Companies need to move the server, from A to B Rack Cabinet, the distance between the two cabinets is 10 meters.Haha.So close, despite the very close, but not the same IP segment.Therefore, web, dns, mail, mysql had to switch.Over here, the first to write a number of preparatory work before the switch, squid reverse proxy is one of them.
One. The concept of reverse proxy
What is a reverse proxy? In fact, the reverse proxy that is commonly referred to as WEB server acceleration, it is a busy through the WEB server and add a high-speed Internet WEB between the cache server (ie: WEB reverse proxyserver) to reduce the actual WEB server load.
Web server acceleration (reverse proxy) is provided for Web server acceleration.As a proxy Cache, but not for browser users, but for one or more specific Web server (this is also the origin of the name of the reverse proxy).Implementation of the reverse proxy (shown above), as long as the Reverse Proxy Cache device placed in one or more front-end Web servers can be.When Internet users visit a WEB server, DNS server, parsed through the IP address is the IP address Reverse Proxy Server, not the IP address of the original Web server, then Reverse Proxy Server devices as Web servers, browsers and it can beconnected directly with the Web server no longer connected.Therefore, a large number of Web service workload is offloaded to the reverse proxy service.External hosts can not only prevent the direct and web server security risks caused by direct communication, and can substantially reduce the burden on web servers to improve the access speed.
When the user's browser sends a HTTP request, by domain name resolution requests directed to the reverse proxy server (if multiple reverse proxy server, WEB, WEB servers require multiple domain names point to the reverse proxy server).Request by the reverse proxy server processor.Reverse proxy cache can generally only buffer data (such as html pages and images, etc.), and some CGI scripts or ASP and the like does not cache.It is based on WEB server returned from the HTTP header tags to buffer the static pages.
III. Squid reverse proxy to do
1. Install
Note: If the system is redhat 9, libraries need to install epoll (epoll effectively reduce the system's I / 0 bottlenecks, resource utilization)
wget http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE2.tar.gz
For security reasons, the establishment of squid user and group to run
useradd squid-M-c "Squid user"-d / dev / null-s / sbin / nologin
tar zxvf squid-3.0.STABLE2.tar.gz
cd squid-3.0.STABLE2
. / Configure - prefix = / usr/local/squid3 - disable-carp - with-aufs-threads = 32 - with-pthreads - enable-storeio = 'ufs, aufs, coss, null' - enable-disk-io = 'AIO, Blocking' - enable-removal-policies = 'heap, lru'
- Disable-wccp - enable-kill-parent-hack - disable-snmp - disable-poll - disable-select - enable-auth = basic - with-aio
- Disable-ident-lookup - with-filedescriptors = 65536
Compilation parameters:
- Prefix = / usr/local/squid3: Specifies the installation path is easy to manage
- Enable-poll: improve performance
- Enable-snmp: This option allows MRTG using SNMP protocol on the server monitors the status of traffic, so this must be selected so that Squid
Supports SNMP interface.
- Enable-storeio = ufs, null # use the file system is usually the default ufs, but if you want to be a proxy does not cache any files
Server, you need to add null file system.
Wait for all the other parameters to explain.HOHO ~
make; make install
Installed.
2. Configuration
Note: squid configuration file: / usr/local/squid3/etc/squid.conf
This is the most important and most difficult.
http_port 80 option http_port monitor HTTP request specifies the port squid is generally set to port 80, so that users do not feel the presence of reverse proxy, as access to real
The WEB server.
cache_mem 128 MB shared memory size (squid in the provision of services of memory when used)
maximum_object_size_in_memory 512 KB of memory cache OBJECT maximum value of ~ if more than is no longer stored in memory and IO in the cache ~!
memory_replacement_policy lru replacement mechanism (lru unit called the latest unit is not commonly used in general is often said that the object is, for example when the contents of the cache memory or hard to reach the upper limit of the data, then the need for change in and for the work)
cache_dir null / tmp cache_dir cache content is stored in the physical storage of point object
cache_dir ufs / tmp1 10000 16 256 (/ tmp size L1 L2)
100G level directory in which a layer 1 16 and each directory there are 2 layers of 256 directory [or directory]
# Disk cache and directory type, size, setting the primary and secondary directory, where the disk cache size is 10G
ufs is a file storage for os usually get data from memory so the memory of things written on the hard disk must be the last ~
sync synchronization time with the ufs then the squid is the same
ufs is generally written to memory and hard drive simultaneously
Note: size M for the unit in accordance with this directory will limit the maximum storage capacity
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 4096 KB
logformat squid% ts.% 03tu% 6tr%> a% Ss /% 03Hs% set log storage format in the access_log ~
access_log / usr/local/squid3/var/logs/access.log squid
access_log logs for the client request
cache_log / usr/local/squid3/var/logs/cache.log
Running Log for the squid's own
pid_filename / usr/local/squid3/var/logs/squid.pid
The three are set to PID and log file location
cache_store_log none does not record store.log
visible_hostname liuyu.blog.51cto.com
liuyu.blog.51cto.com only labels that help check whether your device in the provision of services!
cache_peer 192.168.1.53 parent 80 0 no-query round-robin max-conn = 32 originserver
squid2.5 cache_peer used above are required to specify the server's IP agent it is important! the squid and the web in this case not on the same server, so the need to specify the WEB server IP cache_peer
acl all src 0.0.0.0/0.0.0.0
acl QUERY urlpath_regex cgi-bin. php. cgi. avi. wmv. rm. ram. mpg. mpeg. zip. exe
cache deny QUERY
cache_effective_user squid
cache_effective_group squid
So I log on here are recorded in: / usr/local/squid3/var/logs in
The appropriate permissions to the directory
chmod 666-R / usr/local/squid3/var/logs
chown squid: squid-R / usr/local/squid3/var/logs
Save the configuration!
3. Test configuration is correct
# / Usr/local/squid2/sbin/squid-k parse
Appears ERROR:
WARNING: Cannot write log file: / usr/local/squid3/var/logs/cache.log
/ Usr/local/squid3/var/logs/cache.log: Permission denied
messages will be sent to 'stderr'.
2008/03/13 12:53:09 | Creating Swap Directories
FATAL: Failed to make swap directory / usr/local/squid3/var/cache: (13) Permission denied
It is clear authority does not, the revised test passed!
/ Usr/local/squid2/sbin/squid-z
-Z Create swap directories is to create a SWAP directory! That is, the directory cache_dir
Related debugging commands:
http://bbs.chinaunix.net/thread-960422-1-1.html
4. Start squid
/ Usr/local/squid3/sbin/squid-Nd1
ps aux | grep squid to see if start
5. Test Access WEB site
Hosts file to point to the local squid proxy server
Appears ERROR:
Access Denied.
Access Denied
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if
you feel this is incorrect.
The current access control configuration prevents your request is accepted, if you think this is wrong, please contact your Internet service provider.
The cache server administrator: webmaster
Profile settings right:
acl all src 0.0.0.0/0.0.0.0
http_access allow all
Re-test: OK all normal ~ ~ ~
View the log as usual.
IV. Configuration squid is a convenient web switch, as dns, mysql, mail article please look forward to switching.
In general, squid configuration is not a lot of trouble, mainly in the configuration file for each one, the impact on the server is very important.Details determine success.