一、准备工作@H_502_3@

[root@squid ~]# iptables -L -n@H_502_3@

Chain INPUT (policy ACCEPT)@H_502_3@

target prot opt source destination @H_502_3@

Chain FORWARD (policy ACCEPT)@H_502_3@

target prot opt source destination @H_502_3@

Chain OUTPUT (policy ACCEPT)@H_502_3@

target prot opt source destination @H_502_3@

[root@squid ~]# getenforce@H_502_3@

Disabled@H_502_3@

[root@squid ~]# hostname@H_502_3@

squid.contoso.com@H_502_3@

[root@squid ~]# crontab -l@H_502_3@

0 * * * * /usr/sbin/ntpdate 210.72.145.44 64.147.116.229 time.nist.gov@H_502_3@

[root@squid ~]#yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb krb5-devel libidn libidn-devel openssl openssl-devel make gcc-c++ cmake bison-devel ncurses-devel@H_502_3@

二、编译安装squid@H_502_3@

mkdir-p/opt/tools
cd/opt/tools/
wgethttp://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE20.tar.gz
tar-zxfsquid-3.0.STABLE20.tar.gz
cdsquid-3.0.STABLE20

./configure--prefix=/usr/local/squid\
--enable-async-io=100\
--with-pthreads\
--enable-storeio="aufs,diskd,ufs"\
--enable-removal-policies="heap,lru"\
--enable-icmp\
--enable-delay-pools\
--enable-useragent-log\
--enable-referer-log\
--enable-kill-parent-hack\
--enable-cachemgr-hostname=localhost\
--enable-arp-acl\
--enable-default-err-language=English\
--enable-err-languages="Simplify_ChineseEnglish"\
--disable-poll\
--disable-wccp\
--disable-wccpv2\
--disable-ident-lookups\
--disable-internal-dns\
--enable-basic-auth-helpers="NCSA"\
--enable-stacktrace\
--with-large-files\
--disable-mempools\
--with-filedescriptors=64000\
--enable-ssl\
--enable-x-accelerator-vary\
--disable-snmp\
--with-aio\
--enable-linux-netfilter\
--enable-linux-tproxy

make
makeinstall

三、配置squid@H_502_3@

useradd -s /sbin/nologin -M squid #创建squid用户@H_502_3@

cd /usr/local/squid/etc/@H_502_3@

[root@squid etc]# tree -d -L 2 /usr/local/squid #安装完squid之后默认创建的目录@H_502_3@

/usr/local/squid@H_502_3@

├── bin@H_502_3@

├── etc@H_502_3@

├── libexec@H_502_3@

├── sbin@H_502_3@

├── share@H_502_3@

│ ├── errors@H_502_3@

│ ├── icons@H_502_3@

│ └── man@H_502_3@

└── var@H_502_3@

└── logs@H_502_3@

10 directories@H_502_3@

squid安装后的目录说明：@H_502_3@

sbin/squid: squid的主程序@H_502_3@

bin: bin目录包含对所有用户可用的程序@H_502_3@

bin/RunCache: RunCache是一个shell脚本，可以用它来启动squid。假如squid死掉，该脚本自动重启它，除非它检测到经常的重启。@H_502_3@

bin/RunAccel: RunAccel与RunCache几乎一致，唯一的不同是它增加了一个命令行参数，告诉squid在哪里侦听HTTP请求。@H_502_3@

bin/squidclient： squidclient是个简单的HTTP客户端程序，可以用它来测试squid。它也有一些特殊功能，用来对运行的squid进程发起管理请求。@H_502_3@

libexec：libexec目录包含了辅助程序，有一些命令无法正常的启动。然而，这些程序通常被其他程序启动。@H_502_3@

libexec/unlinkd：unlinkd是一个辅助程序，它从cache目录里删除文件。@H_502_3@

libexec/cachemgr.cgi：cachemgr.cgi是squid管理功能的CGI接口。要使用它需要把它拷贝到你的WEB服务器的cgi-bin目录。@H_502_3@

libexec/diskd(optional)：如果指定了--enable-storeio=diskd，才能看到它@H_502_3@

libexec/pinger(optional)：如果指定了--enable-icmp，才能看到它@H_502_3@

etc：etc目录包含了squid的配置文件@H_502_3@

etc/squid.conf：这是squid的主配置文件@H_502_3@

var: var目录包含了不是很重要的和经常变化的文件，这些文件不必正常的备份它们。@H_502_3@

var/logs：该目录是squid不同日志文件的默认位置，当你第一次安装squid时，它是空的。一旦squid开始运行，你能在这里看到名字为access.log，cache.log和store.log这样的文件。@H_502_3@

var/cache：假如你不在squid.conf文件里指定，这是默认的缓存目录(cache_dir)。@H_502_3@

[root@squid etc]# diff squid.conf.default squid.conf #默认情况下就有一个squid.conf的备份@H_502_3@

[root@squid etc]# vi squid.conf@H_502_3@

[root@squid etc]# diff squid.conf.default squid.conf@H_502_3@

1710c1710@H_502_3@

< # cache_dir ufs /usr/local/squid/var/cache 100 16 256@H_502_3@

---@H_502_3@

> cache_dir ufs /usr/local/squid/var/cache 100 16 256 #取消cache_dir的注释@H_502_3@

1889c1889@H_502_3@

< # cache_log /usr/local/squid/var/logs/cache.log@H_502_3@

---@H_502_3@

> cache_log /usr/local/squid/var/logs/cache.log #启用cache_log@H_502_3@

1899c1899@H_502_3@

< # cache_store_log /usr/local/squid/var/logs/store.log@H_502_3@

---@H_502_3@

> cache_store_log /usr/local/squid/var/logs/store.log #启用cache_store_log@H_502_3@

2912c2912@H_502_3@

< # cache_mgr webmaster@H_502_3@

---@H_502_3@

> cache_mgr admin@contoso.com #设置cache管理员邮箱@H_502_3@

2941c2941@H_502_3@

< # cache_effective_user nobody@H_502_3@

---@H_502_3@

> cache_effective_user squid #设置squid用户@H_502_3@

2961a2962@H_502_3@

> cache_effective_group squid #设置squid组@H_502_3@

2977a2979@H_502_3@

> visible_hostname cache1.contoso.com #设置可见的主机名，如果不设置会报错@H_502_3@

[root@squid etc]# chown -R squid:squid/usr/local/squid/var/logs@H_502_3@

[root@squid etc]# /usr/local/squid/sbin/squid -k parse #测试squid的配置文件语法是否正确@H_502_3@

2016/10/15 09:09:01| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)@H_502_3@

2016/10/15 09:09:01| Initializing https proxy context@H_502_3@

# 上面的结果说明配置文件正确@H_502_3@

[root@squid etc]# chown -R squid:squid /usr/local/squid/var/@H_502_3@

[root@squid etc]# /usr/local/squid/sbin/squid -z #对cache目录进行初始化@H_502_3@

2016/10/15 09:13:14| Creating Swap Directories@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/00@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/01@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/02@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/03@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/04@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/05@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/06@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/07@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/08@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/09@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0A@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0B@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0C@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0D@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0E@H_502_3@

2016/10/15 09:13:14| Making directories in /usr/local/squid/var/cache/0F@H_502_3@

下面看一下初始化的结果：@H_502_3@

[root@squid etc]# ll /usr/local/squid/var/cache/@H_502_3@

total 64@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 00@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 01@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 02@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 03@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 04@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 05@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 06@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 07@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 08@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 09@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0A@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0B@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0C@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0D@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0E@H_502_3@

drwxr-x--- 258 squid squid 4096 Oct 15 09:13 0F@H_502_3@

[root@squid ~]# ls /usr/local/squid/var/cache/00/@H_502_3@

00 0C 18 24 30 3C 48 54 60 6C 78 84 90 9C A8 B4 C0 CC D8 E4 F0 FC@H_502_3@

01 0D 19 25 31 3D 49 55 61 6D 79 85 91 9D A9 B5 C1 CD D9 E5 F1 FD@H_502_3@

02 0E 1A 26 32 3E 4A 56 62 6E 7A 86 92 9E AA B6 C2 CE DA E6 F2 FE@H_502_3@

03 0F 1B 27 33 3F 4B 57 63 6F 7B 87 93 9F AB B7 C3 CF DB E7 F3 FF@H_502_3@

04 10 1C 28 34 40 4C 58 64 70 7C 88 94 A0 AC B8 C4 D0 DC E8 F4@H_502_3@

05 11 1D 29 35 41 4D 59 65 71 7D 89 95 A1 AD B9 C5 D1 DD E9 F5@H_502_3@

06 12 1E 2A 36 42 4E 5A 66 72 7E 8A 96 A2 AE BA C6 D2 DE EA F6@H_502_3@

07 13 1F 2B 37 43 4F 5B 67 73 7F 8B 97 A3 AF BB C7 D3 DF EB F7@H_502_3@

08 14 20 2C 38 44 50 5C 68 74 80 8C 98 A4 B0 BC C8 D4 E0 EC F8@H_502_3@

09 15 21 2D 39 45 51 5D 69 75 81 8D 99 A5 B1 BD C9 D5 E1 ED F9@H_502_3@

0A 16 22 2E 3A 46 52 5E 6A 76 82 8E 9A A6 B2 BE CA D6 E2 EE FA@H_502_3@

0B 17 23 2F 3B 47 53 5F 6B 77 83 8F 9B A7 B3 BF CB D7 E3 EF FB@H_502_3@

[root@squid ~]# ls /usr/local/squid/var/cache/00/ |wc -l@H_502_3@

256@H_502_3@

也就是根据在squid.conf文件配置的cache_dir ufs /usr/local/squid/var/cache 100 16 256，一共在cache_dir中生成16个目录，每个目录下又生成256个目录。@H_502_3@

下面启动squid：@H_502_3@

[root@squid etc]# /usr/local/squid/sbin/squid -N -d1 #启动squid（前台启动）@H_502_3@

2016/10/15 09:15:14| Starting Squid Cache version 3.0.STABLE20 for x86_64-unknown-linux-gnu...@H_502_3@

2016/10/15 09:15:14| Process ID 21815@H_502_3@

2016/10/15 09:15:14| With 64000 file descriptors available@H_502_3@

2016/10/15 09:15:14| Performing DNS Tests...@H_502_3@

2016/10/15 09:15:14| Successful DNS name lookup tests...@H_502_3@

2016/10/15 09:15:14| helperOpenServers: Starting 5/5 'dnsserver' processes@H_502_3@

2016/10/15 09:15:14| User-Agent logging is disabled.@H_502_3@

2016/10/15 09:15:14| Referer logging is disabled.@H_502_3@

2016/10/15 09:15:14| Unlinkd pipe opened on FD 14@H_502_3@

2016/10/15 09:15:14| Swap maxSize 102400 + 8192 KB,estimated 8507 objects@H_502_3@

2016/10/15 09:15:14| Target number of buckets: 425@H_502_3@

2016/10/15 09:15:14| Using 8192 Store buckets@H_502_3@

2016/10/15 09:15:14| Max Mem size: 8192 KB@H_502_3@

2016/10/15 09:15:14| Max Swap size: 102400 KB@H_502_3@

2016/10/15 09:15:14| Rebuilding storage in /usr/local/squid/var/cache (DIRTY)@H_502_3@

2016/10/15 09:15:14| Using Least Load store dir selection@H_502_3@

2016/10/15 09:15:14| Set Current Directory to /usr/local/squid/var/cache@H_502_3@

2016/10/15 09:15:14| Loaded Icons.@H_502_3@

2016/10/15 09:15:14| Accepting HTTP connections at 0.0.0.0,port 3128,FD 15.@H_502_3@

2016/10/15 09:15:14| Accepting ICP messages at 0.0.0.0,port 3130,FD 16.@H_502_3@

2016/10/15 09:15:14| HTCP Disabled.@H_502_3@

2016/10/15 09:15:14| Pinger socket opened on FD 18@H_502_3@

2016/10/15 09:15:14| Ready to serve requests.@H_502_3@

2016/10/15 09:15:15| Done scanning /usr/local/squid/var/cache swaplog (0 entries)@H_502_3@

2016/10/15 09:15:15| Finished rebuilding storage from disk.@H_502_3@

2016/10/15 09:15:15| 0 Entries scanned@H_502_3@

2016/10/15 09:15:15| 0 Invalid entries.@H_502_3@

2016/10/15 09:15:15| 0 With invalid flags.@H_502_3@

2016/10/15 09:15:15| 0 Objects loaded.@H_502_3@

2016/10/15 09:15:15| 0 Objects expired.@H_502_3@

2016/10/15 09:15:15| 0 Objects cancelled.@H_502_3@

2016/10/15 09:15:15| 0 Duplicate URLs purged.@H_502_3@

2016/10/15 09:15:15| 0 Swapfile clashes avoided.@H_502_3@

2016/10/15 09:15:15| Took 0.99 seconds ( 0.00 objects/sec).@H_502_3@

2016/10/15 09:15:15| Beginning Validation Procedure@H_502_3@

2016/10/15 09:15:15| Completed Validation Procedure@H_502_3@

2016/10/15 09:15:15| Validated 25 Entries@H_502_3@

2016/10/15 09:15:15| store_swap_size = 0@H_502_3@

2016/10/15 09:15:15| storeLateRelease: released 0 objects@H_502_3@

2016/10/15 09:55:14| NETDB state saved; 0 entries,0 msec@H_502_3@

2016/10/15 10:36:54| NETDB state saved; 0 entries,0 msec@H_502_3@

查看一下监听端口：@H_502_3@

[root@squid ~]# netstat -tunlp|grep squid@H_502_3@

tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 21815/squid @H_502_3@

udp 0 0 0.0.0.0:3130 0.0.0.0:* 21815/squid @H_502_3@

[root@squid ~]# lsof -i :3128@H_502_3@

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME@H_502_3@

squid 21815 squid 15u IPv4 36097 0t0 TCP *:squid (LISTEN)@H_502_3@

四、简单的测试@H_502_3@

由于上面的配置只是简单的一个正向代理的配置，所以这里使用IE浏览器进行代理连接测试。@H_502_3@

首先，打开IE浏览器的浏览器选项，在连接选项卡中点击局域网设置。@H_502_3@

在代理服务器中输入squid服务器的IP和端口，确定，然后打开百度进行刷新。@H_502_3@

为了确定是否是从squid代理进行浏览网页，我清空了squid的access.log，然后再进行跟踪，下面是详细的日志信息：@H_502_3@

[root@squid ~]# > /usr/local/squid/var/logs/access.log@H_502_3@

[root@squid ~]# tail -f /usr/local/squid/var/logs/access.log@H_502_3@

1476545163.478 214 192.168.49.1 TCP_MISS/200 48583 CONNECT www.baidu.com:443 - DIRECT/14.215.177.38 -@H_502_3@

1476545163.545 69 192.168.49.1 TCP_MISS/200 12924 CONNECT ss0.baidu.com:443 - DIRECT/119.146.74.33 -@H_502_3@

1476545163.547 74 192.168.49.1 TCP_MISS/200 12252 CONNECT ss2.baidu.com:443 - DIRECT/119.146.74.33 -@H_502_3@

1476545163.613 131 192.168.49.1 TCP_MISS/200 618 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545163.635 161 192.168.49.1 TCP_MISS/200 1151 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545163.636 163 192.168.49.1 TCP_MISS/200 1135 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545163.751 277 192.168.49.1 TCP_MISS/200 1103 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545164.094 622 192.168.49.1 TCP_MISS/200 1087 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545164.094 618 192.168.49.1 TCP_MISS/200 1055 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545164.094 622 192.168.49.1 TCP_MISS/200 1524 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545164.095 480 192.168.49.1 TCP_MISS/200 1684 CONNECT ss1.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545164.095 460 192.168.49.1 TCP_MISS/200 3139 CONNECT ss1.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545164.444 107 192.168.49.1 TCP_MISS/200 634 CONNECT sp3.baidu.com:443 - DIRECT/14.215.177.37 -@H_502_3@

1476545223.537 60061 192.168.49.1 TCP_MISS/200 15152 CONNECT ss1.baidu.com:443 - DIRECT/119.146.74.33 -@H_502_3@

1476545223.549 60076 192.168.49.1 TCP_MISS/200 1156 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545223.555 60079 192.168.49.1 TCP_MISS/200 9479 CONNECT ss1.baidu.com:443 - DIRECT/119.146.74.33 -@H_502_3@

1476545223.738 60100 192.168.49.1 TCP_MISS/200 2238 CONNECT ss1.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545224.154 60606 192.168.49.1 TCP_MISS/200 1625 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545224.154 60606 192.168.49.1 TCP_MISS/200 1657 CONNECT ss0.bdstatic.com:443 - DIRECT/119.146.74.32 -@H_502_3@

1476545224.376 60236 192.168.49.1 TCP_MISS/200 25575 CONNECT www.baidu.com:443 - DIRECT/14.215.177.37 -@H_502_3@

1476545224.437 60109 192.168.49.1 TCP_MISS/200 953 CONNECT www.baidu.com:443 - DIRECT/14.215.177.38 -@H_502_3@

1476545258.936 95184 192.168.49.1 TCP_MISS/200 3736 CONNECT sp0.baidu.com:443 - DIRECT/14.215.177.38 -@H_502_3@

1476545258.994 78103 192.168.49.1 TCP_MISS/200 1742 CONNECT sp1.baidu.com:443 - DIRECT/14.215.177.37 -@H_502_3@

五、其他@H_502_3@

把squid命令路径添加到系统环境变量：@H_502_3@

echo 'PATH=/usr/local/squid/sbin:/usr/local/squid/bin:$PATH' >> /etc/profile@H_502_3@

source /etc/profile@H_502_3@

让squid在后台运行：@H_502_3@

/usr/local/squid/sbin/squid -D@H_502_3@

将squid添加到开机启动：@H_502_3@

echo '/usr/local/squid/sbin/squid -D' >>/etc/rc.local@H_502_3@

squid启动脚本：@H_502_3@

#!/bin/bash@H_502_3@

# chkconfig: 345 88 14@H_502_3@

# description: squid Daemon@H_502_3@

case "$1" in@H_502_3@

start)@H_502_3@

@H_502_3@ /usr/local/squid/sbin/squid -D@H_502_3@

@H_502_3@ ;;@H_502_3@

@H_502_3@ stop) /usr/local/squid/sbin/squid -k shutdown@H_502_3@

@H_502_3@ ;;@H_502_3@

@H_502_3@ restart)@H_502_3@

@H_502_3@ /usr/local/squid/sbin/squid -k reconfigure@H_502_3@

@H_502_3@ ;;@H_502_3@

@H_502_3@ parse)@H_502_3@

@H_502_3@ /usr/local/squid/sbin/squid -k parse@H_502_3@

@H_502_3@ ;;@H_502_3@

@H_502_3@ check)@H_502_3@

@H_502_3@ /usr/local/squid/sbin/squid -k check@H_502_3@

@H_502_3@ ;;@H_502_3@

@H_502_3@ *)@H_502_3@

@H_502_3@ echo "Usage: $0 start|stop|restart|check|parse"@H_502_3@

;;@H_502_3@

esac@H_502_3@

配置squid日志轮询：@H_502_3@

/usr/local/squid/sbin/squid -k rotate@H_502_3@

配置squid日志切割：@H_502_3@

1）添加定时任务：@H_502_3@

0 0 * * * /bin/sh /opt/tools/rotate_squid.sh >/dev/null 2>&1@H_502_3@

2）rotate_squid.sh脚本的内容如下：@H_502_3@

cd /usr/local/squid/var/logs@H_502_3@

[ -f access.log ] && mv access.log access_$(date +%F).log@H_502_3@

/usr/local/squid/sbin/squid -k rotate@H_502_3@