squid缓存技术应用及squid的反向代理
一、 配置squid
1、 安装squid
1)
配置基本环境
[root@centos01 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens34
[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
NAME=ens34
DEVICE=ens34
IPADDR=192.168.200.10
NETMASK=255.255.255.0
[root@centos01 ~]# systemctl restart network
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
IPADDR=192.168.200.20
NETMASK=255.255.255.0
GATEWAY=192.168.200.10
[root@centos02 ~]# systemctl restart network
2)
开启路由功能
[root@centos01 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@centos01 ~]# sysctl -p
net.ipv4.ip_forward = 1
3)
创建管理squid的用户
[root@centos01 ~]# useradd -M -s /sbin/nologin squid
4)
配置squid
[root@centos01 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos01 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos01 ~]# tar zxvf /mnt/squid-3.4.6.tar.gz -C /usr/src/
[root@centos01 ~]# cd /usr/src/squid-3.4.6/
[root@centos01 squid-3.4.6]# ./configure --prefix=/usr/local/squid --sysconfdir=/etc --enable-linux-netfilter --enable-async-io=240 --enable-default-err-language=Simplify_Chinese --disable-poll --enable-epoll --enable-gnuregex
5)
安装squid
[root@centos01 squid-3.4.6]# make && make install
6)
优化squid命令和修改目录的所有者
[root@centos01 ~]# ln -s /usr/local/squid/sbin/* /usr/local/sbin/
[root@centos01 ~]# chown -R squid:squid /usr/local/squid/
2、 配置传统代理
1)
修改squid配置文件
[root@centos01 ~]# vim /etc/squid.conf /etc/squid.conf
54 http_access allow all
55 http_port 3128
56 cache_effective_user squid
57 cache_effective_group squid
58 reply_body_max_size 10 MB
2)
检查语法是否错误
[root@centos01 ~]# squid -k parse
3)
初始化缓存目录
[root@centos01 ~]# squid -z
4)
启动服务并查看端口
[root@centos01 ~]# squid
[root@centos01 ~]# netstat -anptu | grep 3128
3、 安装apache
1)
安装apache
[root@centos02 ~]# yum -y install httpd
2)
写入数据重新启动
[root@centos02 ~]# echo “www.benet.com” > /var/www/html/index.html
[root@centos02 ~]# systemctl restart httpd
3)
配置hosts文件
[root@centos02 ~]# vim /etc/hosts
192.168.200.20 www.benet.com
4、客户端访问
1)
上传数据
[root@centos02 ~]# dd if=/dev/zero of=/var/www/html/1.iso bs=5M count=2
记录了2+0 的读入
记录了2+0 的写出
10485760字节(10 MB)已复制,0.00770072 秒,1.4 GB/秒
[root@centos02 ~]# dd if=/dev/zero of=/var/www/html/2.iso bs=5M count=3
记录了3+0 的读入
记录了3+0 的写出
15728640字节(16 MB)已复制,0.0315897 秒,498 MB/秒
2)
客户端访问查看,没有配置代理的时候
3)
开启代理再次查看
[root@centos01 ~]# vim /etc/hosts
192.168.200.20 www.benet.com
[root@centos01 ~]# vim /etc/squid.conf
59 dns_nameservers 192.168.100.10
5、配置透明代理
1)
修改主配置文件
[root@centos01 ~]# vim /etc/squid.conf
http_access allow all
http_port 192.168.100.10:3128 transparent
cache_effective_user squid
cache_effective_group squid
reply_body_max_size 10 MB
dns_nameservers 192.168.100.10
2)
杀掉squid进程、初始化缓存并启动服务
[root@centos01 ~]# killall squid
[root@centos01 ~]# squid -z
[root@centos01 ~]# squid
[root@centos01 ~]# netstat -anptu | grep 3128
3)
配置防火墙规则映射端口
[root@centos01 ~]# systemctl start firewalld
[root@centos01 ~]# systemctl enable firewalld
[root@centos01 ~]# firewall-cmd --set-default-zone=external
success
[root@centos01 ~]# firewall-cmd --add-interface=ens32 --zone=trusted
[root@centos01 ~]# firewall-cmd --add-interface=ens34 --zone=external
[root@centos01 ~]# firewall-cmd --zone=external --add-port=3128/tcp
Success
[root@centos01 ~]# iptables -t nat -I PREROUTING -i ens32 -s 192.168.100.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
4)
客户端访问
6、squid访问规则限制
1、配置squid访问规则限制
1)
限制特定的IP地址
[root@centos01 ~]# vim /etc/squid.conf
26 acl host src 192.168.100.111
39 http_access deny host
2)
杀掉squid进程、初始化缓存并启动服务
[root@centos01 ~]# killall squid
[root@centos01 ~]# squid -z
[root@centos01 ~]# squid
3)
客户端访问
更换IP地址
2、限制用户访问特定的域名
1)
限制用户访问www.benet.com域名
[root@centos01 ~]# vim /usr/local/squid/dmblock.list
www.benet.com
[root@centos01 ~]# vim /etc/squid.conf
27 acl DMBLOCK dstdomain “/usr/local/squid/dmblock.list”
41 http_access deny DMBLOCK
2)
杀掉squid进程、初始化缓存并启动服务
[root@centos01 ~]# killall squid
[root@centos01 ~]# squid -z
[root@centos01 ~]# squid
3)
客户端访问
二、 配置squid生产环境
1)
将ens34网客设置为DHCP自动获取
[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
BOOTPROTO=dhcp
[root@centos01 ~]# systemctl restart network
2)
注释访问权限
[root@centos01 ~]# vim /etc/squid.conf
#acl host src 192.168.100.111
#http_access deny host
#acl DMBLOCK dstdomain “/usr/local/squid/dmblock.list”
#http_access deny DMBLOCK
3)
重新防火墙清空规则
[root@centos01 ~]# systemctl restart firewalld
[root@centos01 ~]# systemctl enable firewalld
4)
修改squid配置文件
[root@centos01 ~]# vim /etc/squid.conf
61 dns_nameservers 114.114.114.144
70 cache_dir ufs /usr/local/squid/var/cache/squid 10 16 256
5)
杀掉squid进程、初始化缓存并启动服务
[root@centos01 ~]# killall squid
[root@centos01 ~]# squid -z
[root@centos01 ~]# squid
6)
设置防火墙规则允许80、443
[root@centos01 ~]# firewall-cmd --direct --add-rule ipv4 nat PREROUTING 0 -i ens32 -p tcp --dport 80 -j REDIRECT --to-ports 3128
success
[root@centos01 ~]# firewall-cmd --direct --add-rule ipv4 nat PREROUTING 0 -i ens34 -p tcp --dport 443 -j REDIRECT --to-ports 3128
success
7)
客户端配置dns并访问网站
8)
限制用户访问特定的域名
[root@centos01 ~]# vim /usr/local/squid/dmblock.list
www.baidu.com
www.hao123.com
9)
修改squid配置文件
[root@centos01 ~]# vim /etc/squid.conf
40 acl DMBLOCK dstdomain “/usr/local/squid/dmblock.list”
41 http_access deny DMBLOCK
10)
杀掉squid进程、初始化缓存并启动服务
[root@centos01 ~]# killall squid
[root@centos01 ~]# squid -z
[root@centos01 ~]# squid
11)
客户端验证
三、 squid反向代理
1、 配置squid反向代理
1)
配置基本环境
[root@centos01 ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens34
[root@centos01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
NAME=ens34
DEVICE=ens34
IPADDR=192.168.200.10
NETMASK=255.255.255.0
[root@centos01 ~]# systemctl restart network
[root@centos01 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@centos01 ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@centos02 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.10
[root@centos02 ~]# systemctl restart network
[root@centos03 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.10
[root@centos03 ~]# systemctl restart network
2)
两台网站服务器安装httpd
[root@centos02 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos02 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos02 ~]# yum -y install httpd
[root@centos02 ~]# echo “www.benet.com” > /var/www/html/index.html
[root@centos02 ~]# systemctl start httpd
[root@centos03 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos03 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos03 ~]# yum -y install httpd
[root@centos03 ~]# echo “www.accp.com” > /var/www/html/index.html
[root@centos03 ~]# systemctl start httpd
3)
安装suqid
[root@centos01 ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@centos01 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@centos01 ~]# yum -y install squid
4)
配置squid
[root@centos01 ~]# vim /etc/squid/squid.conf
54 http_access allow all
60 http_port 192.168.200.10:80 vhost
61 cache_effective_user squid
62 cache_effective_group squid
63 cache_peer 192.168.100.20 parent 80 0 originserver round-robin
64 cache_peer 192.168.100.30 parent 80 0 originserver round-robin
65 cache_dir ufs /var/spool/squid 10 16 256
5)
设置缓存目录所有者
[root@centos01 ~]# chown -R squid:squid /var/spool/squid/
6)
设置服务开机自启
[root@centos01 ~]# systemctl start squid
[root@centos01 ~]# systemctl enable squid
7)
安装和配置dns
[root@centos01 ~]# yum -y install bind bind-chroot bind-utils
[root@centos01 ~]# echo “” > /etc/named.conf
[root@centos01 ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory “/var/named/”;
};
zone “benet.com” IN {
type master;
file “benet.com.zone”;
};
[root@centos01 ~]# vim /var/named/benet.com.zone
$TTL 86400
@ SOA benet.com. root.benet.com (
2020041100
1H
15M
1W
1D
)
@ NS centos01.benet.com.
centos01 A 192.168.200.10
www A 192.168.200.10
[root@centos01 ~]# chmod +x /var/named/benet.com.zone
[root@centos01 ~]# chown named:named /var/named/benet.com.zone
[root@centos01 ~]# named-checkconf /etc/named.conf
[root@centos01 ~]# named-checkzone benet.com /var/named/benet.com.zone
zone benet.com/IN: loaded serial 2020041100
OK
[root@centos01 ~]# systemctl start named
[root@centos01 ~]# systemctl enable named
8)
客户端访问
停掉accp服务器,清除缓存重启并访问
[root@centos03 ~]# systemctl stop httpd
[root@centos01 ~]# cd /var/spool/squid/
[root@centos01 squid]# rm -rf ./*