背景:
公司為節約成本,需要部署反向代理裝置,用以緩存視訊檔案,節省機房出口帶寬,增加廉價機房的上聯出向流量。本人之前接觸較多squid,但由于前公司使用時間較久,個人也是在使用上熟悉,接下來就是自己部署的過程記錄,友善大家查閱。本文隻解釋編譯安裝的方法。
安裝環境:
系統環境:
Ubuntu 12.04.1 LTS. x86_64 8G記憶體,12核心。由于是dell伺服器,隻得系統盤做了raid1,資料盤做了raid5.資料盤挂在了/srv下,整個磁盤大小是40T.可用大小37T。
軟體環境:
登入到squid官網,http://www.squid-cache.org/Versions/ 下載下傳最新版本。因為隻用到基本功能,是以,隻需要下載下傳穩定版本即可。這裡我選擇的是3.5.22版本,釋出時間2016-10.9日,下載下傳連結:http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.22.tar.gz。
軟體安裝及配置:
下載下傳上邊軟體連結到本地伺服器上,解壓後生成一個名為squid-3.5.22的檔案夾,該檔案便是squid的源碼。詳細使用方法可以參考這裡,http://zyan.cc/book/squid/ 此連結為squid的中文權威指南。對squid的基本使用和原理做了比較詳盡的解釋。
編譯安裝:
安裝前先對ubuntu系統進行軟體更新
apt-get update
安裝編譯需要的環境
apt-get install build-essential
下載下傳安裝
wget http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.22.tar.gz
tar -zxvf squid-3.5.22.tar.gz
cd squid-3.5.22/
./configure --prefix=/var/www/dream/squid
--sysconfdir=/var/www/dream/squid/etc
--enable-arp-acl
--enable-linux-netfilter
--enable-pthreads
--enable-err-language="Simplify_Chinese"
--enable-default-err-language="Simplify_Chinese"
--enable-storeio=ufs,aufs ##确定使用存儲的格式,這裡由于我們存儲較大視訊檔案10M左右甚至以上,是以這裡選擇aufs。
--enable-baisc-auth-helpers="NCSA"
--enable-underscore
make
make install
ln -s /var/www/dream/squid/sbin/squid /usr/bin/squid ##設定squid成為系統可以識别的系統指令。
配置:
#<common_begin
############################## Common ACL Define #################################
acl localhost src 127.0.0.1/255.255.255.255
acl monitor src 127.0.0.1/255.255.255.255
acl manager proto cache_object
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny purge
http_access allow manager monitor
http_access deny manager
acl snmppublic snmp_community public
snmp_access allow snmppublic localhost
acl spider_ua req_header User-Agent -i spider
http_access deny spider_ua
acl ip_in_fqdn url_regex -i ^http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/.*
http_access deny ip_in_fqdn
#acl allow_ip src "/var/www/dream/squid/etc/allow_ip"
#http_access allow allow_ip
#http_reply_access allow allow_ip
######### Device Configuration Define ###############
visible_hostname proxy45-236
#cache_dir Directory-Name Mbytes Level-1 Level2
cache_dir aufs /srv/cache1 3000000 128 128 min-size=1000000
maximum_object_size 10240000 KB
minimum_object_size 0 KB
store_dir_select_algorithm round-robin
cache_replacement_policy lru
cache_swap_low 80
cache_swap_high 85
reload_into_ims on
#request_header_access Via allow all
#header_access Via allow all
#header_access X-Cache deny all
#header_access X-Cache-Lookup deny all
#header_access X-Squid-Error deny all
dns_timeout 2 minute
dns_retransmit_interval 10 seconds
negative_dns_ttl 1 minute
#refresh_stale_hit 0 minute
vary_ignore_expire on
request_timeout 40 seconds
persistent_request_timeout 5 seconds
connect_timeout 1 minute
read_timeout 15 minutes
server_persistent_connections off
client_persistent_connections off
collapsed_forwarding on
forwarded_for on
#ignore_expect_100 on
maximum_object_size_in_memory 2 MB
cache_mem 512 MB
memory_replacement_policy lru
#logformat squid_custom_log %ts.%03tu %6tr %{X-Real-IP}>h %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt "%{Referer}>h" "%{User-Agent}>h" "%{Cookie}>h"
logformat squid_custom_log %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt "%{Referer}>h" "%{User-Agent}>h" "%{Cookie}>h"
cache_access_log /var/www/dream/squid/var/logs/access.log squid_custom_log
strip_query_terms off
logfile_rotate 0
cache_log /var/www/dream/squid/var/logs/cache.log
cache_store_log none
#http_port 80 accel vhost vport
#http_port 9090 accel vhost vport=80 allow-direct
http_port 80 accel vhost vport allow-direct
#http_port 80
icp_port 3130
icp_access allow all
snmp_port 3401
cache_effective_user squid
cache_effective_group squid
pid_filename /var/www/dream/squid/var/run/squid.pid
diskd_program /var/www/dream/squid/libexec/diskd
unlinkd_program /var/www/dream/squid/libexec/unlinkd
half_closed_clients off
#client_db off
#cachemgr_passwd test4squid config
#cache_mgr [email protected]
hosts_file /var/www/dream/squid/etc/hosts.conf
#dns_nameservers 127.0.0.1
dns_nameservers 8.8.8.8
################Domain Begin####
#會把Range頭去掉,再回後端伺服器。是以都能取回整個檔案。預設range_offset_limit 0 如果請求帶有Range頭,則squid會把Range頭部轉發到後端,不會預取多餘的資料。
range_offset_limit -1
#這樣的話比如一個1G的檔案,使用者下載下傳到1M中斷了,squid會一直把1G檔案下載下傳下來,但是如果檔案大小超過"maximum_object_size"大小呢,下載下傳完畢又放棄了。
quick_abort_min -1
################Domain End#####
# Add any of your own refresh_pattern entries above these.
coredump_dir /var/www/dream/squid/var/cache/squid
refresh_pattern -i ^http 1440 0% 1440 ignore-reload override-lastmod
http_access allow all
http_reply_access allow all
以上配置可以讓服務正常跑起來。
日志定期清理腳本并保留近30天日志
#!/bin/sh
set -e
yesterday_date=$(date -d "1 day ago" +%Y%m%d)
cd /var/www/dream/squid/log/
# rename the current log file without interrupting the logging process
mv access.log access.log.$yesterday_date
mv cache.log cache.log.$yesterday_date
# tell Squid to close the current logs and open new ones
/var/www/dream/squid/sbin/squid -k rotate -f /var/www/dream/squid/etc/squid.conf
/var/www/dream/squid/sbin/squid -k rotate -f /var/www/dream/squid/etc/squid1.conf
/var/www/dream/squid/sbin/squid -k rotate -f /var/www/dream/squid/etc/squid2.conf
/var/www/dream/squid/sbin/squid -k rotate -f /var/www/dream/squid/etc/squid3.conf
# give Squid some time to finish writing swap.state files
sleep 30
mv access.log.$yesterday_date bak/
mv cache.log.$yesterday_date bak/
gzip -9 bak/access.log.$yesterday_date
gzip -9 bak/cache.log.$yesterday_date
find bak/ -type f -ctime +30 | xargs rm
![緩存加速CDN——squid代理伺服器應用(傳統代理,透明代理)一、緩存代理概述二、部署squid傳統代理三、部署squid透明代理[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)