squid缓存的初搭建

一、squid安装：

1、yum安装：sudo yum install squid

2、服务启动：sudo service squid start

3、加入开机启动：sudo chkconfig squid on

二、squid配置：

squid正向代理

在squid上配置：

acl http proto HTTP
acl allow_domain dstdomain test.vip.com
http_access allow http allow_domain
http_access deny http !allow_domain

# Recommended minimum configuration: # acl manager proto cache_object acl localhost src 10.0 . 0.0 / 8 acl to_localhost dst 127.0 . 0.0 / 8 0.0 . 0.0 / 32 :: 1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0 . 0.0 / 8     # RFC1918 possible internal network acl localnet src 172.16 . 0.0 / 12  # RFC1918 possible internal network acl localnet src 192.168 . 0.0 / 16 # RFC1918 possible internal network acl localnet src fc00::/ 7       # RFC 4193 local private network range acl localnet src fe80::/ 10      # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80          # http #acl Safe_ports port 21         # ftp #acl Safe_ports port 443                # https #acl Safe_ports port 70         # gopher #acl Safe_ports port 210                # wais #acl Safe_ports port 1025 - 65535 # unregistered ports #acl Safe_ports port 280                # http-mgmt #acl Safe_ports port 488                # gss-http #acl Safe_ports port 591                # filemaker #acl Safe_ports port 777                # multiling http acl CONNECT method CONNECT visible_hostname mysquid # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost #http_access allow manager localhost #http_access deny manager # Deny requests to certain unsafe ports #http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports #http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed #http_access allow localnet #http_access allow localhost # And finally deny all other access to this proxy http_access allow all # Squid normally listens to port 3128 http_port 3128 accel vhost vport   #自定义允许访问域名的ACL，协议，端口 acl http proto HTTP acl allow_domain dstdomain test.vip.com http_access allow http allow_domain http_access deny http !allow_domain cache_dir ufs /var/spool/squid 100 16 256 #设置缓存日志文件路径 logformat main %>a  %{%Y-%m-%d %H:%M:%S}tl  %>Hs     %<st    %ru     %{Referer}>h    %Ss:%Sh cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log pid_filename /var/run/squid.pid   cache_effective_user squid cache_effective_group squid cache_mgr shan01.he @vipshop .com cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB maximum_object_size_in_memory 8 KB cache_mem 3 MB # Leave coredumps in the first cache dir coredump_dir /var/spool/squid #设置针对错误status代码缓存，如 403 、 404 等。如果不缓存则设置 0 #negative_ttl 0 second #设置用户请求的HTTP头大小 request_header_max_size 128 KB #设置用户的真实IP地址通过X-Forwarded-For中传递下去 forwarded_for on   # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp:           1440    20 %     10080 refresh_pattern ^gopher:        1440    0 %      1440 refresh_pattern -i (/cgi-bin/|\?) 0     0 %      0 refresh_pattern .               0       20 %     4320

squid反向代理

在squid上配置：

cache_peer xx.xx.xx.xx parent 80 0 no-query no-digest originserver name=web
#设置别名所对应的域名,如果cache_peer中使用域名而不是IP的话，那么cache_peer_domain中一定要用相同的域名，否则无法访问
cache_peer_domain web test.vip.com

# Recommended minimum configuration: # acl manager proto cache_object acl localhost src 10.0 . 0.0 / 8 acl to_localhost dst 127.0 . 0.0 / 8 0.0 . 0.0 / 32 :: 1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0 . 0.0 / 8     # RFC1918 possible internal network acl localnet src 172.16 . 0.0 / 12  # RFC1918 possible internal network acl localnet src 192.168 . 0.0 / 16 # RFC1918 possible internal network acl localnet src fc00::/ 7       # RFC 4193 local private network range acl localnet src fe80::/ 10      # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80          # http #acl Safe_ports port 21         # ftp #acl Safe_ports port 443                # https #acl Safe_ports port 70         # gopher #acl Safe_ports port 210                # wais #acl Safe_ports port 1025 - 65535 # unregistered ports #acl Safe_ports port 280                # http-mgmt #acl Safe_ports port 488                # gss-http #acl Safe_ports port 591                # filemaker #acl Safe_ports port 777                # multiling http acl CONNECT method CONNECT visible_hostname mysquid # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost #http_access allow manager localhost #http_access deny manager # Deny requests to certain unsafe ports #http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports #http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed #http_access allow localnet #http_access allow localhost # And finally deny all other access to this proxy http_access allow all # Squid normally listens to port 3128 http_port 3128 accel vhost vport   cache_peer xx.xx.xx.xx parent 80 0 no-query no-digest originserver name=web #设置别名所对应的域名,如果cache_peer中使用域名而不是IP的话，那么cache_peer_domain中一定要用相同的域名，否则无法访问 cache_peer_domain web test.vip.com   cache_dir ufs /var/spool/squid 100 16 256 #设置缓存日志文件路径 logformat main %>a  %{%Y-%m-%d %H:%M:%S}tl  %>Hs     %<st    %ru     %{Referer}>h    %Ss:%Sh cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log pid_filename /var/run/squid.pid   cache_effective_user squid cache_effective_group squid cache_mgr shan01.he @vipshop .com cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB maximum_object_size_in_memory 8 KB cache_mem 3 MB # Leave coredumps in the first cache dir coredump_dir /var/spool/squid #设置针对错误status代码缓存，如 403 、 404 等。如果不缓存则设置 0 #negative_ttl 0 second #设置用户请求的HTTP头大小 request_header_max_size 128 KB #设置用户的真实IP地址通过X-Forwarded-For中传递下去 forwarded_for on   # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp:           1440    20 %     10080 refresh_pattern ^gopher:        1440    0 %      1440 refresh_pattern -i (/cgi-bin/|\?) 0     0 %      0 refresh_pattern .               0       20 %     4320

三、测试：

squid正向代理：

squid反向代理：

四、问题：

1、访问时出现访问被拒绝：

解决方法：

1、代理服务器机器的DNS配置问题，代理服务器机器不能找到指定url的ip地址导致。检查/etc/resolv.conf文件配置是否正确，如不正确添加正确的配置信息，比如说：

nameserver ###.###.###.###

nameserver ###.###.###.###

可以配置多个DNS server。

重新启动squid服务。

2、访问控制http_access allow all

2、使用squidclient命令出现403问题：

解决方法：在squid.conf配置中添加允许后重启squid服务。

acl AdminBoxes src 127.0.0.1 172.16.0.1 192.168.0.1
acl Purge method PURGE
http_access allow AdminBoxes Purge
http_access deny Purge

 

squidclient基本用法：

*取得squid运行状态信息： squidclient -p 80 mgr:info
*取得squid内存使用情况： squidclient -p 80 mgr:mem
*取得squid已经缓存的列表： squidclient -p 80 mgr:objects
*取得squid的磁盘使用情况： squidclient -p 80 mgr:diskd
*强制更新某个url：squidclient -p 80 -m PURGE http://www.php-oa.com/static.php

/usr/bin/squidclient -p 80 mgr:info 命令执行结果：

HTTP/ 1.0 200 OK Server: squid/ 3.1 . 23 Mime-Version: 1.0 Date: Mon, 06 Mar 2017 12 : 35 : 46 GMT Content-Type: text/plain Expires: Mon, 06 Mar 2017 12 : 35 : 46 GMT Last-Modified: Mon, 06 Mar 2017 12 : 35 : 46 GMT X-Cache: MISS from mysquid X-Cache-Lookup: MISS from mysquid: 80 Via: 1.0 mysquid (squid/ 3.1 . 23 ) Connection: close Squid Object Cache: Version 3.1 . 23 Start Time:     Mon, 06 Mar 2017 12 : 30 : 06 GMT Current Time:   Mon, 06 Mar 2017 12 : 35 : 46 GMT Connection information for squid:          Number of clients accessing cache:      2   访问客户端数量          Number of HTTP requests received:       3   收到http 请求数量          Number of ICP messages received:        0    收到的icp query数量           Number of ICP messages sent:    0    接受到的icp query数量          Number of queued ICP replies:   0          Number of HTCP messages received:       0          Number of HTCP messages sent:   0          Request failure ratio:   0.00          Average HTTP requests per minute since start:   0.5   每分钟http request的数量          Average ICP messages per minute since start:    0.0          Select loop called: 125518 times, 2.712 ms avg Cache information for squid:          Hits as % of all requests:      5min: 0.0 %, 60min: 0.0 %          # 5 分钟/ 60 分钟 请求命中率          Hits as % of bytes sent:        5min: 100.0 %, 60min: 100.0 %      # 5 分钟/ 60 分钟 命中率，以 Byte 计算          Memory hits as % of hit requests:       5min: 0.0 %, 60min: 0.0 %   内存中请求命中率          Disk hits as % of hit requests: 5min: 0.0 %, 60min: 0.0 %   磁盘请求命中率          Storage Swap size:      132 KB          cache对象占用硬盘的存储空间          Storage Swap capacity:   0.1 % used, 99.9 % free          Storage Mem size:       108 KB    cache对象占用内存的存储空间          Storage Mem capacity:    3.6 % used, 96.4 % free          Mean Object Size:       13.20 KB          Requests given to unlinkd:      0 Median Service Times (seconds)  5 min    60 min:          HTTP Requests (All):   0.00000  0.00000          Cache Misses:          0.00000  0.00000          Cache Hits:            0.00000  0.00000          Near Hits:             0.00000  0.00000          Not-Modified Replies:  0.00000  0.00000          DNS Lookups:           0.00000  0.00000          ICP Queries:           0.00000  0.00000 Resource usage for squid:          UP Time:        340.464 seconds          CPU Time:       0.096 seconds          CPU Usage:      0.03 %          CPU Usage, 5 minute avg:        0.03 %          CPU Usage, 60 minute avg:       0.03 %          Process Data Segment Size via sbrk(): 3340 KB          Maximum Resident Size: 182912 KB          Page faults with physical i/o: 0 Memory usage for squid via mallinfo():          Total space in arena:    3472 KB          Ordinary blocks:         3412 KB      8 blks          Small blocks:               0 KB      0 blks          Holding blocks:        138212 KB     10 blks          Free Small blocks:          0 KB          Free Ordinary blocks:      59 KB          Total in use:          141625 KB 100 %          Total free:                59 KB 0 %          Total size:            141684 KB Memory accounted for :    记忆体使用状态          Total accounted:          196 KB 0 %          memPool accounted:        195 KB 0 %          memPool unaccounted:   141488 KB 100 %          memPoolAlloc calls:      1647          memPoolFree calls:       1678 File descriptor usage for squid:          Maximum number of file descriptors:   262143 #能使用的最大文件描述符          Largest file desc currently in use:     17          Number of file desc currently in use:   10          Files queued for open:                   0          Available number of file descriptors: 262133          Reserved number of file descriptors:   100          Store Disk files open:                   0 Internal Data Structures:              37 StoreEntries              27 StoreEntries with MemObjects              26 Hot Object Cache Items              10 on-disk objects