Squid 反向代理配置

Squid 反向代理配置

1、删除主配置文件重写写入配置

rm -f /etc/squid/squid.conf

2、重新写入配置反向代理

vim /etc/squid/squid.conf

# 监听端口
# 修改端口80 accel vhost vport 为反向代理
http_port 80  accel vhost vport
# cache_peer 代理IP 端口 0 originserver  name=a "a"代表一个域名
cache_peer 123.125.119.147 parent 80 0 originserver name=a
cache_peer 61.135.169.125 parent 80 0 originserver name=b
# 设置a的域名为 www.qq.com
cache_peer_domain a www.qq.com
cache_peer_domain b www.baidu.com
# acl权限控制
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 8080         # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow all
# 缓存文件格式 aufs 缓存路径 目录1024大小MB 16子目录 256子子目录   
cache_dir aufs /data/cache 1024 16 256
# 内存占用大小
cache_mem 128 MB
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
# 以某个字符开头的进行缓存缓存10080秒
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
# 以某个字符结尾的进行缓存 缓存2880秒
refresh_pattern \.(jpg|png|gif|mp3|xml) 1440    50%     2880    ignore-reload
refresh_pattern .               0       20%     4320

反向代理/单个添加IP

# 监听端口
# 修改端口80 accel vhost vport 为反向代理
http_port 80  accel vhost vport
# cache_peer 服务器IP 端口 originserver代理该服务端所有域名
cache_peer 61.135.169.125 parent 80 0 originserver
# acl权限控制
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 8080         # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow all
# 缓存文件格式 aufs 缓存路径 目录1024大小MB 16子目录 256子子目录   
cache_dir aufs /data/cache 1024 16 256
# 内存占用大小
cache_mem 128 MB
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
# 以某个字符开头的进行缓存缓存10080秒
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
# 以某个字符结尾的进行缓存 缓存2880秒
refresh_pattern \.(jpg|png|gif|mp3|xml) 1440    50%     2880    ignore-reload
refresh_pattern .               0       20%     4320

反向代理/单服务器上所有IP

3、查看语法是否有错

squid -kcheck

报错

4、添加目录权限

# 创建缓存目录
mkdir /data/cache
# 该目录赋予squid用户所属权限
chown -R squid:squid /data/cache/
# 初始化目录
squid -z

5、重启服务

/etc/init.d/squid stop
/etc/init.d/squid start

6、查看启动情况

查看启动进程

---

Squid 反向代理测试

1、访问未代理域名，503错误

curl -xlocalhost:80 www.qqfdsfds.com -I
HTTP/1.0 503 Service Unavailable

2、访问已代理域名，200正常

curl -xlocalhost:80 www.baidu.com -I
HTTP/1.0 200 OK

---

 

转载于:https://www.cnblogs.com/xiangsikai/p/8409256.html