项目笔记:4.引入CDN内容分发网络,实现网站静态元素加速 squid
1、在192.168.0.6和192.168.0.7上安装squid
开两台虚拟机ip为0.6,0.7 只需搭建本地系统的yum源
# yum -y install squid
一台 父squid和一台子squid多重缓存加速访问。如果访问子squid,子squid没有就会访问父squid,层层上去,父squid没有才去访问原始地址。
2、在父squid192.168.0.6上配置
<pre name="code" class="html"># vim /etc/squid/squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 3130 #icp
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 vhost vport
icp_port 3130
hierarchy_stoplist cgi-bin ?
cache_mem 100 MB
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_peer 192.168.0.2 parent 80 0 no-query originserver no-digest name=w1
cache_peer 192.168.0.2 parent 80 0 no-query originserver no-digest name=w2
cache_peer 192.168.0.3 parent 80 0 no-query originserver no-digest name=w3
cache_peer 192.168.0.3 parent 80 0 no-query originserver no-digest name=w4
cache_peer 192.168.0.6 sibling 3128 3130 name=cache0 --父squid
cache_peer 192.168.0.7 sibling 3128 3130 name=cache1 <span style="font-family: Arial, Helvetica, sans-serif;">-子squid</span>
cache_peer_domain w1 bbs1.kong.com
cache_peer_domain w2 bbs2.kong.com
cache_peer_domain w3 bbs1.kong.com
cache_peer_domain w4 bbs2.kong.com
3、在子squid192.168.0.7配置
# vim /etc/squid/squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 3130 #icp
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 vhost vport
icp_port 3130
hierarchy_stoplist cgi-bin ?
cache_mem 100 MB
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_peer 192.168.0.6 parent 3128 0 no-query originserver no-digest name=w1
cache_peer 192.168.0.6 parent 3128 0 no-query originserver no-digest name=w2
cache_peer 192.168.0.7 sibling 3128 3130 name=cache1 <span style="font-family: Arial, Helvetica, sans-serif;">--子squid</span>
cache_peer 192.168.0.6 sibling 3128 3130 name=cache0 <span style="font-family: Arial, Helvetica, sans-serif;">--父squid</span>
cache_peer_domain w1 bbs1.kong.com
cache_peer_domain w2 bbs2.kong.com
做测试一级squid
# vim /etc/hosts --记得修改访问端的hosts文件啊,不然什么都别谈了
192.168.0.6 bbs1.kong.com bbs2.kong.com
先访问下http://bbs1.kong.com:3128 3128是squid的端口<span style="font-family: Arial, Helvetica, sans-serif; background-color: rgb(240, 240, 240);"></span>
# curl -I http://bbs1.kong.com:3128/template/default/image/guest_bg.jpg
HTTP/1.0 200 OK
Server: nginx/1.4.7
Date: Fri, 06 Feb 2015 08:04:35 GMT
Content-Type: image/jpeg
Content-Length: 37373
Last-Modified: Wed, 23 Mar 2011 06:33:46 GMT
ETag: "4d89944a-91fd"
Accept-Ranges: bytes
X-Cache: MISS from vm06.kong.com --第一次是miss
X-Cache-Lookup: MISS from vm06.kong.com:3128
Via: 1.0 vm06.kong.com (squid/3.1.10)
Connection: keep-alive
# curl -I http://bbs1.kong.com:3128/template/default/image/guest_bg.jpg
HTTP/1.0 200 OK
Server: nginx/1.4.7
Date: Fri, 06 Feb 2015 08:04:35 GMT
Content-Type: image/jpeg
Content-Length: 37373
Last-Modified: Wed, 23 Mar 2011 06:33:46 GMT
ETag: "4d89944a-91fd"
Accept-Ranges: bytes
Age: 50
X-Cache: HIT from vm06.kong.com --第二次以后都是hit
X-Cache-Lookup: HIT from vm06.kong.com:3128
Via: 1.0 vm06.kong.com (squid/3.1.10)
Connection: keep-alive
测试二级squid
# vim /etc/hosts --记得修改访问端的hosts文件啊,不然什么都别谈了
192.168.0.7 bbs1.kong.com bbs2.kong.com
先访问下http://bbs1.kong.com:3128 3128是squid的端口
# curl -I http://bbs1.kong.com:3128/template/default/image/guest_bg.jpg
HTTP/1.0 200 OK
Server: nginx/1.4.7
Date: Fri, 06 Feb 2015 08:04:35 GMT
Content-Type: image/jpeg
Content-Length: 37373
Last-Modified: Wed, 23 Mar 2011 06:33:46 GMT
ETag: "4d89944a-91fd"
Accept-Ranges: bytes
Age: 230
X-Cache: HIT from vm06.kong.com --hit来时父squid
X-Cache-Lookup: HIT from vm06.kong.com:3128
X-Cache: MISS from vm07.kong.com
X-Cache-Lookup: MISS from vm07.kong.com:3128
Via: 1.0 vm06.kong.com (squid/3.1.10), 1.0 vm07.kong.com (squid/3.1.10)
Connection: keep-alive
# curl -I http://bbs1.kong.com:3128/template/default/image/guest_bg.jpg
HTTP/1.0 200 OK
Server: nginx/1.4.7
Date: Fri, 06 Feb 2015 08:04:35 GMT
Content-Type: image/jpeg
Content-Length: 37373
Last-Modified: Wed, 23 Mar 2011 06:33:46 GMT
ETag: "4d89944a-91fd"
Accept-Ranges: bytes
X-Cache: HIT from vm06.kong.com --hit来时父squid
X-Cache-Lookup: HIT from vm06.kong.com:3128
Age: 265
X-Cache: HIT from vm07.kong.com
X-Cache-Lookup: HIT from vm07.kong.com:3128
Via: 1.0 vm06.kong.com (squid/3.1.10), 1.0 vm07.kong.com (squid/3.1.10)
Connection: keep-alive
</pre><p></p><pre>
4、在192.168.0.1上的nginx增加squid的分发
# vim /etc/nginx/nginx.conf
user nobody nobody;
worker_processes 4;
error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 15000;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
gzip on;
upstream squid_upstream {
server 192.168.0.6:3128;
server 192.168.0.7:3128;
hash $request_uri;
hash_again 10;
}
upstream tomcat_upstream {
server 192.168.0.2:8080 weight=10;
server 192.168.0.3:8080 weight=10;
}
server {
listen 80;
server_name localhost;
charset utf8;
location / {
index index.html index.htm index.jsp;
proxy_pass http://squid_upstream;
proxy_set_header Host $host;
proxy_set_header X-Forward-For $remote_addr;
}
location ~ \.jsp$ {
proxy_pass http://tomcat_upstream;
proxy_set_header Host $host;
proxy_set_header X-Forward-For $remote_addr;
}
location ~ ^/forum-[0-9]-[0-9]-[0-9]\.html$ {
proxy_pass http://tomcat_upstream;
proxy_set_header Host $host;
proxy_set_header X-Forward-For $remote_addr;
}
}
}
# service nginx reload
最后修改hosts 指向192.168.0.1