Squid反向代理配置编译

Read

基础结构：

内核版本：Linux squid 2.6.32-358.el6.x86_64    [CentOS release 6.4]
安装目录：/usr/local/squid    [ln -s /byrd/service/squid-3.5.16 /usr/local/squid]
squid服务器：1.1.1.21   web服务器：1.1.1.11

内核版本：Linux squid 2.6.32-358.el6.x86_64 [CentOS release 6.4]

安装目录：/usr/local/squid [ln -s /byrd/service/squid-3.5.16 /usr/local/squid]

squid服务器：1.1.1.21 web服务器：1.1.1.11

核心参数：

[root@squid etc]# grep -E "0.0.0.0/0.0.0.0|cache_peer" squid.conf
acl all src 0.0.0.0/0.0.0.0
cache_peer img.t4x.org       parent    80  3130  no-query no-digest max-conn=32 originserver

[root@squid etc]# grep -E "0.0.0.0/0.0.0.0|cache_peer" squid.conf

acl all src 0.0.0.0/0.0.0.0

cache_peer img.t4x.org parent 80 3130 no-query no-digest max-conn=32 originserver

配置信息：

3.0
[root@squid etc]# cat squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
#acl allowed_doms dstdomain .t4x.org
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
http_access allow all
http_access allow manager localhost
http_access deny manager
httpd_accel_host 1.1.1.11
httpd_accel_port 80
#http_access allow allowed_doms
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 80 accel vhost vport
hierarchy_stoplist cgi-bin ?
cache_dir ufs /byrd/service/squdi3.0/var/cache 100 16 256
access_log /byrd/service/squdi3.0/var/logs/access.log squid
cache_log /byrd/service/squdi3.0/var/logs/cache.log
cache_store_log /byrd/service/squdi3.0/var/logs/store.log
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern (cgi-bin|\?)    0       0%      0
refresh_pattern .               0       20%     4320
refresh_pattern -i \.jpg$ 30 50% 4320 reload-into-ims
refresh_pattern -i \.png$ 30 50% 4320 reload-into-ims
refresh_pattern -i \.gif$ 30 50% 4320 reload-into-ims
cache_mgr webmaster@qq.com
cache_effective_user squid 
cache_effective_group squid
visible_hostname images.t4x.org
icp_port 3130
coredump_dir /byrd/service/squdi3.0/var/cache
cache_peer img.t4x.org       parent    80  3130  no-query no-digest max-conn=32 originserver
hosts_file /etc/hosts
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
3.5
[root@squid sbin]# grep -v ^# ../etc/squid.conf  
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
http_access allow all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 80 accel vhost vport 
coredump_dir /byrd/service/squid-3.5.16/var/cache/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
cache_mgr webmaster@qq.com
cache_effective_user squid
cache_effective_group squid
visible_hostname images.t4x.org

3.0

[root@squid etc]# cat squid.conf

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

#acl allowed_doms dstdomain .t4x.org

acl CONNECT method CONNECT

acl all src 0.0.0.0/0.0.0.0

http_access allow all

http_access allow manager localhost

http_access deny manager

httpd_accel_host 1.1.1.11

httpd_accel_port 80

#http_access allow allowed_doms

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localnet

http_access deny all

icp_access allow localnet

icp_access deny all

htcp_access allow localnet

htcp_access deny all

http_port 80 accel vhost vport

hierarchy_stoplist cgi-bin ?

cache_dir ufs /byrd/service/squdi3.0/var/cache 100 16 256

access_log /byrd/service/squdi3.0/var/logs/access.log squid

cache_log /byrd/service/squdi3.0/var/logs/cache.log

cache_store_log /byrd/service/squdi3.0/var/logs/store.log

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern (cgi-bin|\?) 0 0% 0

refresh_pattern . 0 20% 4320

refresh_pattern -i \.jpg$ 30 50% 4320 reload-into-ims

refresh_pattern -i \.png$ 30 50% 4320 reload-into-ims

refresh_pattern -i \.gif$ 30 50% 4320 reload-into-ims

cache_mgr webmaster@qq.com

cache_effective_user squid

cache_effective_group squid

visible_hostname images.t4x.org

icp_port 3130

coredump_dir /byrd/service/squdi3.0/var/cache

cache_peer img.t4x.org parent 80 3130 no-query no-digest max-conn=32 originserver

hosts_file /etc/hosts

logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh

3.5

[root@squid sbin]# grep -v ^# ../etc/squid.conf

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7 # RFC 4193 local private network range

acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

acl all src 0.0.0.0/0.0.0.0

http_access allow all

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost manager

http_access deny manager

http_access allow localnet

http_access allow localhost

http_access deny all

http_port 80 accel vhost vport

coredump_dir /byrd/service/squid-3.5.16/var/cache/squid

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

cache_mgr webmaster@qq.com

cache_effective_user squid

cache_effective_group squid

visible_hostname images.t4x.org

参考文章：
1：https://note.t4x.org/system/squid-cache-config/
2：https://note.t4x.org/system/config-suqid-transparent-proxy/SourceByrd's Weblog-https://note.t4x.org/system/squid-reverse-proxy/ SourceByrd's Weblog-https://note.t4x.org/system/squid-reverse-proxy/