在CentOS6.3最小化安装环境中需要安装的软件包
[root@squid ~]# yum install wget gcc gcc-c++ make perl
编译安装Squid
[root@squid ~]# cd squid-3.3.1 [root@squid squid-3.3.1]# ./configure --prefix=/usr/local/squid [root@squid squid-3.3.1]# make all [root@squid squid-3.3.1]# make install
安装完成后查看安装文件目录及配置文件
[root@squid squid-3.3.1]# cd /usr/local/squid/ [root@squid squid]# ls bin etc include lib libexec sbin share var [root@squid squid]# ls etc/ cachemgr.conf mime.conf squid.conf cachemgr.conf.default mime.conf.default squid.conf.default errorpage.css msntauth.conf squid.conf.documented errorpage.css.default msntauth.conf.default [root@squid squid]#
初始化前准备工作
赋予相关目录写权限
[root@squid etc]# chmod -R 777 /usr/local/squid/var/
指定主机名
[root@squid etc]# vi squid.conf visible_hostname 192.168.11.181
指定cache_mem大小
查看当前系统内存
[root@squid ~]# free total used free shared buffers cached Mem: 4019920 521536 3498384 0 34080 420512 -/+ buffers/cache: 66944 3952976 Swap: 4161528 0 4161528 [root@squid ~]#
[root@squid etc]# vi squid.conf cache_mem 2048 MB
指定缓存目录
61 # Uncomment and adjust the following to add a disk cache directory. 62 #cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
cache_dir ufs /usr/local/squid/var/cache/squid 4096 16 256
错误分析
2013/02/24 11:27:16 kid1| WARNING cache_mem is larger than total disk cache space!
磁盘缓存空间须大于内存缓存空间
初始化cache
[root@squid sbin]# ./squid -z [root@squid sbin]# 2013/02/24 11:50:36 kid1| Creating missing swap directories 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/00 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/01 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/02 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/03 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/04 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/05 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/06 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/07 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/08 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/09 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0A 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0B 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0C 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0D 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0E 2013/02/24 11:50:36 kid1| Making directories in /usr/local/squid/var/cache/squid/0F [root@squid sbin]#
测试配置
[root@squid sbin]# ./squid -N -d 1
查看服务监听状态
[root@squid ~]# netstat -ltu |grep squid tcp 0 0 *:squid *:* LISTEN [root@squid ~]# netstat -lutn |grep 3128 tcp 0 0 :::3128 :::* LISTEN [root@squid ~]#
修改浏览器设置
访问Internet站点
查看squid access日志记录
浏览器设置代理前后IP地址的变化
启动和关闭squid
[root@squid sbin]# ./squid -s [root@squid sbin]# netstat -ltu |grep squid tcp 0 0 *:squid *:* LISTEN [root@squid sbin]# ps aux |grep squid root 17519 0.0 0.0 9136 1540 ? Ss 12:46 0:00 ./squid -s nobody 17521 0.2 0.2 13540 8812 ? S 12:46 0:00 (squid-1) -s nobody 17522 0.0 0.0 3628 964 ? S 12:46 0:00 (logfile-daemon) /usr/local/squid/var/logs/access.log root 17528 0.0 0.0 4352 736 pts/1 S+ 12:46 0:00 grep squid [root@squid sbin]# ./squid -k shutdown [root@squid sbin]# netstat -ltu |grep squid [root@squid sbin]#
squid命令参数
[root@squid sbin]# ./squid -h Usage: squid [-cdhvzCFNRVYX] [-s | -l facility] [-f config-file] [-[au] port] [-k signal] -a port Specify HTTP port number (default: 3128). -d level Write debugging to stderr also. -f file Use given config-file instead of /usr/local/squid/etc/squid.conf -h Print help message. -k reconfigure|rotate|shutdown|interrupt|kill|debug|check|parse Parse configuration file, then send signal to running copy (except -k parse) and exit. -s | -l facility Enable logging to syslog. -u port Specify ICP port number (default: 3130), disable with 0. -v Print version. -z Create missing swap directories and then exit. -C Do not catch fatal signals. -D OBSOLETE. Scheduled for removal. -F Don't serve any requests until store is rebuilt. -N No daemon mode. -R Do not set REUSEADDR on port. -S Double-check swap during rebuild. -X Force full debugging. -Y Only return UDP_HIT or UDP_MISS_NOFETCH during fast reload. [root@squid sbin]#
系统默认最小化配置文件
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on “localhost” is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 3128
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/var/cache/squid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
相关下载:
(1)Squid 3.3.1