本文转自:http://blog.zhangjianfeng.com/article/531

=====安装部分=====
下载最新版
wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE9.tar.bz2 -P /tmp
cd /tmp
tar jxf squid-2.6.STABLE9.tar.bz2
cd squid-2.6.STABLE9
./configure –prefix=/blog.zhangjianfeng.com/app/squid-2.6.9 –enable-storeio=aufs,ufs,diskd,null –with-pthreads –enable-referer-log –enable-snmp –enable-poll –enable-cache-digests –with-maxfd=65536 –with-large-files

=====配置文件=====
cache_swap_low 90
cache_swap_high 95
cache_mem 1024 MB
maximum_object_size 20000 KB
maximum_object_size_in_memory 4096 KB #装入内存缓存的文件大小,默认值是8K,超过8K的文件都不装入内存,可以在这里设成4M.
cache_dir ufs /tmp1 10000 16 256 #磁盘缓存的类型和目录,大小,一二级目录的设置,这里磁盘缓存大小是10G

acl QUERY urlpath_regex cgi-bin .php .cgi .avi .wmv .rm .ram .mpg .mpeg .zip .exe
cache deny QUERY #设置不想缓存的目录或者文件类型

###相关日志记录,可以设为none成不记录日志####
logfile_rotate 5 #表示保存5个轮循日志
cache_mgr admin@zhangjianfeng.com
emulate_httpd_log on
logformat combined %>a %ui %un [%tl] “%rm %ru HTTP/%rv” %Hs %<st “%{Referer}>h” “%{User-Agent}>h” %Ss:%Sh
pid_filename /blog.zhangjianfeng.com/app/squid/var/logs/squid.pid
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log combined

###设置防图片盗链,其中aaa.com和bbb.com分别是虚拟主机的域名,referer中必须包含有aaa.com或bbb.com的域名才能访问图片####
acl picurl url_regex -i .bmp$ .png$ .jpg$ .gif$ .jpeg$
acl mystie1 referer_regex -i aaa
http_access allow mystie1 picurl
acl mystie2 referer_regex -i bbb
http_access allow mystie2 picurl

#考虑有些referer为空的情况
acl nullref referer_regex -i ^$
http_access allow nullref
#其它referer,直接拒绝访问
acl hasref referer_regex -i .+
http_access deny hasref picurl

###反向代理###
http_port xxx.xxx.xxx.:81 vhost vport
cache_peer xx.xx.xx.xx parent 81 0 no-query originserver

###squid使用的用户组和用户名###
cache_effective_user squid
cache_effective_group squid

### 不显示squid 版本 ###
httpd_suppress_version_string on

#### 各种文件控制,注意位置 ####
refresh_pattern -i .html 10 90% 2160 reload-into-ims
refresh_pattern -i .shtml 10 90% 2160 reload-into-ims
refresh_pattern -i .htm 10 90% 2160 reload-into-ims
refresh_pattern -i .gif 60 90% 2160 reload-into-ims
refresh_pattern -i .swf 60 90% 2160 reload-into-ims
refresh_pattern -i .jpg 60 90% 2160 reload-into-ims
refresh_pattern -i .png 60 90% 2160 reload-into-ims
refresh_pattern -i .bmp 60 90% 2160 reload-into-ims
refresh_pattern -i .js 10 90% 2160 reload-into-ims
refresh_pattern ^/article/list.php 1440 1000% 1440 ignore-reload #强制缓存此url一天
#reload-into-ims 强行控制对象的超时时间
#ignore-reload: squid将忽略请求里的任何no-cache指令。即内容一进入cache就不删除,直到被主动purge掉为止,常用在mp3,wma,wmv,gif等类型的文件
#各参数说明见 SQUID refresh_pattern配置说明

#有些频繁更新的页面可以不CACHE,用no_cache参数
acl no_aa_cache urlpath_regex ^/article/aa.php
no_cache DENY no_aa_cache
acl nagios url_regex -i ^http://.*/test/test.html$
cache deny nagios

#限制同一IP客户端的最大连接数
acl OverConnLimit maxconn 16
http_access deny OverConnLimit

#防止被人利用为HTTP代理,设置允许访问的IP地址
acl myip dst 192.168.1.1
http_access deny !myip

#Squid信息设置
visible_hostname http://www.zhangjianfeng.com/
cache_mgr webmaster@zhangjianfeng.com

#错误文档
#error_directory ../squid/share/errors/Simplify_Chinese

#虚拟主机反向代理
#cache_peer w1.aa.com parent 80 0 no-query originserver
cache_peer 192.168.0.10 parent 80 0 no-query originserver name=testserver80
cache_peer_domain testserver80 http://www.testserver81.com/
cache_peer 192.168.0.11 parent 81 0 no-query originserver name=testserver81
cache_peer_domain testserver81 www.testserver82.com
cache_peer_domain testserver81 www.test182.com

####squid.conf 结束####
++启动
# groupadd squid
# useradd -g squid squid
# chown squid:squid /blog.zhangjianfeng.com/data/squid/cache/ -R
squid -z
echo “65535″ > /proc/sys/fs/file-max
ulimit -HSn 65535
squid -NCDd1 #来以debug模式启动,加-D选项来可不检查DNS启动squid

=====其它=====
++遇到故障,runcache发现频繁重启后停止服务:
:./bin/RunCache Running: squid -sY >> /usr/local/squid//var/squid.out 2>&1
./bin/RunCache: line 35: 20000 File size limit exceededsquid -NsY $conf >>$logdir/squid.out 2>&1
..中间省去几行….
./bin/RunCache: line 35: 20177 File size limit exceededsquid -NsY $conf >>$logdir/squid.out 2>&1
RunCache: EXITING DUE TO REPEATED, FREQUENT FAILURES
故障原因: log超过了ext3文件系统最大支持容量2G导致,解决办法:
1)每天轮循一次日志0 0 * * * /usr/local/squid/sbin/squid -k rotate
2)直接在配置文件中禁用日志
access_log none
cache_store_log none

++查看信息
1)squidclient -h 218.85.132.65 -p 80 mgr:info #也可看到描述符
2)看cache.log,如果能看到很多的TCP_MEM_HIT,这说明该文件是从内存缓存读取的,其它如TCP_HIT等等,这些是从磁盘读取的,这个只不过能缓解apache的压力而已.

++apache的log显示ip来源都是127.0.0.1,修改配置文件使其可以正常记录来访IP
将CustomLog的%h改为%{X-Forwarded-For}i,其它不变.

++修改squid的日志格式,可以让awstats分析处理
#squid.conf
logformat combined %>a %ui %un [%tl] “%rm %ru HTTP/%rv” %Hs %<st “%{Referer}>h” “%{User-Agent}>h” %Ss:%Sh %{host}>h
access_log /var/log/squid/access.log combined
#/etc/awstats/awstats.blog.zhangjianfeng.com.conf
LogFormat = “%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot %other %virtualname”
LogFile=”/var/log/squid/access.log”

++ 限制外网电脑使用代理,只允许IP为192.168.0.2~192.168.0.255的机器访问。
acl our_clients src 192.168.0.0/255.255.255.0
acl other_clients src 0.0.0.0/0.0.0.0
http_access allow our_clines
http_access deny other_clients (禁止其他用户通过本机上网)

++快速清空cache
echo ” ” > $CachePath/caches/swap.state

++强制刷新内容变化的URL
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE
#squidclient -p 80 -h localhost -m PURGE http://blog.zhangjianfeng/article/xxx

++Squid不记录部分内容css,js,图片的日志的方法
acl nolog urlpath_regex -i .css .js  .gif .jpg .jpeg .png .bmp .ico .swf .xml
access_log /var/log/squid/access.log combined !nolog

++access_log不记录访问url的参数中问号?及问号?后地址串,要考虑原始url中是否含有用户名和口令
strip_query_terms off

++缓存.jsp?pid=
#hierarchy_stoplist cgi-bin ?
#acl QUERY urlpath_regex cgi-bin \?
refresh_pattern -i \.jsp\?pid= 5 100% 10 reload-into-ims

++后端apache的口令认证无法通过
cache_peer xx.xx.xx.xx parent 80 0 no-query originserver login=PASS

++多个上端服务器作冗余,第一个为主,第二个是备用
cache_peer 221.xx.xx.xx parent 80 0 no-query originserver no-digest name=vimg1letvcom [round-robin]
cache_peer 218.xx.xx.xx parent 80 0 no-query originserver no-digest name=vimg2letvcom [round-robin]
cache_peer_domain vimg1letvcom vimg1.letv.com
cache_peer_domain vimg2letvcom vimg1.letv.com
#[round-robin]可以实现轮循

++自动将日志按日期切割脚本
#!/bin/sh
SQUID=/blog.zhangjianfeng.com/app/squid/sbin/squid
yesterday_date=`date -d “yesterday” +%Y%m%d`
YEAR=`date +%Y -d “yesterday”`
MONTH=`date +%m -d “yesterday”`
DAY=`date +%d -d “yesterday”`
SRCDIR=/blog.zhangjianfeng.com/logs/squid/
DSTDIR=/blog.zhangjianfeng.com/backup/logs/squid/$YEAR/$MONTH/
[ -f $DSTDIR ] || mkdir -p $DSTDIR
cd $SRCDIR
# rename the current log file without interrupting the logging process
mv access.log access.log.$yesterday_date
# tell Squid to close the current logs and open new ones
$SQUID -k rotate
# give Squid some time to finish writing swap.state files
sleep 60
mv access.log.$yesterday_date $DSTDIR
gzip $DSTDIR/access.log.$yesterday_date

附1: 自动按天切割日志,并将所有虚拟主机的日志分离出来
#!/bin/sh

SQUID=/blog.zhangjianfeng.com/app/squid/sbin/squid
yesterday=`date -d “yesterday” +%Y%m%d`
YEAR=`date +%Y  -d “yesterday”`
MONTH=`date +%m  -d “yesterday”`
DAY=`date +%d  -d “yesterday”`

public()
{
[ -f $DSTDIR ] || mkdir -p $DSTDIR
}

original()
{
public
cd $SRCDIR && mv access.log $DAY\.log
$SQUID -k rotate
sleep 60
mv $DAY\.log $DSTDIR
}

vhost()
{
SRCDIR=/blog.zhangjianfeng.com/backup/logs/squid/original/$YEAR/$MONTH/
DSTDIR=/blog.zhangjianfeng.com/backup/logs/squid/$name/$YEAR/$MONTH/
public
awk  ‘ $NF ~ /’$vhostname’/’ $SRCDIR$DAY\.log > $DSTDIR$DAY\.log
}

compress()
{
for i in ${vhostlist[*]}
do
gzip -f /blog.zhangjianfeng.com/backup/logs/squid/$i/$YEAR/$MONTH/$DAY\.log
done
}

case $1 in

original)
DSTDIR=/blog.zhangjianfeng.com/backup/logs/squid/original/$YEAR/$MONTH/
SRCDIR=/blog.zhangjianfeng.com/logs/squid/
original
;;

compress)
vhostlist=(blog www original)
compress
;;

blog)
name=blog
vhostname=$name\.zhangjianfeng.com
vhost
;;

www)
name=www
vhostname=www.zhangjianfeng.com
vhost
;;

all+compress)
$0 original
$0 blog
$0 www
$0 compress
;;

*)
echo “$0 {original | blog | www | compress | all+compress | help}”
;;

esac
附2: squid.conf
###
# debug_options ALL,1
# log_fqdn off
# dns_children 10
# quick_abort_min -1 KB
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95
# positive_dns_ttl 6 hours
# negative_dns_ttl 1 minute
# client_lifetime 180 minutes
# half_closed_clients off
# reference_age 1 months
###
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80 # http
#acl Safe_ports port 1025-65535 # unregistered ports
acl Purge method PURGE
acl CONNECT method CONNECT
http_access allow Safe_ports
http_access allow manager localhost
http_access deny manager
http_access allow localhost Purge
http_access deny Purge
http_access deny all
icp_access allow all
negative_ttl 0

http_port 0.0.0.0:80 vhost vport
# icp_port 3130
#cache_peer blog.zhangjianfeng.com parent 81 0 no-query originserver
cache_peer 192.168.25.103 parent 81 0 no-query originserver
# cache_peer hostname type http-port icp-port [options]
# # proxy icp
# # hostname type port port options
# # ——————– ——– —– —– ———–
# cache_peer parent.foo.net parent 3128 3130 proxy-only default
# cache_peer sib1.foo.net sibling 3128 3130 proxy-only
# ‘no-query’ to NOT send ICP queries to this neighbor.
# ‘originserver’ causes this parent peer to be contacted as a origin server. Meant to be used in accelerator setups.
cache_mem 128 MB
cache_swap_low 90
cache_swap_high 95
minimum_object_size 0 KB
maximum_object_size 20 MB
maximum_object_size_in_memory 5 MB

cache_dir ufs /blog.zhangjianfeng.com/data/squid/cache 1000 16 256

pid_filename /blog.zhangjianfeng.com/app/squid/var/logs/squid.pid
cache_effective_user squid
cache_effective_group squid
cache_mgr admin@zhangjianfeng.com
logfile_rotate 999999
emulate_httpd_log on
logformat combined %>a %ui %un [%tl] “%rm %ru HTTP/%rv” %Hs %<st “%{Referer}>h” “%{User-Agent}>h” %Ss:%Sh %{host}>h
cache_log /blog.zhangjianfeng.com/logs/squid/cache.log
access_log /blog.zhangjianfeng.com/logs/squid/access.log combined
cache_store_log none

#strip_query_terms off
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ? .php .cgi
#acl QUERY urlpath_regex test.html test_ring.html
cache deny QUERY

acl nagios url_regex -i ^http://.*/test/test.html$
cache deny nagios

refresh_pattern -i \.gif$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.jpg$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.png$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.mp3$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wmv$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rm$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.swf$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.mpeg$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wma$ 1440 50% 2880 ignore-reload

refresh_pattern -i \.css$ 10 50% 60 reload-into-ims
refresh_pattern -i \.js$ 10 50% 60 reload-into-ims
refresh_pattern -i \.xml$ 10 50% 30 reload-into-ims

refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /blog.zhangjianfeng.com/app/squid2.6.22/var/cache