Squid 代理服务之反向代理服务器架构搭建
文章目录
- 1. 服务器配置
- 2. 配置 Squid 服务器
-
- 2.1 修改 squid 配置文件
- 2.2 清空无效的路由规则,重启 squid
- 3. Web 服务器页面准备
-
- 3.1 WEB1
- 3.2 WEB2
- 4. 客户端访问测试
-
- 4.1 添加主机映射
- 4.2 访问 www.test.com 测试
- 4.3 查看 squid 访问记录
- 4.4 查看 Web 服务器访问记录
1. 服务器配置
| 服务器 | 主机名 | IP地址 | 主要软件 |
|---|---|---|---|
| Squid 服务器 | squid_server | 192.168.10.20 | squid |
| Web1 服务器 | web_server1 | 192.168.10.30 | apache |
| Web2 服务器 | web_server2 | 192.168.10.40 | apache |
| Win10 客户端 | 192.168.10.85 | edge 浏览器 |
2. 配置 Squid 服务器
2.1 修改 squid 配置文件
[root@squid_server ~]# vim /etc/squid.conf
······
##60行,插入
http_port 192.168.10.20:80 accel vhost vport
http_port 192.168.10.20:443 accel vhost vport
cache_peer 192.168.10.30 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web1
cache_peer 192.168.10.40 parent 80 0 no-query originaservr round-robin max_conn=30 weight=1 name=web2
cache_peer_domain web1 web2 www.test.com
##表示对 www.test.com 的请求,squid 向 192.168.10.30 和 192.168.10.40 的 80 端口发出请求
参数解释:
---
http_port 192.168.10.20:80 accel vhost vport
squid 从一个缓存应用变成了供 Web 服务器使用的加速应用,这个时候 squid 在 80 端口监听请求,同时和 web server 的请求端口 vhost vport 绑定。这个时候请求到了 squid,squid 是不用转发请求的,而是直接要么从缓存中拿数据要么向绑定的端口直接请求数据。
accel:反向代理加速模式
vhost:支持域名或主机名来表示代理节点
vport:支持 IP 和端口来表示代理节点
---
cache_peer 192.168.10.30 parent 80 0 no-query originserver round-robin max_conn=30 weight=1 name=web1
parent:代表父节点,上下关系,非平级关系
80:代理内部 web 服务器的 80 端口
0:没有使用 ICP(电信运营商),表示就一台 squid 服务器
no-query:不做查询操作,直接获取数据
originserver:指定是源服务器
ronud-robin:指定 squid 通过轮询的方式将请求分发到其中一台父节点
max_conn:指定最大连接数
weight:指定权重
name:设置别名
2.2 清空无效的路由规则,重启 squid
iptables -F
iptables -t nat -F
systemctl restart squid
3. Web 服务器页面准备
3.1 WEB1
yum install -y httpd
systemctl start httpd && systemctl enable httpd
echo "this is a web_server1_test" > /var/www/html/index.html
3.2 WEB2
yum install -y httpd
systemctl start httpd && systemctl enable httpd
echo "this is a web_server2_test" > /var/www/html/index.html
4. 客户端访问测试
4.1 添加主机映射
4.2 访问 www.test.com 测试
4.3 查看 squid 访问记录
[root@squid_server ~]#tail -f /usr/local/squid/var/logs/access.log
1635949549.700 2 192.168.10.85 TCP_MISS/200 361 GET http://www.test.com/ - ROUNDROBIN_PARENT/192.168.10.40 text/html
1635949549.850 2 192.168.10.85 TCP_MISS/404 464 GET http://www.test.com/favicon.ico - ROUNDROBIN_PARENT/192.168.10.30 text/html
1635949553.697 1 192.168.10.85 TCP_REFRESH_UNMODIFIED/304 225 GET http://www.test.com/ - ROUNDROBIN_PARENT/192.168.10.40 -
1635950048.500 1 192.168.10.85 TCP_REFRESH_MODIFIED/200 363 GET http://www.test.com/ - ROUNDROBIN_PARENT/192.168.10.30 text/html
1635950048.957 1 192.168.10.85 TCP_REFRESH_MODIFIED/200 361 GET http://www.test.com/ - ROUNDROBIN_PARENT/192.168.10.40 text/html
1635950086.040 2 192.168.10.85 TCP_REFRESH_MODIFIED/200 363 GET http://www.test.com/ - ROUNDROBIN_PARENT/192.168.10.30 text/html
1635950086.764 2 192.168.10.85 TCP_REFRESH_MODIFIED/200 363 GET http://www.test.com/ - ROUNDROBIN_PARENT/192.168.10.40 text/html
1635950087.371 1 192.168.10.85 TCP_REFRESH_MODIFIED/200 363 GET http://www.test.com/ - ROUNDROBIN_PARENT/192.168.10.30 text/html
1635950087.828 1 192.168.10.85 TCP_REFRESH_MODIFIED/200 363 GET http://www.test.com/ - ROUNDROBIN_PARENT/192.168.10.40 text/html
1635950088.259 1 192.168.10.85 TCP_REFRESH_MODIFIED/200 363 GET http://www.test.com/ - ROUNDROBIN_PARENT/192.168.10.30 text/html
一开始访问为 TCP_MISS,说明 squid 没有缓存数据并 GET 网站静态资源,且两次访问都是 RR 轮询,访问结果分别是 web2 和 web1。
后面变成 TCP_REFRESH_UNMODIFIED,说明 squid 服务器中已有网页资源,并直接向客户端返回网页数据。
4.4 查看 Web 服务器访问记录
web1
[root@web_server1 ~]#tail -f /var/log/httpd/access_log
192.168.10.20 - - [03/Nov/2021:22:26:00 +0800] "GET / HTTP/1.1" 200 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:26:02 +0800] "GET / HTTP/1.1" 200 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:04 +0800] "GET / HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:06 +0800] "GET / HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:07 +0800] "GET / HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:08 +0800] "GET / HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:46 +0800] "GET / HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:47 +0800] "GET / HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:48 +0800] "GET / HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:36:18 +0800] "GET / HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
web2
[22:44:48 root@web_server2~]#tail -f /var/log/httpd/access_log
192.168.10.20 - - [03/Nov/2021:22:26:01 +0800] "GET http://www.test.com/ HTTP/1.1" 200 25 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:03 +0800] "GET http://www.test.com/ HTTP/1.1" 200 25 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:05 +0800] "GET http://www.test.com/ HTTP/1.1" 200 25 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:06 +0800] "GET http://www.test.com/ HTTP/1.1" 200 25 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:08 +0800] "GET http://www.test.com/ HTTP/1.1" 200 25 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:08 +0800] "GET http://www.test.com/ HTTP/1.1" 200 25 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:46 +0800] "GET http://www.test.com/ HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:34:47 +0800] "GET http://www.test.com/ HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:36:18 +0800] "GET http://www.test.com/ HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
192.168.10.20 - - [03/Nov/2021:22:36:31 +0800] "GET http://www.test.com/ HTTP/1.1" 200 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Edg/95.0.1020.40"
访问请求来自于 squid 代理服务器,无法查看到客户端 IP。