Shulou(Shulou.com)06/01 Report--

This article is about how to build a Squid proxy server under Linux. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Squid is a Unix-based proxy server (proxy server) that caches Internet content closer to the requester than the starting point. Squid supports caching a variety of different network objects, including those accessed through HTTP and FTP. Caching frequently requires web pages, media files, and other content that speed up response time and reduce bandwidth congestion.

Img

1.1 Workflow

When there is data needed by the client in the proxy server: a. The client sends data requests to the proxy server; b. The proxy server checks its own data cache; c. The proxy server finds the data the user wants in the cache and takes out the data; d. The proxy server returns the data obtained from the cache to the client.

When there is no data needed by the client in the proxy server:\ 1. The client sends a data request to the proxy server. The proxy server checks its own data cache. The proxy server did not find the data the user wanted in the cache;\ 4. The proxy server sends data requests to the remote server on Internet;\ 5. The remote server responds and returns the corresponding data. The proxy server takes the data from the remote server, returns it to the client, and keeps a copy of it in its own data cache. The Squid proxy server works at the application layer of TCP/IP.

1.2 Squid classification

According to the different types of agents, Squid agents can be divided into forward agents and reverse agents. According to the different ways of implementation, forward agents can be divided into ordinary agents and transparent agents. General proxy: requires the client to specify the address and port of the proxy server in the browser; transparent proxy: in the gateway host suitable for the enterprise (shared access Internet), the client does not need to specify the proxy server address, port and other information, and the proxy server needs to set a firewall policy to transfer the client's Web access data to the proxy server for processing. Reverse proxy: it means that the proxy server accepts the connection request on the internet, then forwards the request to the server on the internal network, and returns the result obtained from the server to the client requesting the connection on the internet. At this time, the proxy server acts as a server externally.

II. System environment

Operating system: CentOS release 6.5Squid version: squid-3.1.10-20.el6_5.3.x86_64 turn off httpd turn off firewall

3. Install Squid service

3.1 check whether the squid software is installed

# rpm-qa | grep squid

3.2 if it is not installed, install it using yum

# yum-y install squid

3.3 set Boot self-boot

# chkconfig-- level 35 squid on / / automatically runs the squid service at levels 3 and 5

Fourth, the configuration file description of the squid server

The main configuration file for squid is / etc/squid/squid.conf, where all squid settings are configured. Here are some common configuration options.

Http_port 3128 / / set the listening IP and port number cache_mem 64 MB / / provide additional memory for squid. The total memory footprint of squid is X * 10cm 15 + "cache_mem", where X is the capacity occupied by squid cache (in GB). / / for example, if the following cache size is 100m, that is, 0.1GB, then the total memory footprint is 0.1 "10m 15" 6480m. It is recommended that the size of the physical memory is 1 / 3-1 / 2 or more. Maximum_object_size 4 MB / / set squid disk cache maximum file, files over 4m are not saved to hard disk minimum_object_size 0 KB / / set squid disk cache minimum file maximum_object_size_in_memory 4096 KB / / set squid memory cache maximum file Files exceeding 4m are not saved to memory cache_dir ufs / var/spool/squid 10016256 / / define the cache storage path of squid, the cache directory capacity (in M), the number of primary cache directories, Number of secondary cache directories logformat combined% > a% ui% un [% tl] "% rm% ru HTTP/%rv"% Hs% h "% {User-Agent} > h"% Ss:%Sh / / log file log format access_log / var/log/squid/access.log combined / / log file storage path and log format cache_log / var/log/squid/cache.log / / set cache log logfile _ rotate 60 / / log takes 60 days when cache_swap_high 95 / / cache directory usage is more than 95% Start cleaning the old cachecache_swap_low 90 / / cache directory and stop when you clean up to 90%. Acl localnet src 192.168.1.0 http_access allow localnet 24 / define local network segment http_access allow localnet / / allow local network segments to use http_access deny all / / deny all visible_hostname squid.david.dev / / hostname cache_mgr example@test.com / / administrator mailboxes

V. General agency service

The standard, traditional proxy service requires the client to specify the address and port of the proxy server in the browser. The diagram of the lab topology is as follows:

5.1Configuring Squid proxy server IP address

Modify the IP address of eth2 to 200.168.10.1

# installation and configuration of ifconfig eth2 200.168.10.1CentOS6 Squid proxy server installation and configuration of CentOS6 Squid proxy server

5.2 Edit squid main configuration file / etc/squid/squid.conf

Http_port 3128cache_mem 64 MBmaximum_object_size 4 MBcache_dir ufs / var/spool/squid 100 16 256access_log / var/log/squid/access.logacl localnet src 192.168.1.0/24http_access allow localnethttp_access deny allvisible_hostname squid.david.devcache_mgr mchina_tang@qq.com

5.3 initialization

# installation and configuration of squid-zCentOS6 Squid proxy server installation and configuration of CentOS6 Squid proxy server

5.4 start Squid

# / etc/init.d/squid start

5.5Configuring Web server

a. Install Apache

# rpm-qa | grep httpd# yum-y install httpd

b. Start Apache and join boot boot

# / etc/init.d/httpd start# chkconfig httpd on

c. Create index.html

# echo "Squid-Web1/200.168.10.2" > / var/www/html/index.html

d. Modify the Web server IP address to change the IP address of the web server to 200.168.10.2

# ifconfig eth0 200.168.10.2

5.6 configure client IP address

Installation and configuration of CentOS6 Squid proxy server installation and configuration of CentOS6 Squid proxy server

5.7 configure browser proxy

Open the browser (take IE as an example, other similar), menu bar-> tools-> Internet options-> connection-> LAN Settings-> proxy server, and set according to the following format.

5.8 Test

Installation and configuration of CentOS6 Squid proxy server installation and configuration of CentOS6 Squid proxy server

VI. Transparent proxy service

Suitable for the gateway host of the enterprise, the client does not need to specify the proxy server address, port and other information, and transfers the client's Web access data to the proxy server program through iptables. The diagram of the lab topology is as follows:

6.1 modify squid main configuration file / etc/squid/squid.conf

Http_port 3128 transparentcache_mem 64 MBmaximum_object_size 4 MBcache_dir ufs / var/spool/squid 100 16 256access_log / var/log/squid/access.logacl localnet src 192.168.1.0/24http_access allow localnethttp_access deny allvisible_hostname squid.david.devcache_mgr mchina_tang@qq.com

Add the transparent keyword after http_port 3128.

6.2 reload

Reload allows the above configuration to take effect.

# / etc/init.d/squid reload

Add iptables rules to redirect internal http requests to port 3128

a. Start the iptables service

# / etc/init.d/iptables start

b. Clear existing iptables filter rules

# iptables-F

c. Save iptables settings

# / etc/init.d/iptables save

d. Add a rule to the nat table

# iptables-t nat-I PREROUTING-I eth0-s 192.168.1.0 dport 24-p tcp-- dport 80-j REDIRECT-- to-port 3128

e. Save

# / etc/init.d/iptables save

6.4 modify client IP address

Set the default gateway to the private network ip address of the squid server.

6.5 in the browser, cancel the proxy settings

Installation and configuration of CentOS6 Squid proxy server installation and configuration of CentOS6 Squid proxy server

VII. Reverse proxy service

Provides caching acceleration for Internet users to access corporate Web sites. Lab Topology:

7.1 turn off the firewall

# / etc/init.d/iptables stop

7.2 modify the Web Server home page

Web1:# echo "Squid-Web1/192.168.1.18" > / var/www/html/index.htmlWeb2:# echo "Squid-Web1/192.168.1.19" > / var/www/html/index.html

7.3 configure squid

Http_port 80 accel vhosthttp_access allow allcache_peer 192.168.1.18 parent 80 0 originserver round-robin weight=1cache_peer 192.168.1.19 parent 80 0 originserver round-robin weight=1visible_hostname squid.david.devcache_mgr mchina_tang@qq.com

7.4 start the Squid service

Squid failed to start because the listening port of squid is set to 80, which conflicts with the http service of the system, so stop the http service and then start squid.

7.6 Test

Squid uses round-robin, so client access will poll two web servers and use "Ctrl + F5" to deeply refresh the test. Web1: Web2:

Thank you for reading! This is the end of this article on "how to build a Squid proxy server under Linux". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.