Squid代理缓存
Squid源码安装:
tar xf squid-3.5.27.tar.gz //包要自己传或下载
yum -y install \
gcc \
gcc-c++ \
make \
pcre-devel \
expat-devel \
perl
yum install perl-devel
cd /squid-3.5.27/
./configure --prefix=/usr/local/squid --sysconfdir=/etc --enable-arp-acl --enable-linux-netfilter --enable-linux-tproxy --enable-async-io=100 --enable-err-language="Simplify_Chinese" --enable-underscore --enable-poll --enable-gnuregex
make && make install
ln -s /usr/local/squid/sbin/* /usr/local/sbin
useradd -M -s /sbin/nologin squid
chown -R squid:squid /usr/local/squid/var/
vi /etc/squid.conf
http_port 3128 //在下面新增
visible_hostname 192.168.100.10
cache_mem 64 MB
cache_swap_low 80
cache_swap_high 97
cache_dir ufs /usr/local/squid/var/cache/squid 512 16 256 //配置硬盘缓存,打开#.缓存目录512M,其中一级目录16个,二级256个
cache_effective_user squid
cache_effective_group squid
squid -k parse //检查配置文件

squid –k rec //重新加载配置文件

squid -zX //初始化缓存目录
制作启动脚本
vi /etc/init.d/squid

#!/bin/bash
#chkconfig: 35 90 25
#config: /etc/squid.conf
#pidfile: /usr/local/squid/var/run/squid.pid
#Description: Squid - Internet Object Cache

PID="/usr/local/squid/var/run/squid.pid"
CONF="/etc/squid.conf"
CMD="/usr/local/squid/sbin/squid"

case "$1" in
start)
netstat -utpln | grep squid &>/dev/null
if [ $? -eq 0 ]
then
echo "Squid is running"
else
$CMD
fi
;;
stop)
$CMD -k kill &>/dev/null
rm -rf $PID &>/dev/null
;;
status)
[ -f $PID ] &>/dev/null
if [ $? -eq 0 ]
then
netstat -utpln | grep squid
else
echo "Squid is not running"
fi
;;
restart)
$0 stop &>/dev/null
echo "正在关闭Squid..."
$0 start &>/dev/null
echo "正在启动Squid..."
;;
reload)
$CMD -k reconfigure
;;
check)
$CMD -k parse
;;
*)
echo "用法:{start | stop | restart | reload | check | status}"
Esac
chmod +x /etc/init.d/squid
chkconfig --add squid
chkconfig squid on
service squid start
netstat -anpt | grep 3128

透明缓存原理图:
squid代理缓存_第1张图片
配置squid服务器内网卡ens33,外网卡ens37
内:192.168.100.10
外:12.0.0.1 //无网关
web服务器:12.0.0.100 网关12.0.0.1
客户:192.168.100.7 网关192.168.100.10
Squid服务器配置:
路由转发功能开启:
cd /proc/sys/net/ipv4
将 echo 1 > ip_forward 值改为1
[root@localhost ipv4]# vi /etc/squid.conf
将http_port 3128 改为http_port 192.168.100.10:3128 transparent
[root@localhost ipv4]# service squid restart
[root@localhost ipv4]# netstat -anpt | grep 3128
tcp 0 0 192.168.100.10:3128 0.0.0.0: LISTEN 2627/(squid-1)
[root@localhost ipv4]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 //squid自己就是服务器不需要网关 vmnet1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=11760568-1042-45fd-8c3e-cddf5b90678e
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
[root@localhost ipv4]# cat /etc/sysconfig/network-scripts/ifcfg-ens37 //cp ifcfg-ens33 ifcfg-ens37 自己复制过来改成以下 记得修改vmnet2
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens37
DEVICE=ens37
ONBOOT=yes
IPADDR=12.0.0.1
NETMASK=255.255.255.0
[root@localhost ipv4]# iptables -F
[root@localhost ipv4]# iptables -t nat -I PREROUTING -i ens33 -s 192.168.100.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
[root@localhost ipv4]# iptables -t nat -I PREROUTING -i ens33 -s 192.168.100.0/24 -p tcp --dport 443 -j REDIRECT --to 3128
[root@localhost ipv4]# iptables -I INPUT -p tcp --dport 3218 -j ACCEPT
配置web httpd服务:
squid代理缓存
这里记得修改网卡,vmnet2
squid代理缓存
squid代理缓存
Vm虚拟机网卡配置:
squid代理缓存
squid代理缓存_第2张图片

squid代理缓存_第3张图片
squid代理缓存_第4张图片
Client端widows7网卡配置如下:
squid代理缓存_第5张图片
Client端网页访问12.0.0.100
squid代理缓存_第6张图片
查看squid服务器日志:cat /usr/local/squid/var/logs/access_log
squid代理缓存
配置sarg日志分析软件--用来分析squid服务的日志
注意:需要在代理服务器上安装WWW服务器
[root@localhost sarg-2.3.11]# yum install httpd gd -y
[root@localhost sarg-2.3.11]# systemctl restart httpd
[root@localhost sarg-2.3.11]# tar xf sarg-2.3.11.tar.gz
[root@localhost sarg-2.3.11]# cd sarg-2.3.11
[root@localhost sarg-2.3.11]# ./configure --prefix=/usr/local/sarg --sysconfdir=/etc/sarg --enable-extraprotection
[root@localhost sarg-2.3.11]# make && make install
[root@localhost sarg-2.3.11]# vi /etc/sarg/sarg.conf 去掉#号修改的地方修改
7 access_log /usr/local/squid/var/logs/access.log //squid的访问日志位置
25 title "Squid User Access Reports" //网页标题
120 output_dir /var/www/html/squid-reports //分析报告的存放位置
178 user_ip no //不使用IP代替用户ID
184 topuser_sort_field BYTES reverse //升序排列
190 user_sort_field BYTES reverse
206 exclude_hosts /usr/local/sarg/noreport //设置不生成报告的主机
257 overwrite_report no
289 mail_utility mailx //指定发邮件命令
434 charset UTF-8
518 weekdays 0-6 //指定top排序星期周期
523 hours 7-12,14,16,18-20 //指定top排序时间周期
633 www_document_root /var/www/html //网页根目录
[root@localhost sarg-2.3.11]# touch /usr/local/sarg/noreport //建立不生成报告的主机列表文件
[root@localhost sarg-2.3.11]# ln -s /usr/local/sarg/bin/sarg /usr/local/bin/
[root@localhost sarg-2.3.11]# sarg //访问几次会有记录
SARG: Records in file: 627, reading: 100.00%
SARG: Successful report generated on /var/www/html/squid-reports/2019Jan10-2019Jan10
访问:http://192.168.100.10/squid-reports/ //访问日志页
squid代理缓存_第7张图片
配置反向代理:当外网主机访问缓存服务器外网口址时,实现内网调度,同时可以缓存提速,保护内网服务器
[root@localhost ~]# vi /etc/squid.conf
http_port 192.168.100.10:80 accel vhost vport
cache_peer 192.168.100.20 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web1
cache_peer 192.168.100.30 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web2
cache_peer_domain web1 web2 www.aa.com //添加
*修改真机host文件
squid代理缓存
192.168.100.20 www.aa.com
192.168.100.30 www.aa.com
squid代理缓存_第8张图片
[root@localhost ~]# service squid restart
[root@localhost ~]# netstat -anpt | grep squid
tcp 0 0 192.168.100.10:80 0.0.0.0: LISTEN 980/(squid-1)
在客户端测试效果:www.aa.com
**注意internet选项打开代理选项
squid代理缓存_第9张图片
squid代理缓存_第10张图片
squid代理缓存_第11张图片
自动轮询,反向代理成功!