CentOS 6.5上安装squid 3.0
一、准备工作# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# getenforce
Disabled
# hostname
squid.contoso.com
# crontab -l
0 * * * * /usr/sbin/ntpdate 210.72.145.44 64.147.116.229 time.nist.gov
# yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb krb5-devel libidn libidn-devel openssl openssl-devel make gcc-c++ cmake bison-devel ncurses-devel
二、编译安装squid
mkdir -p /opt/tools
cd /opt/tools/
wget http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE20.tar .gz
tar -zxf squid-3.0.STABLE20.tar.gz
cd squid-3.0.STABLE20
./configure--prefix=/usr/local/squid \
--enable-async-io=100 \
--with-pthreads \
--enable-storeio="aufs,diskd,ufs" \
--enable-removal-policies="heap,lru" \
--enable-icmp \
--enable-delay-pools \
--enable-useragent-log \
--enable-referer-log \
--enable-kill-parent-hack \
--enable-cachemgr-hostname=localhost \
--enable-arp-acl \
--enable-default-err-language=English \
--enable-err-languages="Simplify_Chinese English" \
--disable-poll \
--disable-wccp \
--disable-wccpv2 \
--disable-ident-lookups \
--disable-internal-dns \
--enable-basic-auth-helpers="NCSA" \
--enable-stacktrace \
--with-large-files \
--disable-mempools \
--with-filedescriptors=64000 \
--enable-ssl \
--enable-x-accelerator-vary \
--disable-snmp \
--with-aio \
--enable-linux-netfilter \
--enable-linux-tproxy
make
make install 三、配置squid
useradd -s /sbin/nologin -M squid #创建squid用户
cd /usr/local/squid/etc/
# tree -d -L 2 /usr/local/squid#安装完squid之后默认创建的目录
/usr/local/squid
├── bin
├── etc
├── libexec
├── sbin
├── share
│ ├── errors
│ ├── icons
│ └── man
└── var
└── logs
10 directories
squid安装后的目录说明:
sbin/squid: squid的主程序
bin: bin目录包含对所有用户可用的程序
bin/RunCache: RunCache是一个shell脚本,可以用它来启动squid。假如squid死掉,该脚本自动重启它,除非它检测到经常的重启。
bin/RunAccel: RunAccel与RunCache几乎一致,唯一的不同是它增加了一个命令行参数,告诉squid在哪里侦听HTTP请求。
bin/squidclient: squidclient是个简单的HTTP客户端程序,可以用它来测试squid。它也有一些特殊功能,用来对运行的squid进程发起管理请求。
libexec:libexec目录包含了辅助程序,有一些命令无法正常的启动。然而,这些程序通常被其他程序启动。
libexec/unlinkd:unlinkd是一个辅助程序,它从cache目录里删除文件。
libexec/cachemgr.cgi:cachemgr.cgi是squid管理功能的CGI接口。要使用它需要把它拷贝到你的WEB服务器的cgi-bin目录。
libexec/diskd(optional):如果指定了--enable-storeio=diskd,才能看到它
libexec/pinger(optional):如果指定了--enable-icmp,才能看到它
etc:etc目录包含了squid的配置文件
etc/squid.conf:这是squid的主配置文件
var: var目录包含了不是很重要的和经常变化的文件,这些文件不必正常的备份它们。
var/logs:该目录是squid不同日志文件的默认位置,当你第一次安装squid时,它是空的。一旦squid开始运行,你能在这里看到名字为access.log,cache.log和store.log这样的文件。
var/cache:假如你不在squid.conf文件里指定,这是默认的缓存目录(cache_dir)。
# diff squid.conf.default squid.conf #默认情况下就有一个squid.conf的备份
# vi squid.conf
# diff squid.conf.default squid.conf
1710c1710
< # cache_dir ufs /usr/local/squid/var/cache 100 16 256
---
> cache_dir ufs /usr/local/squid/var/cache 100 16 256#取消cache_dir的注释
1889c1889
< # cache_log /usr/local/squid/var/logs/cache.log
---
> cache_log /usr/local/squid/var/logs/cache.log #启用cache_log
1899c1899
< # cache_store_log /usr/local/squid/var/logs/store.log
---
> cache_store_log /usr/local/squid/var/logs/store.log #启用cache_store_log
2912c2912
< # cache_mgr webmaster
---
> cache_mgr admin@contoso.com #设置cache管理员邮箱
2941c2941
< # cache_effective_user nobody
---
> cache_effective_user squid #设置squid用户
2961a2962
> cache_effective_group squid #设置squid组
2977a2979
> visible_hostnamecache1.contoso.com#设置可见的主机名,如果不设置会报错
# chown -R squid:squid /usr/local/squid/var/logs
# /usr/local/squid/sbin/squid -k parse#测试squid的配置文件语法是否正确
2016/10/15 09:09:01| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)
2016/10/15 09:09:01| Initializing https proxy context
# 上面的结果说明配置文件正确
# chown -R squid:squid /usr/local/squid/var/
# /usr/local/squid/sbin/squid -z #对cache目录进行初始化
2016/10/15 09:13:14| Creating Swap Directories
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/00
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/01
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/02
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/03
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/04
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/05
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/06
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/07
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/08
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/09
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0A
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0B
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0C
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0D
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0E
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0F
下面看一下初始化的结果:
# ll /usr/local/squid/var/cache/
total 64
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 00
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 01
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 02
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 03
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 04
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 05
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 06
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 07
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 08
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 09
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0A
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0B
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0C
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0D
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0E
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0F
# ls /usr/local/squid/var/cache/00/
000C1824303C4854606C7884909CA8B4C0CCD8E4F0FC
010D1925313D4955616D7985919DA9B5C1CDD9E5F1FD
020E1A26323E4A56626E7A86929EAAB6C2CEDAE6F2FE
030F1B27333F4B57636F7B87939FABB7C3CFDBE7F3FF
04101C2834404C5864707C8894A0ACB8C4D0DCE8F4
05111D2935414D5965717D8995A1ADB9C5D1DDE9F5
06121E2A36424E5A66727E8A96A2AEBAC6D2DEEAF6
07131F2B37434F5B67737F8B97A3AFBBC7D3DFEBF7
0814202C3844505C6874808C98A4B0BCC8D4E0ECF8
0915212D3945515D6975818D99A5B1BDC9D5E1EDF9
0A16222E3A46525E6A76828E9AA6B2BECAD6E2EEFA
0B17232F3B47535F6B77838F9BA7B3BFCBD7E3EFFB
# ls /usr/local/squid/var/cache/00/ |wc -l
256
也就是根据在squid.conf文件配置的cache_dir ufs /usr/local/squid/var/cache 100 16 256,一共在cache_dir中生成16个目录,每个目录下又生成256个目录。
下面启动squid:
# /usr/local/squid/sbin/squid -N -d1#启动squid(前台启动)
2016/10/15 09:15:14| Starting Squid Cache version 3.0.STABLE20 for x86_64-unknown-linux-gnu...
2016/10/15 09:15:14| Process ID 21815
2016/10/15 09:15:14| With 64000 file descriptors available
2016/10/15 09:15:14| Performing DNS Tests...
2016/10/15 09:15:14| Successful DNS name lookup tests...
2016/10/15 09:15:14| helperOpenServers: Starting 5/5 'dnsserver' processes
2016/10/15 09:15:14| User-Agent logging is disabled.
2016/10/15 09:15:14| Referer logging is disabled.
2016/10/15 09:15:14| Unlinkd pipe opened on FD 14
2016/10/15 09:15:14| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
2016/10/15 09:15:14| Target number of buckets: 425
2016/10/15 09:15:14| Using 8192 Store buckets
2016/10/15 09:15:14| Max Memsize: 8192 KB
2016/10/15 09:15:14| Max Swap size: 102400 KB
2016/10/15 09:15:14| Rebuilding storage in /usr/local/squid/var/cache (DIRTY)
2016/10/15 09:15:14| Using Least Load store dir selection
2016/10/15 09:15:14| Set Current Directory to /usr/local/squid/var/cache
2016/10/15 09:15:14| Loaded Icons.
2016/10/15 09:15:14| AcceptingHTTP connections at 0.0.0.0, port 3128, FD 15.
2016/10/15 09:15:14| Accepting ICP messages at 0.0.0.0, port 3130, FD 16.
2016/10/15 09:15:14| HTCP Disabled.
2016/10/15 09:15:14| Pinger socket opened on FD 18
2016/10/15 09:15:14| Ready to serve requests.
2016/10/15 09:15:15| Done scanning /usr/local/squid/var/cache swaplog (0 entries)
2016/10/15 09:15:15| Finished rebuilding storage from disk.
2016/10/15 09:15:15| 0 Entries scanned
2016/10/15 09:15:15| 0 Invalid entries.
2016/10/15 09:15:15| 0 With invalid flags.
2016/10/15 09:15:15| 0 Objects loaded.
2016/10/15 09:15:15| 0 Objects expired.
2016/10/15 09:15:15| 0 Objects cancelled.
2016/10/15 09:15:15| 0 Duplicate URLs purged.
2016/10/15 09:15:15| 0 Swapfile clashes avoided.
2016/10/15 09:15:15| Took 0.99 seconds (0.00 objects/sec).
2016/10/15 09:15:15| Beginning Validation Procedure
2016/10/15 09:15:15| Completed Validation Procedure
2016/10/15 09:15:15| Validated 25 Entries
2016/10/15 09:15:15| store_swap_size = 0
2016/10/15 09:15:15| storeLateRelease: released 0 objects
2016/10/15 09:55:14| NETDB state saved; 0 entries, 0 msec
2016/10/15 10:36:54| NETDB state saved; 0 entries, 0 msec
查看一下监听端口:
# netstat -tunlp|grep squid
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 21815/squid
udp 0 0 0.0.0.0:3130 0.0.0.0:* 21815/squid
# lsof -i :3128
COMMAND PIDUSER FD TYPE DEVICE SIZE/OFF NODE NAME
squid 21815 squid 15uIPv436097 0t0TCP *:squid (LISTEN)
四、简单的测试
由于上面的配置只是简单的一个正向代理的配置,所以这里使用IE浏览器进行代理连接测试。
http://s2.运维网.com/wyfs02/M01/88/F2/wKioL1gCS1KANxYQAACugtap1hk381.jpg-wh_500x0-wm_3-wmp_4-s_3047195884.jpg
首先,打开IE浏览器的浏览器选项,在连接选项卡中点击局域网设置。
http://s1.运维网.com/wyfs02/M01/88/F2/wKioL1gCS1ix2ifBAACRjoI_skI595.jpg-wh_500x0-wm_3-wmp_4-s_146224156.jpg
在代理服务器中输入squid服务器的IP和端口,确定,然后打开百度进行刷新。
为了确定是否是从squid代理进行浏览网页,我清空了squid的access.log,然后再进行跟踪,下面是详细的日志信息:
# > /usr/local/squid/var/logs/access.log
# tail -f /usr/local/squid/var/logs/access.log
1476545163.478 214 192.168.49.1 TCP_MISS/200 48583 CONNECT www.baidu.com:443 - DIRECT/14.215.177.38 -
1476545163.545 69 192.168.49.1 TCP_MISS/200 12924 CONNECT ss0.baidu.com:443 - DIRECT/119.146.74.33 -
1476545163.547 74 192.168.49.1 TCP_MISS/200 12252 CONNECT ss2.baidu.com:443 - DIRECT/119.146.74.33 -
1476545163.613 131 192.168.49.1 TCP_MISS/200 618 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545163.635 161 192.168.49.1 TCP_MISS/200 1151 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545163.636 163 192.168.49.1 TCP_MISS/200 1135 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545163.751 277 192.168.49.1 TCP_MISS/200 1103 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.094 622 192.168.49.1 TCP_MISS/200 1087 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.094 618 192.168.49.1 TCP_MISS/200 1055 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.094 622 192.168.49.1 TCP_MISS/200 1524 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.095 480 192.168.49.1 TCP_MISS/200 1684 CONNECT ss1.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.095 460 192.168.49.1 TCP_MISS/200 3139 CONNECT ss1.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.444 107 192.168.49.1 TCP_MISS/200 634 CONNECT sp3.baidu.com:443 - DIRECT/14.215.177.37 -
1476545223.53760061 192.168.49.1 TCP_MISS/200 15152 CONNECT ss1.baidu.com:443 - DIRECT/119.146.74.33 -
1476545223.54960076 192.168.49.1 TCP_MISS/200 1156 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545223.55560079 192.168.49.1 TCP_MISS/200 9479 CONNECT ss1.baidu.com:443 - DIRECT/119.146.74.33 -
1476545223.73860100 192.168.49.1 TCP_MISS/200 2238 CONNECT ss1.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545224.15460606 192.168.49.1 TCP_MISS/200 1625 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545224.15460606 192.168.49.1 TCP_MISS/200 1657 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545224.37660236 192.168.49.1 TCP_MISS/200 25575 CONNECT www.baidu.com:443 - DIRECT/14.215.177.37 -
1476545224.43760109 192.168.49.1 TCP_MISS/200 953 CONNECT www.baidu.com:443 - DIRECT/14.215.177.38 -
1476545258.93695184 192.168.49.1 TCP_MISS/200 3736 CONNECT sp0.baidu.com:443 - DIRECT/14.215.177.38 -
1476545258.99478103 192.168.49.1 TCP_MISS/200 1742 CONNECT sp1.baidu.com:443 - DIRECT/14.215.177.37 -
五、其他
把squid命令路径添加到系统环境变量:
echo 'PATH=/usr/local/squid/sbin:/usr/local/squid/bin:$PATH' >> /etc/profile
source /etc/profile
让squid在后台运行:
/usr/local/squid/sbin/squid -D
将squid添加到开机启动:
echo '/usr/local/squid/sbin/squid -D' >>/etc/rc.local
squid启动脚本:
#!/bin/bash
# chkconfig: 345 88 14
# description: squid Daemon
case "$1" in
start)
/usr/local/squid/sbin/squid -D
;;
stop) /usr/local/squid/sbin/squid -k shutdown
;;
restart)
/usr/local/squid/sbin/squid -k reconfigure
;;
parse)
/usr/local/squid/sbin/squid -k parse
;;
check)
/usr/local/squid/sbin/squid -k check
;;
*)
echo "Usage: $0 start|stop|restart|check|parse"
;;
esac
配置squid日志轮询:
/usr/local/squid/sbin/squid -k rotate
配置squid日志切割:
1)添加定时任务:
0 0 * * */bin/sh /opt/tools/rotate_squid.sh >/dev/null 2>&1
2)rotate_squid.sh脚本的内容如下:
cd /usr/local/squid/var/logs
[ -f access.log ] && mv access.log access_$(date +%F).log
/usr/local/squid/sbin/squid -k rotate
页:
[1]