Squid3.0反向代理实现负载均衡

精选转载

Linux小璇 2016-01-03 23:02:56 博主文章分类：Linux文章

文章标签 null local 文章分类 负载均衡服务器

生成环境一直用apache做反向代理，但感觉功能不是很强大，于是换成了Squid,配置挺简单的：

环境：CentOS 5.2 Squid 3.0

后端IIS: 172.16.88.228

172.16.8.58

安装squid:

[root@localhost ~]#tar xvf squid-3.0.STABLE21.tar

[root@localhost ~]#cd squid-3.0

[root@localhost ~]# ./configure --prefix=/usr/local/squid --enable-dlmalloc --enable-gnuregex --enable-async-io --enable-removal-policies='heap,l
ru' --enable-delay-pools --enable-snmp --enable-storeio='ufs,aufs,null' --disable-wccp --enable-kill-parent-hack --disable-select --
enable-auth=basic --with-aio --disable-ident-lookup --with-filedescriptors=65536 --enable-err-languages="Simplify_Chinese" --enable-
default-err-languages="Simplify_Chinese" --enable-ssl

[root@localhost ~]# make

[root@localhost ~]# make install

安装完成，修改配置文件，在配置文件最后增加：

[root@localhost ~]# vim /usr/local/squid/conf/squid.conf

#test Http Proxy
cache_peer 172.16.88.58 parent 80 0 no-query originserver name=test1
cache_peer_domain test1 www.test.com
cache_peer_domain test1 .test.com

#单机无负载均衡

#test Http Proxy
cache_peer 172.16.88.228 parent 80 0 no-query originserver round-robin name=test1
cache_peer 172.16.88.58 parent 80 0 no-query originserver round-robin name=test2
cache_peer_domain test1 www.test.com
cache_peer_domain test1 .test.com
cache_peer_domain test2 www.test.com
cache_peer_domain test2 .test.com

#负载均衡配置

反向代理Https:

#testssl https Proxy
https_port 443 accel defaultsite=www.testssl.com cert=/etc/httpd/ssl2/www.testssl.com.crt key=/etc/httpd/ssl2/www.testssl.com.key cafile=/etc/httpd/ssl2/intermediate.crt vhost vport protocol=https
cache_peer 172.16.88.228 parent 8080 0 no-query originserver round-robin name=testssl_http1
cache_peer 172.16.88.58 parent 8080 0 no-query originserver round-robin name=testssl_http2
cache_peer_domain testssl_http1 www.testssl.com
cache_peer_domain testssl_http1 .testssl.com
cache_peer_domain testssl_http2 www.testssl.com
cache_peer_domain testssl_http2 .testssl.com

#反向代理https

想用Awstats分析squid日志的话加上：

logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{referer}="" style="word-wrap: break-word;">h" "%{User-Agent}>h" %Ss:%Sh %{host}>h %tr

access_log /usr/local/squid/var/logs/access.log combined

有的ssl证书有密码，那样的话每次启动Squid都会要求输入证书密码，这样很不方便，有个方法可以解决：

加上下面这行配置：

sslpassword_program /usr/local/squid/bin/sslkey.sh

[root@localhost ~]# cat /usr/local/squid/bin/sslkey.sh

#! /bin/bash
echo "1234" #(1234就是ssl证书密码)

完成！