理論+實驗·CDN緩存加速傳統模式與透明模式

文章目錄

• 理論+實驗·CDN緩存加速傳統模式與透明模式
• • 一、Squid安裝介紹
  • • 1.1 緩存代理概述
    • 1.2 Squid安裝及運作
  • 二、傳統代理
  • • 2.1 實驗環境
    • 2.2 配置Squid伺服器
    • 2.3 配置Web伺服器
    • 2.4 使用Win 10 配置
  • 三、透明代理
  • • 3.1 實驗環境
    • 3.2 配置squid伺服器
    • 3.3 配置web伺服器

一、Squid安裝介紹

1.1 緩存代理概述

• Web代理的工作機制
  • 緩存網頁對象,減少重複請求
• 代理的基本類型
  • 傳統代理:适用于Internet,需明确指定服務端
  • 透明代理:客戶機不需指定代理伺服器的位址和端口,而是通過預設路由、防火牆政策将WEb通路重定向給代理伺服器處理
• 使用代理的好處
  • 提高Web通路速度
  • 隐藏客戶機的真實IP位址

1.2 Squid安裝及運作

• 編譯安裝Squid 3.4.6

//安裝前預安裝環境//
[[email protected] ~]# yum -y install gcc gcc-c++
//解壓縮源碼包//
[[email protected] ~]# tar zxvf squid-3.4.6.tar.gz -C /opt/
//進行編譯安裝//
[[email protected] ~]# cd /opt/squid-3.4.6/
[[email protected] squid-3.4.6]# ./configure \
--prefix=/usr/local/squid \
--sysconfdir=/etc \
--enable-arp-acl \
--enable-linux-netfilter \
--enable-linux-tproxy \
--enable-async-io=100 \
--enable-err-language="Simplify_Chinese" \
--enable-underscore \
--enable-poll \
--enable-gunregex
[[email protected] squid-3.4.6]# make && make install
//優化選項//
[[email protected] squid-3.4.6]# ln -s /usr/local/squid/sbin/* /usr/local/sbin/
//建立squid非登入賬戶//
[[email protected] squid-3.4.6]# useradd -M -s /sbin/nologin squid
[[email protected] squid-3.4.6]# chown -R squid.squid /usr/local/squid/var/
[[email protected] squid-3.4.6]# vim /etc/squid.conf
...
http_access allow all			//允許所有//
#http_access deny all
...
http_port 3128
cache_effective_user squid		//管理使用者設為squid//
cache_effective_group squid		//管理使用者組設為squid//
...
[[email protected] squid-3.4.6]# squid -k parse		//驗證文法是否有問題//
[[email protected] squid-3.4.6]# squid -z				//初始化squid//
2020/09/06 10:44:07 kid1| Set Current Directory to /usr/local/squid/var/cache/squid
2020/09/06 10:44:07 kid1| Creating missing swap directories
2020/09/06 10:44:07 kid1| No cache_dir stores are configured.

[[email protected] squid-3.4.6]# squid					//開啟squid//
[[email protected] squid-3.4.6]# netstat -ntap | grep 3128		//檢視端口是否已開啟//
tcp6       0      0 :::3128                 :::*                    LISTEN      42748/(squid-1) 

           

二、傳統代理

2.1 實驗環境

squid 20.0.0.10

web 20.0.0.20

Win10 20.0.0.200

需要準備好squid-3.4.6源碼包

2.2 配置Squid伺服器

//手工編譯安裝squid代理伺服器===>傳統模式//
[[email protected] ~]# yum -y install gcc gcc-c++
[[email protected] ~]# tar zxvf squid-3.4.6.tar.gz -C /opt/
[[email protected] ~]# cd /opt/squid-3.4.6/
[[email protected] squid-3.4.6]# ./configure \
--prefix=/usr/local/squid \
--sysconfdir=/etc \
--enable-arp-acl \
--enable-linux-netfilter \
--enable-linux-tproxy \
--enable-async-io=100 \
--enable-err-language="Simplify_Chinese" \
--enable-underscore \
--enable-poll \
--enable-gunregex
[[email protected] squid-3.4.6]# make && make install
[[email protected] squid-3.4.6]# ln -s /usr/local/squid/sbin/* /usr/local/sbin/
[[email protected] squid-3.4.6]# useradd -M -s /sbin/nologin squid
[[email protected] squid-3.4.6]# chown -R squid.squid /usr/local/squid/var/
[[email protected] squid-3.4.6]# vim /etc/squid.conf
...
http_access allow all			//允許所有//
#http_access deny all
...
http_port 3128
cache_effective_user squid		//管理使用者//
cache_effective_group squid
...
[[email protected] squid-3.4.6]# squid -k parse		//驗證文法//
[[email protected] squid-3.4.6]# squid -z				//初始化代理伺服器//
2020/09/06 10:44:07 kid1| Set Current Directory to /usr/local/squid/var/cache/squid
2020/09/06 10:44:07 kid1| Creating missing swap directories
2020/09/06 10:44:07 kid1| No cache_dir stores are configured.

[[email protected] squid-3.4.6]# squid					//開啟//
[[email protected] squid-3.4.6]# netstat -ntap | grep 3128		//檢視是否已開啟//
tcp6       0      0 :::3128                 :::*                    LISTEN      42748/(squid-1)     

           

//添加啟動腳本//
[[email protected] squid-3.4.6]# cd /etc/init.d/
[[email protected] init.d]# vim squid
#!/bin/bash
#chkconfig: 2345 90 25
PID="/usr/local/squid/var/run/squid.pid"
CONF="/etc/squid.conf"
CMD="/usr/local/squid/sbin/squid"
case "$1" in
  start)
        netstat -ntap | grep squid &> /dev/null
        if [ $? -eq 0 ]
        then
          echo "squid is runing"
        else
          echo "正在啟動 squid..."
          $CMD
        fi
  ;;
  stop)
        $CMD -k kill &> /dev/null
        rm -rf $PID &>/dev/null
  ;;    
  status)
        [ -f $PID ] &> /dev/null
          if [ $? -eq 0 ]
          then 
            netstat -ntap | grep squid
          else
            echo "squid is not runing"
          fi
  ;;      
  restart)
        $0 stop &> /dev/null
        echo "則會個你在關閉 squid..."
                $0 start &> /dev/null
        echo "正在啟動 squid..."
  ;;
  reload)
        $CMD -k reconfigure
  ;;
  check)
        $CMD -k parse
  ;;
  *)
        echo "用法: $0{start|stop|status|restart|reload|check}"
  ;;
esac
[[email protected] init.d]# chmod +x squid 
[[email protected] init.d]# chkconfig --add squid 
[[email protected] init.d]# chkconfig --level 35 squid on
           

//傳統模式//
[[email protected] init.d]# vim /etc/squid.conf
...
http_port 3128
cache_effective_user squid
cache_effective_group squid
cache_mem 64 MB									//緩存空間//
reply_body_max_size 10 MB						//允許使用者下載下傳的最大檔案//
maximum_object_size 4096 KB						//存儲檔案的大小最大時4096KB//
...
[[email protected] init.d]# iptables -F
[[email protected] init.d]# iptables -t nat -F
[[email protected] init.d]# setenforce 0
[[email protected] init.d]# iptables -I INPUT -p tcp --dport 3218 -j ACCEPT
[[email protected] init.d]# pkill squid
[[email protected] init.d]# squid
           

2.3 配置Web伺服器

[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# setenforce 0
[[email protected] ~]# yum -y install httpd
[[email protected] ~]# systemctl start httpd
           

2.4 使用Win 10 配置

浏覽器上面設定手動代理

設定好代理之後在浏覽器輸入"20.0.0.20"web伺服器的IP位址

檢視web伺服器的日志檔案可以看出是從squid代理伺服器來通路的說明實驗成功

三、透明代理

3.1 實驗環境

squid 20.0.0.10|20.0.10.1

web 20.0.0.20

Win10 20.0.0.200

需要準備好squid-3.4.6源碼包

需要在squid伺服器設定雙網卡

ens33: 20.0.0.10

ens36: 20.0.10.1

3.2 配置squid伺服器

//配置雙網卡//
[[email protected] ~]# cd /etc/sysconfig/network-scripts/
[[email protected] network-scripts]# cp -p ifcfg-ens33 ifcfg-ens36
[[email protected] network-scripts]# vim ifcfg-ens36
...
NAME=ens36											//改成ens36//
UUID=4ad6e1fd-8713-4e99-9a0b-08f11c6ed8be			//UUID删除//
DEVICE=ens36										//改成ens36//
ONBOOT=yes
IPADDR=20.0.10.1				
NETMASK=255.255.255.0
[[email protected] network-scripts]# service network restart
Restarting network (via systemctl):                        [  确定  ]
[[email protected] network-scripts]# vim /etc/sysctl.conf
...
net.ipv4.ip_forward=1
[[email protected] network-scripts]# sysctl -p
net.ipv4.ip_forward = 1


[[email protected] network-scripts]# vim /etc/squid.conf
...
# Squid normally listens to port 3128
http_port 20.0.10.1:3128 transparent
...

[[email protected] network-scripts]# squid -k parse
[[email protected] network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 20.0.10.0/24 -p tcp --dport 80 -j REDIRECT  --to 3128
[[email protected] network-scripts]# iptables -t nat -I PREROUTING -i ens36 -s 20.0.10.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
[[email protected] network-scripts]# iptables -I INPUT -p tcp --dport 3218 -j ACCEPT
[[email protected] network-scripts]# pkill squid
[[email protected] network-scripts]# squid
           

3.3 配置web伺服器

之前浏覽器設定過代理設定的話這裡需要将其關閉

檢視日志檔案,顯示代理伺服器的IP就說明實驗成功了