Squid代理缓存
Squid源码安装:
tar xf squid-3.5.27.tar.gz //包要自己传或下载
yum -y install
gcc
gcc-c++
make
pcre-devel
expat-devel
perl
yum install perl-devel
cd /squid-3.5.27/
./configure --prefix=/usr/local/squid --sysconfdir=/etc --enable-arp-acl --enable-linux-netfilter --enable-linux-tproxy --enable-async-io=100 --enable-err-language="Simplify_Chinese" --enable-underscore --enable-poll --enable-gnuregex
make && make install
ln -s /usr/local/squid/sbin/* /usr/local/sbin
useradd -M -s /sbin/nologin squid
chown -R squid:squid /usr/local/squid/var/
vi /etc/squid.conf
http_port 3128 //在下面新增
visible_hostname 192.168.100.10
cache_mem 64 MB
cache_swap_low 80
cache_swap_high 97
cache_dir ufs /usr/local/squid/var/cache/squid 512 16 256 //配置硬盘缓存,打开#.缓存目录512M,其中一级目录16个,二级256个
cache_effective_user squid
cache_effective_group squid
squid -k parse //检查配置文件
squid –k rec //重新加载配置文件
squid -zX //初始化缓存目录 制作启动脚本 vi /etc/init.d/squid
#!/bin/bash #chkconfig: 35 90 25 #config: /etc/squid.conf #pidfile: /usr/local/squid/var/run/squid.pid #Description: Squid - Internet Object Cache
PID="/usr/local/squid/var/run/squid.pid" CONF="/etc/squid.conf" CMD="/usr/local/squid/sbin/squid"
case "$1" in start) netstat -utpln | grep squid &>/dev/null if [ $? -eq 0 ] then echo "Squid is running" else $CMD fi ;; stop) $CMD -k kill &>/dev/null rm -rf $PID &>/dev/null ;; status) [ -f $PID ] &>/dev/null if [ $? -eq 0 ] then netstat -utpln | grep squid else echo "Squid is not running" fi ;; restart) $0 stop &>/dev/null echo "正在关闭Squid..." $0 start &>/dev/null echo "正在启动Squid..." ;; reload) $CMD -k reconfigure ;; check) $CMD -k parse ;; *) echo "用法:{start | stop | restart | reload | check | status}" Esac chmod +x /etc/init.d/squid chkconfig --add squid chkconfig squid on service squid start netstat -anpt | grep 3128
透明缓存原理图:
配置squid服务器内网卡ens33,外网卡ens37
内:192.168.100.10
外:12.0.0.1 //无网关
web服务器:12.0.0.100 网关12.0.0.1
客户:192.168.100.7 网关192.168.100.10
Squid服务器配置:
路由转发功能开启:
cd /proc/sys/net/ipv4
将 echo 1 > ip_forward 值改为1
[root@localhost ipv4]# vi /etc/squid.conf
将http_port 3128 改为http_port 192.168.100.10:3128 transparent
[root@localhost ipv4]# service squid restart
[root@localhost ipv4]# netstat -anpt | grep 3128
tcp 0 0 192.168.100.10:3128 0.0.0.0:* LISTEN 2627/(squid-1)
[root@localhost ipv4]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 //squid自己就是服务器不需要网关 vmnet1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=11760568-1042-45fd-8c3e-cddf5b90678e
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
[root@localhost ipv4]# cat /etc/sysconfig/network-scripts/ifcfg-ens37 //cp ifcfg-ens33 ifcfg-ens37 自己复制过来改成以下 **记得修改vmnet2
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens37
DEVICE=ens37
ONBOOT=yes
IPADDR=12.0.0.1
NETMASK=255.255.255.0
[root@localhost ipv4]# iptables -F
[root@localhost ipv4]# iptables -t nat -I PREROUTING -i ens33 -s 192.168.100.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
[root@localhost ipv4]# iptables -t nat -I PREROUTING -i ens33 -s 192.168.100.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
[root@localhost ipv4]# iptables -I INPUT -p tcp --dport 3218 -j ACCEPT
配置web httpd服务:
***这里记得修改网卡,vmnet2
Vm虚拟机网卡配置:
Client端widows7网卡配置如下:
Client端网页访问12.0.0.100
查看squid服务器日志:cat /usr/local/squid/var/logs/access_log
配置sarg日志分析软件--用来分析squid服务的日志
注意:需要在代理服务器上安装WWW服务器
[root@localhost sarg-2.3.11]# yum install httpd gd -y
[root@localhost sarg-2.3.11]# systemctl restart httpd
[root@localhost sarg-2.3.11]# tar xf sarg-2.3.11.tar.gz
[root@localhost sarg-2.3.11]# cd sarg-2.3.11
[root@localhost sarg-2.3.11]# ./configure --prefix=/usr/local/sarg --sysconfdir=/etc/sarg --enable-extraprotection
[root@localhost sarg-2.3.11]# make && make install
[root@localhost sarg-2.3.11]# vi /etc/sarg/sarg.conf 去掉#号修改的地方修改
7 access_log /usr/local/squid/var/logs/access.log //squid的访问日志位置
25 title "Squid User Access Reports" //网页标题
120 output_dir /var/www/html/squid-reports //分析报告的存放位置
178 user_ip no //不使用IP代替用户ID
184 topuser_sort_field BYTES reverse //升序排列
190 user_sort_field BYTES reverse
206 exclude_hosts /usr/local/sarg/noreport //设置不生成报告的主机
257 overwrite_report no
289 mail_utility mailx //指定发邮件命令
434 charset UTF-8
518 weekdays 0-6 //指定top排序星期周期
523 hours 7-12,14,16,18-20 //指定top排序时间周期
633 www_document_root /var/www/html //网页根目录
[root@localhost sarg-2.3.11]# touch /usr/local/sarg/noreport //建立不生成报告的主机列表文件
[root@localhost sarg-2.3.11]# ln -s /usr/local/sarg/bin/sarg /usr/local/bin/
[root@localhost sarg-2.3.11]# sarg //访问几次会有记录
SARG: Records in file: 627, reading: 100.00%
SARG: Successful report generated on /var/www/html/squid-reports/2019Jan10-2019Jan10
访问:http://192.168.100.10/squid-reports/ //访问日志页
配置反向代理:当外网主机访问缓存服务器外网口址时,实现内网调度,同时可以缓存提速,保护内网服务器
[root@localhost ~]# vi /etc/squid.conf
http_port 192.168.100.10:80 accel vhost vport
cache_peer 192.168.100.20 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web1
cache_peer 192.168.100.30 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web2
cache_peer_domain web1 web2 www.aa.com //添加
*修改真机host文件
192.168.100.20 www.aa.com
192.168.100.30 www.aa.com
[root@localhost ~]# service squid restart
[root@localhost ~]# netstat -anpt | grep squid
tcp 0 0 192.168.100.10:80 0.0.0.0: LISTEN 980/(squid-1)
在客户端测试效果:www.aa.com
**注意internet选项打开代理选项
自动轮询,反向代理成功!