一、准备工作
[root@squid ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@squid ~]# getenforce
Disabled
[root@squid ~]# hostname
squid.contoso.com
[root@squid ~]# crontab -l
0 * * * * /usr/sbin/ntpdate 210.72.145.44 64.147.116.229 time.nist.gov
[root@squid ~]#yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb krb5-devel libidn libidn-devel openssl openssl-devel make gcc-c++ cmake bison-devel ncurses-devel
二、编译安装squid
mkdir-p/opt/tools cd/opt/tools/ wgethttp://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE20.tar.gz tar-zxfsquid-3.0.STABLE20.tar.gz cdsquid-3.0.STABLE20 ./configure--prefix=/usr/local/squid\ --enable-async-io=100\ --with-pthreads\ --enable-storeio="aufs,diskd,ufs"\ --enable-removal-policies="heap,lru"\ --enable-icmp\ --enable-delay-pools\ --enable-useragent-log\ --enable-referer-log\ --enable-kill-parent-hack\ --enable-cachemgr-hostname=localhost\ --enable-arp-acl\ --enable-default-err-language=English\ --enable-err-languages="Simplify_ChineseEnglish"\ --disable-poll\ --disable-wccp\ --disable-wccpv2\ --disable-ident-lookups\ --disable-internal-dns\ --enable-basic-auth-helpers="NCSA"\ --enable-stacktrace\ --with-large-files\ --disable-mempools\ --with-filedescriptors=64000\ --enable-ssl\ --enable-x-accelerator-vary\ --disable-snmp\ --with-aio\ --enable-linux-netfilter\ --enable-linux-tproxy make makeinstall
三、配置squid
useradd -s /sbin/nologin -M squid #创建squid用户
cd /usr/local/squid/etc/
[root@squid etc]# tree -d -L 2 /usr/local/squid #安装完squid之后默认创建的目录
/usr/local/squid
├── bin
├── etc
├── libexec
├── sbin
├── share
│ ├── errors
│ ├── icons
│ └── man
└── var
└── logs
10 directories
squid安装后的目录说明:
sbin/squid: squid的主程序
bin: bin目录包含对所有用户可用的程序
bin/RunCache: RunCache是一个shell脚本,可以用它来启动squid。假如squid死掉,该脚本自动重启它,除非它检测到经常的重启。
bin/RunAccel: RunAccel与RunCache几乎一致,唯一的不同是它增加了一个命令行参数,告诉squid在哪里侦听HTTP请求。
bin/squidclient: squidclient是个简单的HTTP客户端程序,可以用它来测试squid。它也有一些特殊功能,用来对运行的squid进程发起管理请求。
libexec:libexec目录包含了辅助程序,有一些命令无法正常的启动。然而,这些程序通常被其他程序启动。
libexec/unlinkd:unlinkd是一个辅助程序,它从cache目录里删除文件。
libexec/cachemgr.cgi:cachemgr.cgi是squid管理功能的CGI接口。要使用它需要把它拷贝到你的WEB服务器的cgi-bin目录。
libexec/diskd(optional):如果指定了--enable-storeio=diskd,才能看到它
libexec/pinger(optional):如果指定了--enable-icmp,才能看到它
etc:etc目录包含了squid的配置文件
etc/squid.conf:这是squid的主配置文件
var: var目录包含了不是很重要的和经常变化的文件,这些文件不必正常的备份它们。
var/logs:该目录是squid不同日志文件的默认位置,当你第一次安装squid时,它是空的。一旦squid开始运行,你能在这里看到名字为access.log,cache.log和store.log这样的文件。
var/cache:假如你不在squid.conf文件里指定,这是默认的缓存目录(cache_dir)。
[root@squid etc]# diff squid.conf.default squid.conf #默认情况下就有一个squid.conf的备份
[root@squid etc]# vi squid.conf
[root@squid etc]# diff squid.conf.default squid.conf
1710c1710
< # cache_dir ufs /usr/local/squid/var/cache 100 16 256
---
> cache_dir ufs /usr/local/squid/var/cache 100 16 256 #取消cache_dir的注释
1889c1889
< # cache_log /usr/local/squid/var/logs/cache.log
---
> cache_log /usr/local/squid/var/logs/cache.log #启用cache_log
1899c1899
< # cache_store_log /usr/local/squid/var/logs/store.log
---
> cache_store_log /usr/local/squid/var/logs/store.log #启用cache_store_log
2912c2912
< # cache_mgr webmaster
---
> cache_mgr admin@contoso.com #设置cache管理员邮箱
2941c2941
< # cache_effective_user nobody
---
> cache_effective_user squid #设置squid用户
2961a2962
> cache_effective_group squid #设置squid组
2977a2979
> visible_hostname cache1.contoso.com #设置可见的主机名,如果不设置会报错
[root@squid etc]# chown -R squid:squid/usr/local/squid/var/logs
[root@squid etc]# /usr/local/squid/sbin/squid -k parse #测试squid的配置文件语法是否正确
2016/10/15 09:09:01| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)
2016/10/15 09:09:01| Initializing https proxy context
# 上面的结果说明配置文件正确
[root@squid etc]# chown -R squid:squid /usr/local/squid/var/
[root@squid etc]# /usr/local/squid/sbin/squid -z #对cache目录进行初始化
2016/10/15 09:13:14| Creating Swap Directories
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/00
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/01
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/02
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/03
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/04
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/05
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/06
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/07
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/08
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/09
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0A
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0B
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0C
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0D
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0E
2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0F
下面看一下初始化的结果:
[root@squid etc]# ll /usr/local/squid/var/cache/
total 64
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 00
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 01
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 02
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 03
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 04
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 05
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 06
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 07
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 08
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 09
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0A
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0B
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0C
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0D
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0E
drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0F
[root@squid ~]# ls /usr/local/squid/var/cache/00/
00 0C 18 24 30 3C 48 54 60 6C 78 84 90 9C A8 B4 C0 CC D8 E4 F0 FC
01 0D 19 25 31 3D 49 55 61 6D 79 85 91 9D A9 B5 C1 CD D9 E5 F1 FD
02 0E 1A 26 32 3E 4A 56 62 6E 7A 86 92 9E AA B6 C2 CE DA E6 F2 FE
03 0F 1B 27 33 3F 4B 57 63 6F 7B 87 93 9F AB B7 C3 CF DB E7 F3 FF
04 10 1C 28 34 40 4C 58 64 70 7C 88 94 A0 AC B8 C4 D0 DC E8 F4
05 11 1D 29 35 41 4D 59 65 71 7D 89 95 A1 AD B9 C5 D1 DD E9 F5
06 12 1E 2A 36 42 4E 5A 66 72 7E 8A 96 A2 AE BA C6 D2 DE EA F6
07 13 1F 2B 37 43 4F 5B 67 73 7F 8B 97 A3 AF BB C7 D3 DF EB F7
08 14 20 2C 38 44 50 5C 68 74 80 8C 98 A4 B0 BC C8 D4 E0 EC F8
09 15 21 2D 39 45 51 5D 69 75 81 8D 99 A5 B1 BD C9 D5 E1 ED F9
0A 16 22 2E 3A 46 52 5E 6A 76 82 8E 9A A6 B2 BE CA D6 E2 EE FA
0B 17 23 2F 3B 47 53 5F 6B 77 83 8F 9B A7 B3 BF CB D7 E3 EF FB
[root@squid ~]# ls /usr/local/squid/var/cache/00/ |wc -l
256
也就是根据在squid.conf文件配置的cache_dir ufs /usr/local/squid/var/cache 100 16 256,一共在cache_dir中生成16个目录,每个目录下又生成256个目录。
下面启动squid:
[root@squid etc]# /usr/local/squid/sbin/squid -N -d1 #启动squid(前台启动)
2016/10/15 09:15:14| Starting Squid Cache version 3.0.STABLE20 for x86_64-unknown-linux-gnu...
2016/10/15 09:15:14| Process ID 21815
2016/10/15 09:15:14| With 64000 file descriptors available
2016/10/15 09:15:14| Performing DNS Tests...
2016/10/15 09:15:14| Successful DNS name lookup tests...
2016/10/15 09:15:14| helperOpenServers: Starting 5/5 'dnsserver' processes
2016/10/15 09:15:14| User-Agent logging is disabled.
2016/10/15 09:15:14| Referer logging is disabled.
2016/10/15 09:15:14| Unlinkd pipe opened on FD 14
2016/10/15 09:15:14| Swap maxSize 102400 + 8192 KB,estimated 8507 objects
2016/10/15 09:15:14| Target number of buckets: 425
2016/10/15 09:15:14| Using 8192 Store buckets
2016/10/15 09:15:14| Max Mem size: 8192 KB
2016/10/15 09:15:14| Max Swap size: 102400 KB
2016/10/15 09:15:14| Rebuilding storage in /usr/local/squid/var/cache (DIRTY)
2016/10/15 09:15:14| Using Least Load store dir selection
2016/10/15 09:15:14| Set Current Directory to /usr/local/squid/var/cache
2016/10/15 09:15:14| Loaded Icons.
2016/10/15 09:15:14| Accepting HTTP connections at 0.0.0.0,port 3128,FD 15.
2016/10/15 09:15:14| Accepting ICP messages at 0.0.0.0,port 3130,FD 16.
2016/10/15 09:15:14| HTCP Disabled.
2016/10/15 09:15:14| Pinger socket opened on FD 18
2016/10/15 09:15:14| Ready to serve requests.
2016/10/15 09:15:15| Done scanning /usr/local/squid/var/cache swaplog (0 entries)
2016/10/15 09:15:15| Finished rebuilding storage from disk.
2016/10/15 09:15:15| 0 Entries scanned
2016/10/15 09:15:15| 0 Invalid entries.
2016/10/15 09:15:15| 0 With invalid flags.
2016/10/15 09:15:15| 0 Objects loaded.
2016/10/15 09:15:15| 0 Objects expired.
2016/10/15 09:15:15| 0 Objects cancelled.
2016/10/15 09:15:15| 0 Duplicate URLs purged.
2016/10/15 09:15:15| 0 Swapfile clashes avoided.
2016/10/15 09:15:15| Took 0.99 seconds ( 0.00 objects/sec).
2016/10/15 09:15:15| Beginning Validation Procedure
2016/10/15 09:15:15| Completed Validation Procedure
2016/10/15 09:15:15| Validated 25 Entries
2016/10/15 09:15:15| store_swap_size = 0
2016/10/15 09:15:15| storeLateRelease: released 0 objects
2016/10/15 09:55:14| NETDB state saved; 0 entries,0 msec
2016/10/15 10:36:54| NETDB state saved; 0 entries,0 msec
查看一下监听端口:
[root@squid ~]# netstat -tunlp|grep squid
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 21815/squid
udp 0 0 0.0.0.0:3130 0.0.0.0:* 21815/squid
[root@squid ~]# lsof -i :3128
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
squid 21815 squid 15u IPv4 36097 0t0 TCP *:squid (LISTEN)
四、简单的测试
由于上面的配置只是简单的一个正向代理的配置,所以这里使用IE浏览器进行代理连接测试。
首先,打开IE浏览器的浏览器选项,在连接选项卡中点击局域网设置。
在代理服务器中输入squid服务器的IP和端口,确定,然后打开百度进行刷新。
为了确定是否是从squid代理进行浏览网页,我清空了squid的access.log,然后再进行跟踪,下面是详细的日志信息:
[root@squid ~]# > /usr/local/squid/var/logs/access.log
[root@squid ~]# tail -f /usr/local/squid/var/logs/access.log
1476545163.478 214 192.168.49.1 TCP_MISS/200 48583 CONNECT www.baidu.com:443 - DIRECT/14.215.177.38 -
1476545163.545 69 192.168.49.1 TCP_MISS/200 12924 CONNECT ss0.baidu.com:443 - DIRECT/119.146.74.33 -
1476545163.547 74 192.168.49.1 TCP_MISS/200 12252 CONNECT ss2.baidu.com:443 - DIRECT/119.146.74.33 -
1476545163.613 131 192.168.49.1 TCP_MISS/200 618 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545163.635 161 192.168.49.1 TCP_MISS/200 1151 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545163.636 163 192.168.49.1 TCP_MISS/200 1135 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545163.751 277 192.168.49.1 TCP_MISS/200 1103 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.094 622 192.168.49.1 TCP_MISS/200 1087 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.094 618 192.168.49.1 TCP_MISS/200 1055 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.094 622 192.168.49.1 TCP_MISS/200 1524 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.095 480 192.168.49.1 TCP_MISS/200 1684 CONNECT ss1.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.095 460 192.168.49.1 TCP_MISS/200 3139 CONNECT ss1.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545164.444 107 192.168.49.1 TCP_MISS/200 634 CONNECT sp3.baidu.com:443 - DIRECT/14.215.177.37 -
1476545223.537 60061 192.168.49.1 TCP_MISS/200 15152 CONNECT ss1.baidu.com:443 - DIRECT/119.146.74.33 -
1476545223.549 60076 192.168.49.1 TCP_MISS/200 1156 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545223.555 60079 192.168.49.1 TCP_MISS/200 9479 CONNECT ss1.baidu.com:443 - DIRECT/119.146.74.33 -
1476545223.738 60100 192.168.49.1 TCP_MISS/200 2238 CONNECT ss1.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545224.154 60606 192.168.49.1 TCP_MISS/200 1625 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545224.154 60606 192.168.49.1 TCP_MISS/200 1657 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -
1476545224.376 60236 192.168.49.1 TCP_MISS/200 25575 CONNECT www.baidu.com:443 - DIRECT/14.215.177.37 -
1476545224.437 60109 192.168.49.1 TCP_MISS/200 953 CONNECT www.baidu.com:443 - DIRECT/14.215.177.38 -
1476545258.936 95184 192.168.49.1 TCP_MISS/200 3736 CONNECT sp0.baidu.com:443 - DIRECT/14.215.177.38 -
1476545258.994 78103 192.168.49.1 TCP_MISS/200 1742 CONNECT sp1.baidu.com:443 - DIRECT/14.215.177.37 -
五、其他
把squid命令路径添加到系统环境变量:
echo 'PATH=/usr/local/squid/sbin:/usr/local/squid/bin:$PATH' >> /etc/profile
source /etc/profile
让squid在后台运行:
/usr/local/squid/sbin/squid -D
将squid添加到开机启动:
echo '/usr/local/squid/sbin/squid -D' >>/etc/rc.local
squid启动脚本:
#!/bin/bash
# chkconfig: 345 88 14
# description: squid Daemon
case "$1" in
start)
/usr/local/squid/sbin/squid -D
;;
stop) /usr/local/squid/sbin/squid -k shutdown
;;
restart)
/usr/local/squid/sbin/squid -k reconfigure
;;
parse)
/usr/local/squid/sbin/squid -k parse
;;
check)
/usr/local/squid/sbin/squid -k check
;;
*)
echo "Usage: $0 start|stop|restart|check|parse"
;;
esac
配置squid日志轮询:
/usr/local/squid/sbin/squid -k rotate
配置squid日志切割:
1)添加定时任务:
0 0 * * * /bin/sh /opt/tools/rotate_squid.sh >/dev/null 2>&1
2)rotate_squid.sh脚本的内容如下:
cd /usr/local/squid/var/logs
[ -f access.log ] && mv access.log access_$(date +%F).log
/usr/local/squid/sbin/squid -k rotate