squid proxy deploy
It is a forward agent in this article, it can accelerate browing speed in poor network quality.
client: 192.168.17.100 WIN7
server: 192.168.137.24 CentOS 6.5
software: squid-2.7.STABLE9.tar.gz
steps:
1. install compile tools and other depend packages
yum install gcc gcc-c++ autoconf bison automake zlib* fiex* libxml* ncurses-devel libmcrypt*
libtool-ltdl-devel*
2. generate log and cahe dictionary
mkdir /var/log/squid
chown nobody:nobody /var/log/squid
mkdir /var/spool/squid
chown nobody:nobody /var/spool/squid
3. configure and install
CFLAGS=”-O3 -fPIC” ./configure –prefix=/usr/local/squid \
–enable-follow-x-forwarded-for \
–with-maxfd=65535 \
–enable-dlmalloc \
–enable-epoll \
–enable-stacktraces \
–enable-async-io=240 \
–enable-async-io \
–enable-removal-policies=heap,lru \
–enable-kill-parent-hack –enable-ssl
make
make install
4. Initialize
/usr/local/squid/sbin/squid -z
5. edit configuration file
vim /usr/local/squid/etc/squid.conf
add following configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/16
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 800 # http1
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 80
cache_dir ufs /var/spool/squid 5000 16 256
cache_swap_low 80
cache_swap_high 95
cache_mem 150 MB
maximum_object_size 2048 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 512 KB
memory_pools on
memory_pools_limit 50 MB
request_timeout 20 seconds
persistent_request_timeout 10 seconds
connect_timeout 20 seconds
pid_filename /var/run/squid.pid
cache_mgr [email protected]
visible_hostname squid-proxy
cache_effective_user squid
cache_effective_group squid
dns_nameservers 218.30.19.40 218.30.19.50
hierarchy_stoplist cgi-bin ?
#access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
#refresh_pattern -i ^http:// 240 50% 1440 ignore-reload override-lastmod
refresh_pattern -i \.htm$ 480 90% 2880 ignore-reload override-lastmod
refresh_pattern -i \.html$ 480 90% 2880 ignore-reload override-lastmod
refresh_pattern -i \.bmp$ 480 90% 2880 ignore-reload override-lastmod
refresh_pattern -i \.gif$ 480 90% 2880 ignore-reload override-lastmod
refresh_pattern -i \.jpg$ 480 90% 2880 ignore-reload override-lastmod
refresh_pattern -i \.jpeg$ 480 90% 2880 ignore-reload override-lastmod
refresh_pattern -i \.png$ 480 90% 2880 ignore-reload override-lastmod
refresh_pattern -i \.js$ 480 90% 2880 ignore-reload override-lastmod
refresh_pattern -i \.swf$ 480 90% 2880 ignore-reload override-lastmod
refresh_pattern -i \.css$ 480 50% 2880 ignore-reload override-lastmod
refresh_pattern -i \.xml$ 480 50% 2880 ignore-reload override-lastmod
#refresh_pattern -i \.yaml$ 240 50% 1440 ignore-reload override-lastmod
refresh_pattern -i \.text$ 480 90% 2880 ignore-reload override-lastmod
refresh_pattern -i \.ico$ 1440 90% 2880 ignore-reload override-lastmod
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /usr/local/squid/var/cache
save and exit!
6. check whether the configuration is right or not.
you can restart is if the configuration is correct.
/usr/local/squid/sbin/squid -k parse
/usr/lcoal/squid/sbin/squid -s
ps aux | grep squid
You can see ,squid proxy has been deployed successfully.
7. Configuration of WIN7 client
such as 360 speed brower
8. perform test
access http://www.sina.com.cn and check page element loading
It’s obvious that traffic of http://www.sina.com.cn/css/79/index2016/v0510/index.css comes
from 192.168.137.24, the squid proxy server.
attachment:
Please execute the following commands, if you would like more conveniet operation.
ln -s /usr/local/squid/sbin/squid /bin/
ln -s /usr/local/squid/sbin/squid /sbin/
ln -s /usr/local/squid/bin/squidclient /bin/
ln -s /usr/local/squid/sbin/squidclient /sbin/
some regular command:
squid -z Initialize
squid -k parse eheck whether the configuration is correct or not
squid -k shutdown stop squid process
squid -s start squid
squidclient -p 3128 mgr:info check hit information
squidclient -p 3128 mgr:mem check memory information
Good answers in return of this query with
solid arguments and explaining the whole thing concerning that.