#wget
http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE13.tar.gz
# cd /usr/local/src
# tar -zxvf squid-3.0.STABLE13.tar.gz
# cd squid-3.0.STABLE13
#./configure --prefix=/usr/local/squid --enable-inline --enable-storeio=null --enable-delay-pools --enable-esi --enable-useragent-log --enable-referer-log --enable-kill-parent-hack --enable-arp-acl --enable-default-err-language=Traditional_Chinese --disable-poll --disable-select --enable-epoll --disable-ident-lookups --enable-default-hostsfile=/etc/hosts --enable-cpu-profiling --enable-x-accelerator-vary --with-default-user=nobody --with-aufs-threads=32 --with-large-files --with-filedescriptors=65536 --enable-http-violations --enable-removal-policies=heap,lru --enable-ssl
#make && make install
squid.conf設定
http_port 192.168.0.2:80 accel vhost vport
acl localhost src 127.0.0.1/32
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl Safe_ports port 80 443
acl SSL_ports port 443
acl direct_ports port 80
acl manager proto cache_object
acl QUERY urlpath_regex cgi-bin \? \.jsp \.php
acl CONNECT method CONNECT
#acl allowed_urls dstdomain
# 使用的domain
acl denyssl url_regex -i ^https://
##acl allowed_urls dstdomain .mydomain.com.tw
acl allowed_urls dstdomain .urcosme.com
acl Mylog dstdomain urcosme.com
strip_query_terms on
logformat combined %>a %ui %un [%{%d/%b/%Y:%H:%M:%S +0800}tl] "%rm %rp HTTP/%rv" %Hs %
access_log /var/log/squid/access_mydomain_com_tw.log combined Mylog
#cgi-bin 不去 cache
hierarchy_stoplist cgi-bin ?
#refer to ACL
cache deny QUERY
cache deny denyssl
#允許(或拒絕)存取
#acl manager proto cache_object
http_access allow manager all
#http_access deny manager
#acl Safe_ports port 80 443
http_access deny !Safe_ports
#acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
#acl allowed_urls dstdomain .mydomain.com.tw
http_access allow allowed_urls
http_access deny all
#預設deny的畫面
deny_info http://www.info.com.tw all
#proxy 和proxy預設的通訓
icp_access allow localnet
htcp_access allow localnet
always_direct allow direct_ports all
#Cache 儲存的設定
#非 hot object不儲存
cache_dir null /tmp
#hot object儲存的設定(放在記憶體)
cache_mem 500 MB
maximum_object_size_in_memory 400 KB
request_header_max_size 100 KB
#預設設定
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#cache manager 帳號密碼設定
cache_mgr 帳號@mydomain
cachemgr_passwd 密碼 localnet
#預設設定
cache_log /var/log/squid/cache.log
coredump_dir /usr/local/squid/var/cache
cache_store_log none
relaxed_header_parser on
client_persistent_connections off
server_persistent_connections on
via off
reply_header_access X-Cache deny all
refresh_all_ims on
/etc/hosts
[webserverIP] [webserverDomain]
啟動
將下列這段加入 /etc/rc.local
##### Start Service #####
/opt/scripts/squid.sh init
sleep 3
/opt/scripts/squid.sh start
sleep 3
#########################
/opt/scripts/squid.sh
內容如下
#!/bin/sh
SQUID_PID=`ps aux | grep squid | grep -v grep | awk '{print $2}'`
case $1 in
start)
mkdir -p /usr/local/squid/var/cache
/usr/local/squid/bin/RunCache &
;;
stop)
for PID in $SQUID_PID;do
kill -9 $PID
done
;;
init)
/usr/local/squid/sbin/squid -z
;;
reload)
/usr/local/squid/sbin/squid -k reconfigure
;;
*)
echo "Please Use start | stop | init | reload"
;;
esac
cachemgr
squid/etc/cachemgr.conf
內容如下:
192.168.0.2:80
將squid/libexec/cachemgr.cgi 複製到apache的cgi-bin 底下
將apache listen port 改掉,不要與squid 相衝突.
將squid & apache 重起即可
httpd.conf
Listen 8080
AllowOverride None
Options None
Order allow,deny
Allow from all
沒有留言:
張貼留言