squid缓存技术应用及squid的反向代理

squid缓存技术应用及squid的反向代理

一、 配置squid
1、 安装squid
1）
配置基本环境


[[email protected] ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens34
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
NAME=ens34
DEVICE=ens34
IPADDR=192.168.200.10
NETMASK=255.255.255.0
[[email protected] ~]# systemctl restart network
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
IPADDR=192.168.200.20
NETMASK=255.255.255.0
GATEWAY=192.168.200.10
[[email protected] ~]# systemctl restart network
2）
开启路由功能
[[email protected] ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[[email protected] ~]# sysctl -p
net.ipv4.ip_forward = 1
3）
创建管理squid的用户
[[email protected] ~]# useradd -M -s /sbin/nologin squid
4）
配置squid
[[email protected] ~]# rm -rf /etc/yum.repos.d/CentOS-*
[[email protected] ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护，将以只读方式挂载
[[email protected] ~]# tar zxvf /mnt/squid-3.4.6.tar.gz -C /usr/src/
[[email protected] ~]# cd /usr/src/squid-3.4.6/
[[email protected] squid-3.4.6]# ./configure --prefix=/usr/local/squid --sysconfdir=/etc --enable-linux-netfilter --enable-async-io=240 --enable-default-err-language=Simplify_Chinese --disable-poll --enable-epoll --enable-gnuregex
5）
安装squid
[[email protected] squid-3.4.6]# make && make install
6）
优化squid命令和修改目录的所有者
[[email protected] ~]# ln -s /usr/local/squid/sbin/* /usr/local/sbin/
[[email protected] ~]# chown -R squid:squid /usr/local/squid/
2、 配置传统代理
1）
修改squid配置文件
[[email protected] ~]# vim /etc/squid.conf /etc/squid.conf
54 http_access allow all
55 http_port 3128
56 cache_effective_user squid
57 cache_effective_group squid
58 reply_body_max_size 10 MB
2）
检查语法是否错误
[[email protected] ~]# squid -k parse
3）
初始化缓存目录
[[email protected] ~]# squid -z
4）
启动服务并查看端口
[[email protected] ~]# squid
[[email protected] ~]# netstat -anptu | grep 3128

3、 安装apache
1）
安装apache
[[email protected] ~]# yum -y install httpd
2）
写入数据重新启动
[[email protected] ~]# echo “www.benet.com” > /var/www/html/index.html
[[email protected] ~]# systemctl restart httpd
3）
配置hosts文件
[[email protected] ~]# vim /etc/hosts
192.168.200.20 www.benet.com
4、客户端访问
1）
上传数据
[[email protected] ~]# dd if=/dev/zero of=/var/www/html/1.iso bs=5M count=2
记录了2+0 的读入
记录了2+0 的写出
10485760字节(10 MB)已复制，0.00770072 秒，1.4 GB/秒
[[email protected] ~]# dd if=/dev/zero of=/var/www/html/2.iso bs=5M count=3
记录了3+0 的读入
记录了3+0 的写出
15728640字节(16 MB)已复制，0.0315897 秒，498 MB/秒
2）
客户端访问查看，没有配置代理的时候




3）
开启代理再次查看
[[email protected] ~]# vim /etc/hosts
192.168.200.20 www.benet.com
[[email protected] ~]# vim /etc/squid.conf
59 dns_nameservers 192.168.100.10



5、配置透明代理
1）
修改主配置文件
[[email protected] ~]# vim /etc/squid.conf
http_access allow all
http_port 192.168.100.10:3128 transparent
cache_effective_user squid
cache_effective_group squid
reply_body_max_size 10 MB
dns_nameservers 192.168.100.10
2）
杀掉squid进程、初始化缓存并启动服务
[[email protected] ~]# killall squid
[[email protected] ~]# squid -z
[[email protected] ~]# squid
[[email protected] ~]# netstat -anptu | grep 3128

3）
配置防火墙规则映射端口
[[email protected] ~]# systemctl start firewalld
[[email protected] ~]# systemctl enable firewalld
[[email protected] ~]# firewall-cmd --set-default-zone=external
success
[[email protected] ~]# firewall-cmd --add-interface=ens32 --zone=trusted
[[email protected] ~]# firewall-cmd --add-interface=ens34 --zone=external
[[email protected] ~]# firewall-cmd --zone=external --add-port=3128/tcp
Success
[[email protected] ~]# iptables -t nat -I PREROUTING -i ens32 -s 192.168.100.0/24 -p tcp --dport 80 -j REDIRECT --to 3128
4）
客户端访问




6、squid访问规则限制
1、配置squid访问规则限制
1）
限制特定的IP地址
[[email protected] ~]# vim /etc/squid.conf
26 acl host src 192.168.100.111
39 http_access deny host
2）
杀掉squid进程、初始化缓存并启动服务
[[email protected] ~]# killall squid
[[email protected] ~]# squid -z
[[email protected] ~]# squid
3）
客户端访问

更换IP地址


2、限制用户访问特定的域名
1）
限制用户访问www.benet.com域名
[[email protected] ~]# vim /usr/local/squid/dmblock.list
www.benet.com
[[email protected] ~]# vim /etc/squid.conf
27 acl DMBLOCK dstdomain “/usr/local/squid/dmblock.list”
41 http_access deny DMBLOCK
2）
杀掉squid进程、初始化缓存并启动服务
[[email protected] ~]# killall squid
[[email protected] ~]# squid -z
[[email protected] ~]# squid
3）
客户端访问

二、 配置squid生产环境
1）
将ens34网客设置为DHCP自动获取

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
BOOTPROTO=dhcp
[[email protected] ~]# systemctl restart network
2）
注释访问权限
[[email protected] ~]# vim /etc/squid.conf
#acl host src 192.168.100.111
#http_access deny host
#acl DMBLOCK dstdomain “/usr/local/squid/dmblock.list”
#http_access deny DMBLOCK
3）
重新防火墙清空规则
[[email protected] ~]# systemctl restart firewalld
[[email protected] ~]# systemctl enable firewalld
4）
修改squid配置文件
[[email protected] ~]# vim /etc/squid.conf
61 dns_nameservers 114.114.114.144
70 cache_dir ufs /usr/local/squid/var/cache/squid 10 16 256
5）
杀掉squid进程、初始化缓存并启动服务
[[email protected] ~]# killall squid
[[email protected] ~]# squid -z
[[email protected] ~]# squid
6）
设置防火墙规则允许80、443
[[email protected] ~]# firewall-cmd --direct --add-rule ipv4 nat PREROUTING 0 -i ens32 -p tcp --dport 80 -j REDIRECT --to-ports 3128
success
[[email protected] ~]# firewall-cmd --direct --add-rule ipv4 nat PREROUTING 0 -i ens34 -p tcp --dport 443 -j REDIRECT --to-ports 3128
success
7）
客户端配置dns并访问网站




8）
限制用户访问特定的域名
[[email protected] ~]# vim /usr/local/squid/dmblock.list
www.baidu.com
www.hao123.com
9）
修改squid配置文件
[[email protected] ~]# vim /etc/squid.conf
40 acl DMBLOCK dstdomain “/usr/local/squid/dmblock.list”
41 http_access deny DMBLOCK
10）
杀掉squid进程、初始化缓存并启动服务
[[email protected] ~]# killall squid
[[email protected] ~]# squid -z
[[email protected] ~]# squid
11）
客户端验证



三、 squid反向代理
1、 配置squid反向代理
1）
配置基本环境



[[email protected] ~]# cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens34
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens34
NAME=ens34
DEVICE=ens34
IPADDR=192.168.200.10
NETMASK=255.255.255.0
[[email protected] ~]# systemctl restart network
[[email protected] ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[[email protected] ~]# sysctl -p
net.ipv4.ip_forward = 1

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.10
[[email protected] ~]# systemctl restart network
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
GATEWAY=192.168.100.10
[[email protected] ~]# systemctl restart network
2）
两台网站服务器安装httpd
[[email protected] ~]# rm -rf /etc/yum.repos.d/CentOS-*
[[email protected] ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护，将以只读方式挂载
[[email protected] ~]# yum -y install httpd
[[email protected] ~]# echo “www.benet.com” > /var/www/html/index.html
[[email protected] ~]# systemctl start httpd

[[email protected] ~]# rm -rf /etc/yum.repos.d/CentOS-*
[[email protected] ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护，将以只读方式挂载
[[email protected] ~]# yum -y install httpd
[[email protected] ~]# echo “www.accp.com” > /var/www/html/index.html
[[email protected] ~]# systemctl start httpd
3）
安装suqid
[[email protected] ~]# rm -rf /etc/yum.repos.d/CentOS-*
[[email protected] ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 写保护，将以只读方式挂载
[[email protected] ~]# yum -y install squid
4）
配置squid
[[email protected] ~]# vim /etc/squid/squid.conf
54 http_access allow all
60 http_port 192.168.200.10:80 vhost
61 cache_effective_user squid
62 cache_effective_group squid
63 cache_peer 192.168.100.20 parent 80 0 originserver round-robin
64 cache_peer 192.168.100.30 parent 80 0 originserver round-robin
65 cache_dir ufs /var/spool/squid 10 16 256
5）
设置缓存目录所有者
[[email protected] ~]# chown -R squid:squid /var/spool/squid/
6）
设置服务开机自启
[[email protected] ~]# systemctl start squid
[[email protected] ~]# systemctl enable squid
7）
安装和配置dns
[[email protected] ~]# yum -y install bind bind-chroot bind-utils
[[email protected] ~]# echo “” > /etc/named.conf
[[email protected] ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory “/var/named/”;
};
zone “benet.com” IN {
type master;
file “benet.com.zone”;
};
[[email protected] ~]# vim /var/named/benet.com.zone
$TTL 86400
@ SOA benet.com. root.benet.com (
2020041100
1H
15M
1W
1D
)
@ NS centos01.benet.com.
centos01 A 192.168.200.10
www A 192.168.200.10
[[email protected] ~]# chmod +x /var/named/benet.com.zone
[[email protected] ~]# chown named:named /var/named/benet.com.zone
[[email protected] ~]# named-checkconf /etc/named.conf
[[email protected] ~]# named-checkzone benet.com /var/named/benet.com.zone
zone benet.com/IN: loaded serial 2020041100
OK
[[email protected] ~]# systemctl start named
[[email protected] ~]# systemctl enable named
8）
客户端访问


停掉accp服务器，清除缓存重启并访问
[[email protected] ~]# systemctl stop httpd
[[email protected] ~]# cd /var/spool/squid/
[[email protected] squid]# rm -rf ./*