary package does not guarantee stable operation on custom systems. Downloading the source code verifies the md5 checksum of the source code before compiling it locally, which ensures that the source code I get is an unmodified version. And then compile locally. Finally, install to the appropriate directory.

Configuration of squid

The configuration file for squid is squid.conf

Some of the parameters are configured as follows: (to ensure the security of the proxy server, some parameters are replaced by *)

Http_port 8080 sets the http proxy port to 8080 cache_peer pa.us.ircache.net sibling 3128 3130 login=*:*

Cache_peer sj.us.ircache.net sibling 3128 3130 login=*:*

Cache_peer * parent 13280 4827 htcp *: *

These lines are features that use squid to work with several other machines, which make up cache_peer.

At this point, the study on "the method of setting up and maintaining the Squid proxy server under Linux" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.