squid编译安装参数
- ./configure --prefix=/usr/local/squid \
- --disable-carp \
- --with-aufs-threads=32 \
- --with-pthreads \
- --with-large-files \
- --enable-storeio='ufs,aufs' \
- --enable-disk-io='AIO,Blocking' \
- --enable-removal-policies='heap,lru' \
- --disable-wccp \
- --enable-kill-parent-hack \
- --enable-snmp \
- --disable-poll \
- --disable-select \
- --disable-ipv6 \
- --enable-auth=basic \
- --with-aio \
- --disable-ident-lookup \
- --enable-useragent-log \
- --enable-referer-log \
- --with-filedescriptors=65536 \
- --with-pidfile=/var/run/squid.pid
如果出现下面的错误
- configure: error: C++ compiler cannot create executables
- See `config.log' for more details
- configure: error: ./configure failed for lib/libTrie
请安装
- yum install kdevelop
- yum install gcc-c++
安装
- #make && make install
初始化cache目录
- # squid -z
squid.conf配置
- http_port 80 accel vhost vport
- logfile_rotate 10
- log_fqdn off
- cache_swap_low 90
- cache_swap_high 97
- cache_mem 10240 MB
- cache_mgr Henry
- cachemgr_passwd password all
- cache_effective_user squid
- cache_effective_group squid
- coredump_dir /usr/local/squid/var/cache
- cache_dir ufs /usr/local/squid/var/cache 51200 16 256
- cache_replacement_policy lru
- memory_replacement_policy lru
- cache_store_log none
- cache_access_log /usr/local/squid/var/logs/access.log
- cache_log /usr/local/squid/var/logs/cache.log
- fqdncache_size 1024
- mime_table /usr/local/squid/etc/mime.conf
- error_directory /usr/local/squid/share/errors/en-us/
- icon_directory /usr/local/squid/share/icons/
- err_page_stylesheet /usr/local/squid/etc/errorpage.css
- emulate_httpd_log on
- max_open_disk_fds 0
- maximum_object_size 50 MB
- minimum_object_size 0 KB
- maximum_object_size_in_memory 5120 KB
- pipeline_prefetch on
- forwarded_for off
- forward_timeout 2 minutes
- client_lifetime 1 hours
- client_persistent_connections off
- server_persistent_connections on
- half_closed_clients off
- httpd_suppress_version_string on
- check_hostnames off
- visible_hostname proxy.xxx.xxx
- pid_filename /var/run/squid.pid
- vary_ignore_expire off
- negative_ttl 0 minutes
- reply_header_access Server deny all
- reply_header_access X-Cache deny all
- reply_header_access Warning deny all
- reply_header_access Expires deny all
- reply_header_access Cache-Control deny all
- reply_header_access age deny all
- acl localhost src 127.0.0.1/32
- acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
- acl manager proto cache_object
- acl SSL_ports port 443 563
- acl Safe_ports port 80 # http
- acl Safe_ports port 3130 # icp
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- acl PURGE method PURGE
- icp_port 3130
- icp_hit_stale off
- icp_access allow all
- cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange originserver name=a
- cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange originserver name=b
- cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange originserver name=c
- #cache_peer 192.168.1.160 sibling 3128 3130 name=cache01
- #cache_peer 192.168.1.130 sibling 80 3130 name=cache02
- #cache_peer 192.168.1.159 sibling 3128 3130 name=cache03
- cache_peer_domain a xxx.xxx.xxx.xxx
- cache_peer_domain b xxx.xxx.xxx.xxx
- cache_peer_domain c xxx.xxx.xxx.xxx
- cache_peer_access a allow all
- cache_peer_access b allow all
- cache_peer_access c allow all
- peer_connect_timeout 30 seconds
- request_timeout 1 minutes
- persistent_request_timeout 2 minutes
- hierarchy_stoplist -i ^https:\\ ? cgi-bin ?
- acl QUERY urlpath_regex -i cgi-bin \? \.asp \.php \.jsp \.cgi Servlet
- acl denyssl urlpath_regex -i ^https:\\
- no_cache deny QUERY
- no_cache deny denyssl
- #acl broken302 http_status 400-404 302
- http_access allow manager localhost
- http_access allow PURGE localhost
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- #http_access deny broken302
- http_access allow localhost all
- http_access allow all
- http_access deny all
- #SNMP with Cacti config here
- snmp_port 3401
- acl snmppublic snmp_community valesquid
- snmp_access allow snmppublic localhost
- snmp_access deny all
- #snmp_incoming_address 0.0.0.0
- #snmp_outgoing_address 0.0.0.0
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern . 0 20% 4320
- refresh_pattern -i \.jpg$ 1440 90% 2880
- refresh_pattern -i \.gif$ 1440 90% 2880
- refresh_pattern -i \.jpg$ 1440 50% 2880
- refresh_pattern -i \.rar$ 1440 50% 2880
- refresh_pattern -i \.zip$ 1440 50% 2880
- refresh_pattern -i \.doc$ 1440 50% 2880
- refresh_pattern -i \.ppt$ 1440 50% 2880
- refresh_pattern -i \.js$ 60 50% 2880
- refresh_pattern -i \.css$ 60 50% 2880
- refresh_pattern -i \.html$ 60 50% 1440
- refresh_pattern -i \.txt$ 1440 50% 2880
后端的apache虚拟主机部分
- # -----------------------------
- # add by Henry He on 2011/04/11
- # -----------------------------
- <VirtualHost *:8080>
- ServerAdmin xxx.xxx.xxx
- ServerName xxx.xxx.xxx
- ServerAlias xxx.xxx.xxx
- DocumentRoot "/var/www/xxxx"
- #ErrorLog "logs/xxx.xxx.xxx-error_log"
- #CustomLog "logs/xxx.xxx.xxx-access_log" combined
- </VirtualHost>
- <VirtualHost *:8080>
- ServerAdmin xxx.xxx.xxx
- ServerName xxx.xxx.xxx
- ServerAlias xxx.xxx.xxx
- DocumentRoot "/var/www/xxx.com"
- </VirtualHost>
- # ----------------------- end ------------------------------
PS:
apache的log显示ip来源都是127.0.0.1,修改配置文件使其可以正常记录来访IP
修改前:
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
修改后
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
快速清空cache
- echo "" > /usr/local/squid/var/cache/swap.state
对于类似http://xxx.xxx.xxx/default.html之类的网页,squid只会生成一个缓存文件。可以用squid附带的squidclient工具清除:
- squidclient -m PURGE -p 80 "http://xxx.xxx.xxx/default.html"
squid命中率查看
- squidclient -p 80 -U Henry -W xxxx mgr:info |grep -i hit
- Hits as % of all requests: 5min: 62.1%, 60min: 64.1%
- Hits as % of bytes sent: 5min: 63.4%, 60min: 60.6%
- Memory hits as % of hit requests: 5min: 97.3%, 60min: 89.7%
- Disk hits as % of hit requests: 5min: 0.2%, 60min: 0.1%
- Cache Hits: 0.00000 0.00000
- Near Hits: 0.00091 0.00091
内存使用情况:
- squidclient -p 80 -U Henry -W password mgr:mem
该指令可以看到在squid运行过程中,有那些文件被squid缓存到内存中,并返回给访问用户。
- tail -f /usr/local/squid/var/logs/access.log |grep TCP_MEM_HIT
- tail -f /usr/local/squid/var/logs/access.log |grep TCP_HIT
该指令可以看到在squid运行过程中,有那些文件没有被squid缓存,而是现重原始服务器获取并返回给访问用户。
- tail -f /usr/local/squid/var/logs/access.log |grep TCP_MISS