天天看點
傳回

Squid做反向代理緩存

環境介紹:

主機名 角色 IP位址
squid.contoso.com squid代理伺服器 192.168.49.135
p_w_picpath01.contoso.com 圖檔伺服器(web) 192.168.49.139

一、準備工作

以其中一台為例:

[root@squid etc]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

Chain OUTPUT (policy ACCEPT)

[root@squid etc]# getenforce

Disabled

[root@squid etc]# tail -2 /etc/hosts

192.168.49.139  p_w_picpath01.contoso.com  p_w_picpath01

192.168.49.135  squid.contoso.com  squid

[root@squid etc]# crontab -l  #時間同步一定要做,不然反向代理緩存可能出現無法命中的問題

0 * * * * /usr/sbin/ntpdate   210.72.145.44 64.147.116.229 time.nist.gov

二、squid配置

繼續上一篇squid的正向代理中的配置,進行相應的修改。

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 8001       

acl CONNECT method CONNECT

#acl qq url_regex -i ^http://.*qq.*$

#http_access deny qq

#acl qq_path urlpath_regex -i \.*qq*

#http_access deny qq_path

# 設定squid acl通路控制規則

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localnet

http_access deny all

icp_access allow localnet

icp_access deny all

htcp_access allow localnet

htcp_access deny all

http_port 80 accel vhost vport  #squid反向代理需要使用80端口,并設定squid支援虛拟主機模式

hierarchy_stoplist cgi-bin ?

cache_dir ufs /usr/local/squid/var/cache 100 16 256

access_log /usr/local/squid/var/logs/access.log squid

cache_log /usr/local/squid/var/logs/cache.log

cache_store_log /usr/local/squid/var/logs/store.log

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern (cgi-bin|\?) 0 0% 0

refresh_pattern . 0 20% 4320

cache_mgr [email protected]

# 設定squid運作的使用者

cache_effective_user squid   

cache_effective_group squid

# 設定squid的可視化主機名

visible_hostname  cache1.contoso.com

#icp_port 3130  #這裡需要把icp端口注釋掉,因為下面的cache_peer中定義端口0作為icp端口,也就是不使用icp端口進行squid伺服器間通信,如果保留3130會産生沖突,是以要麼修改為0,要麼注釋或删掉該行

coredump_dir /usr/local/squid/var/cache

cache_mem 90 MB

cache_swap_low  90

cache_swap_high 95

maximum_object_size  8192 KB

minimum_object_size  0 KB

maximum_object_size_in_memory  4096 KB

memory_replacement_policy  lru

emulate_httpd_log  on

cache_peer p_w_picpath01.contoso.com  parent 80 0 no-query no-digest max-conn=32 originserver #設定對那些web伺服器做反向代理

hosts_file /etc/hosts   #設定squid使用/etc/hosts檔案解析域名

request_header_max_size 128 KB   #設定請求頭部大小的最大值

ipcache_size 1024 

ipcache_low 90

ipcache_high 95

三、圖檔伺服器安裝httpd服務

yum -y install httpd
[root@p_w_picpath01 html]# ll
total 272
-rw-r--r-- 1 root root 193402 Jun 26  2014 lnmp.jpg
-rw-r--r-- 1 root root   7807 Jun  5  2014 mysql.png
-rw-r--r-- 1 root root  26837 Apr 24  2012 nginx.jpg
-rw-r--r-- 1 root root  43831 Dec 19  2013 php.jpg
service httpd restart

浏覽器進行測試通路:

Squid做反向代理緩存

四、啟動squid并測試反向代理

[root@squid etc]# squid -k parse

2016/10/30 23:09:23| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)

2016/10/30 23:09:23| Initializing https proxy context

[root@squid etc]# squid -D

[root@squid etc]# netstat -tunlp|grep squid

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      1164/(squid) 

[root@squid etc]# lsof -i :80   #這裡也可以說明squid伺服器上是沒有httpd等web服務在運作

COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

squid   1164 squid   18u  IPv4  10763      0t0  TCP *:http (LISTEN)

在浏覽器中通路squid伺服器,測試反正代理效果:

Squid做反向代理緩存
Squid做反向代理緩存

通路成功,說明squid反向代理沒有問題。

再檢視一下squid通路日志:

[root@squid etc]# squid -k rotate

[root@squid ~]# >/usr/local/squid/var/logs/access.log

[root@squid ~]# tail -f /usr/local/squid/var/logs/access.log

1477885541.844      0 192.168.49.1 TCP_IMS_HIT/304 249 GET http://192.168.49.135/lnmp.jpg - NONE/- p_w_picpath/jpeg

1477885545.966      0 192.168.49.1 TCP_IMS_HIT/304 249 GET http://192.168.49.135/lnmp.jpg - NONE/- p_w_picpath/jpeg

1477885557.249      0 192.168.49.1 TCP_IMS_HIT/304 248 GET http://192.168.49.135/php.jpg - NONE/- p_w_picpath/jpeg

1477885565.281      5 192.168.49.1 TCP_MISS/200 27189 GET http://192.168.49.135/nginx.jpg - FIRST_UP_PARENT/p_w_picpath01.contoso.com p_w_picpath/jpeg

1477885567.835      0 192.168.49.1 TCP_IMS_HIT/304 246 GET http://192.168.49.135/nginx.jpg - NONE/- p_w_picpath/jpeg

1477885568.629      0 192.168.49.1 TCP_IMS_HIT/304 246 GET http://192.168.49.135/nginx.jpg - NONE/- p_w_picpath/jpeg

1477885708.180      2 192.168.49.1 TCP_MISS/200 8157 GET http://192.168.49.135/mysql.png - FIRST_UP_PARENT/p_w_picpath01.contoso.com p_w_picpath/png

1477885710.626      0 192.168.49.1 TCP_IMS_HIT/304 245 GET http://192.168.49.135/mysql.png - NONE/- p_w_picpath/png

五、squid開啟離線模式

# 在squid.conf中開啟offline_mode

[root@squid etc]# echo "offline_mode on" >> squid.conf

[root@squid etc]# tail -1 squid.conf

offline_mode on

# 重新開機squid

[root@squid etc]# killall squid

squid: no process killed

2016/10/30 23:53:30| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)

2016/10/30 23:53:30| Initializing https proxy context

[root@squid etc]# lsof -i :80

squid   1230 squid   18u  IPv4  11547      0t0  TCP *:http (LISTEN)

# 關閉圖檔伺服器的httpd服務

[root@p_w_picpath01 html]# service httpd stop

Stopping httpd:                                            [  OK  ]

浏覽器通路圖檔伺服器(注意清除浏覽器緩存先):

Squid做反向代理緩存

發現圖檔伺服器已經無法通路。

再通路squid代理伺服器(也需要清理浏覽器緩存):

Squid做反向代理緩存

發現squid代理伺服器依然能夠通路,而且即使使用Ctrl+F5進行強制重新整理依然能夠正常通路。

檢視一下日志:

1477892930.670      0 192.168.49.1 TCP_IMS_HIT/304 249 GET http://192.168.49.135/lnmp.jpg - NONE/- p_w_picpath/jpeg

1477892930.905      0 192.168.49.1 TCP_IMS_HIT/304 249 GET http://192.168.49.135/lnmp.jpg - NONE/- p_w_picpath/jpeg

1477892931.107      0 192.168.49.1 TCP_IMS_HIT/304 249 GET http://192.168.49.135/lnmp.jpg - NONE/- p_w_picpath/jpeg

1477892941.516      0 192.168.49.1 TCP_IMS_HIT/304 249 GET http://192.168.49.135/lnmp.jpg - NONE/- p_w_picpath/jpeg

1477892941.997      0 192.168.49.1 TCP_IMS_HIT/304 249 GET http://192.168.49.135/lnmp.jpg - NONE/- p_w_picpath/jpeg

1477892942.196      0 192.168.49.1 TCP_IMS_HIT/304 249 GET http://192.168.49.135/lnmp.jpg - NONE/- p_w_picpath/jpeg

1477892942.403      0 192.168.49.1 TCP_IMS_HIT/304 249 GET http://192.168.49.135/lnmp.jpg - NONE/- p_w_picpath/jpeg

1477892942.584      0 192.168.49.1 TCP_IMS_HIT/304 249 GET http://192.168.49.135/lnmp.jpg - NONE/- p_w_picpath/jpeg

1477892942.965      0 192.168.49.1 TCP_IMS_HIT/304 249 GET http://192.168.49.135/lnmp.jpg - NONE/- p_w_picpath/jpeg

squid 緩存 反向代理
上一篇: SDN第二次上機作業
下一篇: 反向代理 Squid 攻略(一)

繼續閱讀