squid 2.6笔记

以下内容摘抄自沧海一声笑的blog,先记下来,不过没有优化,我将慢慢调整

编译参数:

#!/bin/bash

SQUID_ROOT="/usr/local/squid"

./configure --prefix=$SQUID_ROOT \

--enable-useragent-log \

--enable-referer-log \

--enable-default-err-language=Simplify_Chinese \

--enable-err-languages="Simplify_Chinese English" \

--disable-internal-dns \

--enable-dlmalloc \

--with-pthreads \

--enable-poll \

--enable-stacktrace \

--enable-removal-policies="heap,lru" \

--enable-delay-pools \

--enable-storeio="aufs,coss,diskd,ufs"

2.6相对2.5有些改动,主要是:

1、http_port、cache_peer规则使用
*M}&X;Lpz0

由于

httpd_accel_host 被http_port、cache_peer选项替代

httpd_accel_port 由cache_port来定义

httpd_accel_uses_host_header由http_port vhost选项替代

则

                                 -------------------------               ---------------------------
K$uN1A:X/c{w0ajax.aaa .com请求 \   |    Squid        |        / 127.0.0.1   ajax.aaa.com    80
Sns.xxx.com请求     |                             |          211.100.100 sns.xxx.com     80
live.yyy.com请求    -- |    10.10.10.10/11   |    ----   169.100.100 live.yyy.com 81
{ n,L0`E0tag.zzz.com 请求 /    |    /etc/hosts      |        \ 58.100.100 tag.zzz.com 82
NQ t b#nz'H0                                 -------------------------           ---------------------------

http_port 110.10.10.10:80 transparent vhost vport
cache_peer 127.0.0.1 parent 80 0 no-query originserver
cache_peer 211.100.100 parent 80 0 no-query originserver
cache_peer 169.100.100 parent 81 0 no-query originserver
cache_peer 58.100.100 parent 82 0 no-query originserver

2、Log改进

A、Log记录方式更改，可用记录至系统Log或access-log,引入X-Forwarded-For headers功能后，Log可直接通过后台web的log进行分析

B、X-Forwarded-For headers功能使后端被加速web的log更加便于分析，直接分析后端web的log即可分析用户行为，原先版本后端web的log日志全来自前端squid机器，无法从后端直接分析log

下面是配置文件,有空我将进行全面的中文注释

# NETWORK OPTIONS
# -----------------------------------------------------------------------------
0hm'Q:Iq0

&O:A&j@%W O)T0http_port 211.211.211.211:80 transparent vhost vport

/Dz*R[w^6LAn0#
;?1o1HK;lc6i%G|6\0#cache_peer 211.100.59.59 parent 80 0 no-query originserver
s;T#_A1K)Q0#cache_peer 61.235.170.133 parent 80 3130 no-query no-netdb-exchange proxy-only
6`8W,y;U1[:ZA.I0#cache_peer 211.101.21.114 parent 80 0 no-query originserver
K!z'^{.j} q0#cache_peer 211.100.23.242 parent 80 0 no-query originserver
#cache_peer 61.135.120.233 parent 80 0 no-query originserver
DFOct-t`0#cache_peer 219.246.145.145 parent 80 0 no-query originserver
'g H6S4@0wW-AK0
#CP@Vy+n(R/V0# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
VI4jP\;@8J%i~1B(x0# -----------------------------------------------------------------------------

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
D2~`zg l"l N_0cache deny QUERY
acl apache rep_header Server ^Apache
RmO,pM[*S2j0broken_vary_encoding allow apache
?$q0kSwK4sp:_Y0collapsed_forwarding on

# OPTIONS WHICH AFFECT THE CACHE SIZE
!Rm+^8B vi0v0# -----------------------------------------------------------------------------
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
vdOkO0minimum_object_size 0 KB
maximum_object_size_in_memory 80 KB
ipcache_size 1024
ipcache_low 90
'``#j#ar J jV?0ipcache_high 95
cache_replacement_policy lru
ej|h#Si_7m0memory_replacement_policy lru

-SN}'vr0# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

E^'Z)]m0#cache_dir ufs /Data/apps/squid/var/cache 1024 56 256
;mpk%b$e Z1T0cache_dir ufs /Data/apps/squid/cache 4096 56 256
r h4F!d3Lo P:s kv}0#access_log /Data/apps/squid/var/logs/access.log squid
cache_log /Data/apps/squid/var/logs/cache.log
emulate_httpd_log on
#cache_store_log /Data/apps/squid/var/logs/store.log
# pid_filename /Data/apps/squid/var/logs/squid.pid

:Sl)M1`R0
M4J0S)FWl e`1k8f L0# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
Z2OiM^kN/B2j/~#p.R0# -----------------------------------------------------------------------------

dns_children 5

.t%eMPI9cK$M4zq0#Recommended minimum configuration per scheme:
]Wv3~%? e]0#auth_param negotiate program <uncomment and complete this line to activate>
#auth_param negotiate children 5
P fBi~0#auth_param negotiate keep_alive on
DT0}FQHg#O&a0#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm keep_alive on
.Q.| V U e0#auth_param digest program <uncomment and complete this line>
1P?6usp)t~ F0#auth_param digest children 5
C l's0M&fnA/C0#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
2m/R%chFC lI SA0#auth_param basic program <uncomment and complete this line>
pv*x2y!ls O0#auth_param basic children 5

auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
g/Y&R@ wKv0auth_param basic casesensitive off

'~!k,B%l7f}"lx%q*v0# OPTIONS FOR TUNING THE CACHE
:wO}0F)`? Q0# -----------------------------------------------------------------------------

7h bvf6kU&r0# request_header_max_size 20 KB
$ejI0~)~0# request_body_max_size 0 KB

refresh_pattern ^ftp:       1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
D!g0CldF/p5I"HL0refresh_pattern .       0   20%   4320
quick_abort_min 0 KB
g3k/ou;\j{0quick_abort_max 0 KB
# quick_abort_pct 95
`U4D@`C3p0# read_ahead_gap 16 KB
8O+^])H_(\0# negative_ttl 5 minutes
L!E3f`oB R0# refresh_stale_hit 0 seconds

/w!pw6J4rvP0# TIMEOUTS
# -----------------------------------------------------------------------------

7u Y\RtX~0forward_timeout 20 seconds
connect_timeout 15 seconds
d(E'XP ZHr[0# peer_connect_timeout 30 seconds
read_timeout 3 minutes
%SVU?6b*_u0request_timeout 1 minutes
|rju;M!dV0persistent_request_timeout 15 seconds
client_lifetime 15 minutes
half_closed_clients off
# pconn_timeout 120 seconds
-miru9N1w0# ident_timeout 10 seconds
@1`[5ZXi}w8a0shutdown_lifetime 5 seconds
|T;Va-Te6Fl0
3}[Z.~6f`0
:mq)R(h"}$f"e:i0# ADMINISTRATIVE PARAMETERS
J+Ds~2s/z8|a0# -----------------------------------------------------------------------------

cache_mgr longrujun@gmail.com
cache_effective_user squid
cache_effective_group squid
;C_ |D|5@+z0# httpd_suppress_version_string off
&ipLN.X g8d8F(S)m0visible_hostname longrujun.name

# OPTIONS FOR THE CACHE REGISTRATION SERVICE
x8E!B0x|+f;g,kv({0# ----------------------------------------------------------------------------

# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------

# httpd_accel_no_pmtu_disc off

3[a~'C7~t0# MISCELLANEOUS
TlF_0Z0Z0# -----------------------------------------------------------------------------

logfile_rotate 0
tcp_recv_bufsize 65535 bytes
# memory_pools on
# memory_pools_limit 5 MB
W$y yPc*e7d0# via on
i-r#X;j8hMDt+r0# forwarded_for on
# log_icp_queries on
# icp_hit_stale off
*? `1u8_V$i'P0# minimum_direct_hops 4
# minimum_direct_rtt 400
# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# client_db on
YD0dOlZX m0# netdb_low 900
V2r"y%t7UgP4|%u0# netdb_high 1000
9E4hK fl6B8MB$A ~.Q0# netdb_ping_period 5 minutes
# query_icmp off
# buffered_logs off
# reload_into_ims off
# global_internal_static on
0x:mY YU#_s_0# short_icon_urls off
1fo}?|0error_directory /Data/apps/squid/share/errors/Simplify_Chinese
# maximum_single_addr_tries 1
# retry_on_error off

#v%X/RSF0# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------

'E^H+qho6X8nq4T0# delay_initial_bucket_level 50
# max_open_disk_fds 0
1E,^*cIw2v|'UF0# offline_mode off
)^p%WtA1HsqF0# uri_whitespace strip
^v+cTz"up9T3Q0# nonhierarchical_direct on
# prefer_direct off
# coredump_dir none
r!z SBO-}0coredump_dir /Data/apps/squid/cache
# redirector_bypass off
# ignore_unknown_nameservers on
# digest_generation on
\GZe c0# digest_bits_per_entry 5
# digest_rebuild_period 1 hour
0rYG@3Z[i0# digest_swapout_chunk_size 4096 bytes
# digest_rebuild_chunk_percentage 10
(Mc7YUK+v0client_persistent_connections off
server_persistent_connections on
# persistent_connection_after_error off
3Q6]jnDc/`0# detect_broken_pconn off
JNLLr"R"ozWxo/xX0# balance_on_multiple_ip on
2oV v IL6W+mgE0# pipeline_prefetch off
&u"La K"Z0# request_entities off
# high_response_time_warning 0
# high_page_fault_warning 0
# high_memory_warning 0
# store_dir_select_algorithm least-load
# ie_refresh off
Q,GIP#G0NY0N0vary_ignore_expire on
7I(\N^dI6s o0# sleep_after_fork 0
# minimum_expiry_time 60 seconds
h5e9q-S8X#x$bP0# relaxed_header_parser on
a+m)GE/z[Yw0strip_query_terms on

1E&U-fQ$l!P0

Y @#BG-@[0# ACCESS CONTROLS
#---------------------------------------------------

acl OverConnLimit maxconn 20
http_access deny OverConnLimit

#acl AntiGoogle req_header User-Agent Googlespider
#http_access deny AntiGoogle

C`7td^5wD0acl all src 0.0.0.0/0.0.0.0
W"d/@B s0acl manager proto cache_object
,Li7lUd0acl localhost src 127.0.0.1/255.255.255.255 10.10.10.0/24
acl Srvip   dst 211.100.99.0/24 211.100.100.0/24 61.135.100.0/24 60.195.200.159.0/24
Rn5L9C$Ekv:B nj0acl Srvdm   dstdomain .longrujun.name .hanlei.name .liuren.com .keso.cn
GE(ue m7K0acl to_localhost dst 127.0.0.0/8 61.135.170.231/255.255.255.255
D)^iEp_ C0acl purgehost src   127.0.0.0/8 61.135.170.231/255.255.255.255
acl purgemethod method PURGE
acl SSL_ports port 443 563
VX#C?oa/W-P0acl Safe_ports port 80          # http
acl Safe_ports port 81          # http
acl CONNECT method CONNECT
JT$N4HrD:SJ0
4o6@N_|,Vb'_ _6b`0always_direct allow Srvdm
OMPl:c0never_direct allow !Srvdm
$A"u!L,`Q0http_access allow manager localhost
d:pID@,D7Tp [W0http_access deny manager
g?(d~5]V Fp0http_access allow purgemethod purgehost
http_access deny !Safe_ports
V*jaO aE0http_access deny CONNECT all
Y2kK{"}0http_access allow localhost
http_access allow Srvip
~J%b:D5e5h0http_access allow Srvdm
#w;Me Kk9QCZk?"s0http_access deny all
G'H6AwQ1N.k0http_reply_access allow all
icp_access deny all
icp_port 0

欧客时尚社区(原智机天下)

关于作者

网络推荐