缓存及加速02-squid代理服务器

实验环境：

台CentOS .最小化安装的虚拟机，调至vmnet

dns:...              bind

squid:...       squid-.

squid:...       squid-.

squid:...       squid-.

web:...              jdk-、tomcat-

web:...              jdk-、tomcat-

web:...              jdk-、tomcat-

实验步骤：

、准备工作

       （）配置台主机的主机名、ip地址、首选dns指向...，关闭防火墙selinux机制，搭建本地yum仓库，略。

       （）修改台主机的/etc/hosts文件，修改结果如下：

修改完一台主机后，scp给其他台主机

[root@dns ~]# scp /etc/hosts squid:/etc

[root@dns ~]# scp /etc/hosts squid:/etc

[root@dns ~]# scp /etc/hosts squid:/etc

[root@dns ~]# scp /etc/hosts web:/etc

[root@dns ~]# scp /etc/hosts web:/etc

[root@dns ~]# scp /etc/hosts web:/etc

、搭建DNS域名解析服务器

[root@dns ~]# yum -y install bind bind-chroot bind-utils bind-libs

[root@dns ~]# cp -p /etc/named.conf /etc/named.conf.origin

[root@dns ~]# vim /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named() DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

       listen-on port { ...; };

//       listen-on-v port { ::; };

       directory        "/var/named";

       dump-file        "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

       allow-query     { any; };

       recursion yes;

       dnssec-enable yes;

       dnssec-validation yes;

       dnssec-lookaside auto;

       /* Path to ISC DLV key */

       bindkeys-file "/etc/named.iscdlv.key";

       managed-keys-directory "/var/named/dynamic";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

//zone "." IN {

//       type hint;

//       file "named.ca";

//};

//include "/etc/named.rfc.zones";

//include "/etc/named.root.key";

zone "amber.com" IN {

       type master;

       file "amber.com.zone";

};

[root@dns ~]# named-checkconf /etc/named.conf              //语法检测

[root@dns ~]# cd /var/named/

[root@dns named]# cp -p named.empty amber.com.zone

[root@dns named]# vim amber.com.zone

[root@dns named]# named-checkzone amber.com amber.com.zone

zone amber.com/IN: loaded serial

OK

[root@dns named]# /etc/init.d/named start

Generating /etc/rndc.key:                                  [确定]

启动 named：                                               [确定]

[root@dns named]# host www.amber.com

www.amber.com has address ...

www.amber.com has address ...

www.amber.com has address ...

[root@dns named]# host www.amber.com

www.amber.com has address ...

www.amber.com has address ...

www.amber.com has address ...

[root@dns named]# host www.amber.com

www.amber.com has address ...

www.amber.com has address ...

www.amber.com has address ...

[root@dns ~]# chkconfig named on

、Web服务器配置tomcat

[root@web ~]# tar xf jdk-u-linux-x.gz

[root@web ~]# mv jdk.._/ /usr/local/java/bin

[root@web ~]# echo -e "JAVA_HOME=/usr/local/java PATH=$PATH:$JAVA_HOME" >> /etc/profile

[root@web ~]# tail - /etc/profile

JAVA_HOME=/usr/local/java

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/usr/local/java/bin

[root@web ~]# . /etc/profile

[root@web ~]# java -version

java version ".._"

Java(TM) SE Runtime Environment (build .._-b)

Java HotSpot(TM) -Bit Server VM (build .-b, mixed mode)

[root@web ~]# tar xf apache-tomcat-...tar.gz

[root@web ~]# mv apache-tomcat-.. /usr/local/tomcat

[root@web ~]# /usr/local/tomcat/bin/startup.sh

Using CATALINA_BASE:   /usr/local/tomcat

Using CATALINA_HOME:   /usr/local/tomcat

Using CATALINA_TMPDIR: /usr/local/tomcat/temp

Using JRE_HOME:        /usr/local/java

Using CLASSPATH:       /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar

Tomcat started.

[root@web ~]# netstat -anpt |grep

tcp              :::                     :::*                        LISTEN      /java    

web、web上做同样的配置

、配置squid反向代理

[root@squid ~]# useradd -M -s /sbin/nologin squid

[root@squid ~]# tar xf squid-..STABLE.tar.gz -C /usr/src/

[root@squid ~]# cd /usr/src/squid-..STABLE/

[root@squid squid-..STABLE]# ./configure --prefix=/usr/local/squid && make && make install

[root@squid ~]# cd /usr/local/squid/

[root@squid squid]# ls

bin  etc  libexec  sbin  share  var

[root@squid squid]# cd etc/

[root@squid etc]# ls

cachemgr.conf          mime.conf          squid.conf

cachemgr.conf.default  mime.conf.default  squid.conf.default

[root@squid etc]# egrep -v "^$|^#" squid.conf >squid.conf

[root@squid etc]# mv squid.conf squid.conf

mv：是否覆盖"squid.conf"？ y

[root@squid etc]# vim squid.conf

acl manager proto cache_object

acl localhost src .../

acl to_localhost dst .../ .../

acl localnet src ... ... ...

acl SSL_ports port

acl Safe_ports port               # http

acl Safe_ports port               # ftp

acl Safe_ports port               # https

acl Safe_ports port               # gopher

acl Safe_ports port               # wais

acl Safe_ports port -       # unregistered ports

acl Safe_ports port               # http-mgmt

acl Safe_ports port               # gss-http

acl Safe_ports port               # filemaker

acl Safe_ports port               # multiling http

acl CONNECT method CONNECT

http_access allow all

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localnet

http_access deny all

icp_access allow localnet

icp_access deny all

#htcp_access allow localnet

#htcp_access deny all

#http_port

hierarchy_stoplist cgi-bin ?

access_log /usr/local/squid/var/logs/access.log squid

refresh_pattern ^ftp:                            %      

refresh_pattern ^gopher:                     %      

refresh_pattern -i (/cgi-bin/|?)              %      

refresh_pattern .                            %      

icp_port

coredump_dir /usr/local/squid/var/cache

cache_effective_user squid       #指定程序用户

cache_effective_group squid       #指定程序组

visible_hostname squid.amber.com       #设置主机名，若无此项将无法启动

http_port accel vhost vport       #指定监听端口，accel加速模式，vhost启用反向代理

#配置 squid、squid 为其邻居，当 squid 在其缓存中没有找到请求的资源时，通过 ICP 查询去其邻居中取得缓存

cache_peer squid.amber.com sibling

cache_peer squid.amber.com sibling

# squid 的三个父节点， no-query 参数表示不做ICP查询，originserver 参数指明是源服务器，round-robin 参数指明 squid 通过轮询方式将请求分发到其中一台父节点；squid 同时会对这些父节点的健康状态进行检查，如果父节点 down 了，那么 squid 会从剩余的 origin 服务器中抓取数据

cache_peer ... parent no-query originserver round-robin name=web

cache_peer ... parent no-query originserver round-robin name=web

cache_peer ... parent no-query originserver round-robin name=web

# 将 www.amber.com 域的请求通过 RR 轮询方式转发到三个父节点中的一个

cache_peer_domain web web web www.amber.com

# 对 squid 的一些优化

maximum_object_size KB       # 能缓存的最大对象为 M

maximum_object_size_in_memory KB       # 内存中缓存的最大对象 K

cache_mem MB       #squid 用于缓存的内存量,官网建议使用物理内存的三分之一到四分之一，给G的磁盘空间对应给M的内存

检测语法：

[root@squid etc]# /usr/local/squid/sbin/squid - k parse/reconfigure (-k --help 可以查看)

// ::| WARNING cache_mem is larger than total disk cache space!

WARNING: Cannot write log file: /usr/local/squid/var/logs/cache.log

/usr/local/squid/var/logs/cache.log: Permission denied

         messages will be sent to &#;stderr&#;.

发现报错，是因为无法写入缓存日志，该目录属主属组为root的缘故

[root@squid etc]# chown -R squid.squid /usr/local/squid/

[root@squid etc]# /usr/local/squid/sbin/squid - k parse/reconfigure       //再检测一次语法就不会报错了

[root@squid etc]# /usr/local/squid/sbin/squid -z              //生成缓存目录

// ::| Creating Swap Directories

// ::| Making directories in /usr/local/squid/var/cache/

// ::| Making directories in /usr/local/squid/var/cache/

// ::| Making directories in /usr/local/squid/var/cache/

// ::| Making directories in /usr/local/squid/var/cache/

// ::| Making directories in /usr/local/squid/var/cache/

// ::| Making directories in /usr/local/squid/var/cache/

// ::| Making directories in /usr/local/squid/var/cache/

// ::| Making directories in /usr/local/squid/var/cache/

// ::| Making directories in /usr/local/squid/var/cache/

// ::| Making directories in /usr/local/squid/var/cache/

// ::| Making directories in /usr/local/squid/var/cache/A

// ::| Making directories in /usr/local/squid/var/cache/B

// ::| Making directories in /usr/local/squid/var/cache/C

// ::| Making directories in /usr/local/squid/var/cache/D

// ::| Making directories in /usr/local/squid/var/cache/E

// ::| Making directories in /usr/local/squid/var/cache/F

[root@squid etc]# /usr/local/squid/sbin/squid -D       //启动squid服务

[root@squid etc]# netstat -anptu |grep squid

tcp              ...:                  ...:*                   LISTEN      /(squid)      

udp              ...:               ...:*                               /(squid)      

udp              ...:                ...:*                               /(squid)  

若停止服务可以如下操作：

[root@squid etc]# pkill squid

将配置文件复制给squid、squid

[root@squid etc]# pwd

/usr/local/squid/etc

[root@squid etc]# scp squid.conf squid:/usr/local/squid/etc/squid.conf

[root@squid etc]# scp squid.conf squid:/usr/local/squid/etc/squid.conf

在squid、squid上分别修改主机名已经临近设置的参数，修改结果如下

squid：

[root@squid ~]# vim /usr/local/squid/etc/squid.conf

  visible_hostname squid.amber.com

  cache_peer squid.amber.com sibling

  cache_peer squid.amber.com sibling

[root@squid ~]# vim /usr/local/squid/etc/squid.conf

  visible_hostname squid.amber.com

  cache_peer squid.amber.com sibling

  cache_peer squid.amber.com sibling

其他的操作与squid相同，分别启动服务

在 squid 的日志文件 cache.log 中，出现如下日志信息则说明三台 squid 之间成功配置为 sibling，且配置了三个父代理:

[root@squid etc]# cat /usr/local/squid/var/logs/cache.log

……

// ::| Configuring Sibling squid.amber.com//

// ::| Configuring Sibling squid.amber.com//

// ::| Configuring Parent ...//

// ::| Configuring Parent ...//

// ::| Configuring Parent ...//

// ::| Ready to serve requests.

……

、测试：

客户机修改DNS为...