理論+實驗·CDN緩存加速傳統模式與透明模式
文章目錄
- 理論+實驗·CDN緩存加速傳統模式與透明模式
-
- 一、Squid安裝介紹
-
- 1.1 緩存代理概述
- 1.2 Squid安裝及運作
- 二、傳統代理
-
- 2.1 實驗環境
- 2.2 配置Squid伺服器
- 2.3 配置Web伺服器
- 2.4 使用Win 10 配置
- 三、透明代理
-
- 3.1 實驗環境
- 3.2 配置squid伺服器
- 3.3 配置web伺服器
一、Squid安裝介紹
1.1 緩存代理概述
- Web代理的工作機制
- 緩存網頁對象,減少重複請求
- 代理的基本類型
- 傳統代理:适用于Internet,需明确指定服務端
- 透明代理:客戶機不需指定代理伺服器的位址和端口,而是通過預設路由、防火牆政策将WEb通路重定向給代理伺服器處理
- 使用代理的好處
- 提高Web通路速度
- 隐藏客戶機的真實IP位址
1.2 Squid安裝及運作
- 編譯安裝Squid 3.4.6
//安裝前預安裝環境//
[[email protected] ~]# yum -y install gcc gcc-c++
//解壓縮源碼包//
[[email protected] ~]# tar zxvf squid-3.4.6.tar.gz -C /opt/
//進行編譯安裝//
[[email protected] ~]# cd /opt/squid-3.4.6/
[[email protected] squid-3.4.6]# ./configure \
--prefix=/usr/local/squid \
--sysconfdir=/etc \
--enable-arp-acl \
--enable-linux-netfilter \
--enable-linux-tproxy \
--enable-async-io=100 \
--enable-err-language="Simplify_Chinese" \
--enable-underscore \
--enable-poll \
--enable-gunregex
[[email protected] squid-3.4.6]# make && make install
//優化選項//
[[email protected] squid-3.4.6]# ln -s /usr/local/squid/sbin/* /usr/local/sbin/
//建立squid非登入賬戶//
[[email protected] squid-3.4.6]# useradd -M -s /sbin/nologin squid
[[email protected] squid-3.4.6]# chown -R squid.squid /usr/local/squid/var/
[[email protected] squid-3.4.6]# vim /etc/squid.conf
...
http_access allow all //允許所有//
#http_access deny all
...
http_port 3128
cache_effective_user squid //管理使用者設為squid//
cache_effective_group squid //管理使用者組設為squid//
...
[[email protected] squid-3.4.6]# squid -k parse //驗證文法是否有問題//
[[email protected] squid-3.4.6]# squid -z //初始化squid//
2020/09/06 10:44:07 kid1| Set Current Directory to /usr/local/squid/var/cache/squid
2020/09/06 10:44:07 kid1| Creating missing swap directories
2020/09/06 10:44:07 kid1| No cache_dir stores are configured.
[[email protected] squid-3.4.6]# squid //開啟squid//
[[email protected] squid-3.4.6]# netstat -ntap | grep 3128 //檢視端口是否已開啟//
tcp6 0 0 :::3128 :::* LISTEN 42748/(squid-1)
二、傳統代理
2.1 實驗環境
squid 20.0.0.10
web 20.0.0.20
Win10 20.0.0.200
需要準備好squid-3.4.6源碼包
2.2 配置Squid伺服器
//手工編譯安裝squid代理伺服器===>傳統模式//
[[email protected] ~]# yum -y install gcc gcc-c++
[[email protected] ~]# tar zxvf squid-3.4.6.tar.gz -C /opt/
[[email protected] ~]# cd /opt/squid-3.4.6/
[[email protected] squid-3.4.6]# ./configure \
--prefix=/usr/local/squid \
--sysconfdir=/etc \
--enable-arp-acl \
--enable-linux-netfilter \
--enable-linux-tproxy \
--enable-async-io=100 \
--enable-err-language="Simplify_Chinese" \
--enable-underscore \
--enable-poll \
--enable-gunregex
[[email protected] squid-3.4.6]# make && make install
[[email protected] squid-3.4.6]# ln -s /usr/local/squid/sbin/* /usr/local/sbin/
[[email protected] squid-3.4.6]# useradd -M -s /sbin/nologin squid
[[email protected] squid-3.4.6]# chown -R squid.squid /usr/local/squid/var/
[[email protected] squid-3.4.6]# vim /etc/squid.conf
...
http_access allow all //允許所有//
#http_access deny all
...
http_port 3128
cache_effective_user squid //管理使用者//
cache_effective_group squid
...
[[email protected] squid-3.4.6]# squid -k parse //驗證文法//
[[email protected] squid-3.4.6]# squid -z //初始化代理伺服器//
2020/09/06 10:44:07 kid1| Set Current Directory to /usr/local/squid/var/cache/squid
2020/09/06 10:44:07 kid1| Creating missing swap directories
2020/09/06 10:44:07 kid1| No cache_dir stores are configured.
[[email protected] squid-3.4.6]# squid //開啟//
[[email protected] squid-3.4.6]# netstat -ntap | grep 3128 //檢視是否已開啟//
tcp6 0 0 :::3128 :::* LISTEN 42748/(squid-1)
//添加啟動腳本//
[[email protected] squid-3.4.6]# cd /etc/init.d/
[[email protected] init.d]# vim squid
#!/bin/bash
#chkconfig: 2345 90 25
PID="/usr/local/squid/var/run/squid.pid"
CONF="/etc/squid.conf"
CMD="/usr/local/squid/sbin/squid"
case "$1" in
start)
netstat -ntap | grep squid &> /dev/null
if [ $? -eq 0 ]
then
echo "squid is runing"
else
echo "正在啟動 squid..."
$CMD
fi
;;
stop)
$CMD -k kill &> /dev/null
rm -rf $PID &>/dev/null
;;
status)
[ -f $PID ] &> /dev/null
if [ $? -eq 0 ]
then
netstat -ntap | grep squid
else
echo "squid is not runing"
fi
;;
restart)
$0 stop &> /dev/null
echo "則會個你在關閉 squid..."
$0 start &> /dev/null
echo "正在啟動 squid..."
;;
reload)
$CMD -k reconfigure
;;
check)
$CMD -k parse
;;
*)
echo "用法: $0{start|stop|status|restart|reload|check}"
;;
esac
[[email protected] init.d]# chmod +x squid
[[email protected] init.d]# chkconfig --add squid
[[email protected] init.d]# chkconfig --level 35 squid on
//傳統模式//
[[email protected] init.d]# vim /etc/squid.conf
...
http_port 3128
cache_effective_user squid
cache_effective_group squid
cache_mem 64 MB //緩存空間//
reply_body_max_size 10 MB //允許使用者下載下傳的最大檔案//
maximum_object_size 4096 KB //存儲檔案的大小最大時4096KB//
...
[[email protected] init.d]# iptables -F
[[email protected] init.d]# iptables -t nat -F
[[email protected] init.d]# setenforce 0
[[email protected] init.d]# iptables -I INPUT -p tcp --dport 3218 -j ACCEPT
[[email protected] init.d]# pkill squid
[[email protected] init.d]# squid
2.3 配置Web伺服器
[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# setenforce 0
[[email protected] ~]# yum -y install httpd
[[email protected] ~]# systemctl start httpd
2.4 使用Win 10 配置
浏覽器上面設定手動代理
設定好代理之後在浏覽器輸入"20.0.0.20"web伺服器的IP位址
檢視web伺服器的日志檔案可以看出是從squid代理伺服器來通路的說明實驗成功
三、透明代理
3.1 實驗環境
squid 20.0.0.10|20.0.10.1
web 20.0.0.20
Win10 20.0.0.200
需要準備好squid-3.4.6源碼包
需要在squid伺服器設定雙網卡
ens33: 20.0.0.10
ens36: 20.0.10.1
3.2 配置squid伺服器
//配置雙網卡//
[[email protected] ~]# cd /etc/sysconfig/network-scripts/
[[email protected] network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36
[[email protected] network-scripts]# vim ifcfg-ens36
...
NAME=ens36 //改成ens36//
UUID=4ad6e1fd-8713-4e99-9a0b-08f11c6ed8be //UUID删除//
DEVICE=ens36 //改成ens36//
ONBOOT=yes
IPADDR=20.0.10.1
NETMASK=255.255.255.0
[[email protected] network-scripts]# service network restart
Restarting network (via systemctl): [ 确定 ]
[[email protected] network-scripts]# vim /etc/sysctl.conf
...
net.ipv4.ip_forward=1
[[email protected] network-scripts]# sysctl -p
net.ipv4.ip_forward = 1
[[email protected] network-scripts]# vim /etc/squid.conf
...
# Squid normally listens to port 3128
http_port 20.0.10.1:3128 transparent
...
[[email protected] network-scripts]# squid -k parse
[[email protected] network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 20.0.10.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
[[email protected] network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 20.0.10.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
[[email protected] network-scripts]# iptables -I INPUT -p tcp --dport 3218 -j ACCEPT
[[email protected] network-scripts]# pkill squid
[[email protected] network-scripts]# squid
3.3 配置web伺服器
之前浏覽器設定過代理設定的話這裡需要将其關閉
檢視日志檔案,顯示代理伺服器的IP就說明實驗成功了