squid缓存技术

squid缓存技术
配置squid
1、配置squid服务器
（1）创建管理squid的用户
[[email protected] ~]#useradd -M -s /sbin/nologin squid
（2）配置squid
[[email protected] squid-3.4.6]#./configure --prefix=/usr/local/aquid --sysconfdir=/etc/ --enable-linux-netfilter --enable-async-io=240 --enable-default-err-language=Simplify_Chinese --disable-poll --enable-epoll --enable-gunregx
（3）安装squid
[[email protected] squid-3.4.6]#make && make install
（4）优化squid命令
[[email protected] ~]#ln -s /usr/local/squid/sbin/* /usr/local/sbin/
（5）修改目录的所有者
[[email protected] ~]#chown -R squid:squid /usr/local/squid
2、配置web服务器
[[email protected] ~]# yum -y install httpd
[[email protected] ~]# echo “www.benet.com” > /var/www/html/index.html
[[email protected] ~]# dd if=/dev/zero of=/var/www/html/1.iso bs=5M count=2
[[email protected] ~]# dd if=/dev/zero of=/var/www/html/2.iso bs=5M count=3
[[email protected] ~]# systemctl start httpd
[[email protected] ~]# systemctl enable httpd
3、配置传统代理
（1）修改squid主配置文件
[[email protected] ~]#vim /etc/squid.conf
54 http_access allow all
55 http_port 3128
56 cache_effective_user squid
57 cache_effective_group squid
58 reply_body_max_size 10 MB
59 dns_nameserver 192.168.100.10
（2）检查语法是否错误
[[email protected] ~]#squid -k parse
（3）初始化缓存目录
[[email protected] ~]#squid -z
（4）启动服务
[[email protected] ~]#squid
（5）验证

3、配置透明代理
（1）修改主配置文件
[[email protected] ~]#vim /etc/squid.conf
54 http_access allow all
55 http_port 192.168.100.10:3128 transparent
56 cache_effective_user squid
57 cache_effective_group squid
58 reply_body_max_size 10 MB
59 dns_nameserver 192.168.200.10
（2）启动服务
[[email protected] ~]#squid
（3）使用防火墙规则映射端口号
[[email protected] ~]# systemctl start firewalld
[[email protected] ~]# systemctl enable firewalld
[[email protected] ~]# firewall-cmd --add-interface=ens32 --zone=trusted
The interface is under control of NetworkManager, setting zone to ‘trusted’.
success
[[email protected] ~]# firewall-cmd --add-interface=ens34 --zone=external
The interface is under control of NetworkManager, setting zone to ‘external’.
Success
[[email protected] ~]#firewall-cmd --zone=external --add-port=3128/tcp
[[email protected] ~]#firewall-cmd --direct --add-rule ipv4 nat PREROUTING 0 -i ens32 -p tcp --dport 80 -j REDIRECT --to-ports 3128
（4）开启路有功能
[[email protected] ~]#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
（5）验证
[[email protected] ~]#tail -f /var/log/httpd/access_log

4、配置squid的访问规则限制
（1）清楚缓存
[[email protected] ~]# squid -z
（2）限制特定的IP地址
[[email protected] ~]#vim /etc/squid.conf
acl host src 192.168.100.20 限制源IP地址192.168.100.20
http_access deny host 拒绝访问
（3）验证
换一个IP地址访问
5、squid反向代理
配置dns
[[email protected] ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory “/var/named”;
};
zone “benet.com” IN {
type master;
file “benet.com.zone”;
};
[[email protected] ~]# vim /var/named/benet.com.zone

$TTL 86400
@ SOA benet.com. root.benet.com (
2020030501
1H
15M
1W
1D
)
@ NS centos01.benet.com.
centos01 A 192.168.200.10
www A 192.168.200.10
配置路由
[[email protected] ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[[email protected] ~]# sysctl -p
net.ipv4.ip_forward = 1
（1）反向代理作用
缓存外网用户数据
将内网网站发布到外网
（2）安装squid
[[email protected] ~]#yum -y install squid
（3）配置squid反向代理
[[email protected] ~]#vim /etc/squid/squid.conf
54 http_access allow all 允许所有人访问
http_port 192.168.200.10:80 vhost 监听外网IP地址和80端口
cache_effective_user squid 管理squid用户
cache_effective_group squid 管理squid组
cache_peer 192.168.100.20 parent 80 0 originserver round-robun WEB服务器192.168.100.20端口80算*循
cache_peer 102.179.100.30 parent 80 0 originserver round-robun WEB服务器192.168.100.30端口80算*循
cache_dir ufs /var/spool/squid 10 16 256 设置缓存数据
（4）设置缓存目录所有者
[[email protected] ~]#chown -R squid:squid /usr/spool/squid/
（5）启动服务，查看端口
[[email protected] ~]# systemctl start squid
[[email protected] ~]# systemctl enable squid
[[email protected] ~]# netstat -anptu | grep 80
tcp 0 0 192.168.200.10:80 0.0.0.0:* LISTEN 2067/(squid-1)
（6）验证

20停止服务
[[email protected] ~]# systemctl stop httpd