squid13+solaris10 反向代理配置全攻略

崔凯

1，准备工作：Solaris10，squid-2.6.STABLE13
2，开始安装和配置：

1) 查看和修改最大连接数：
  #ulimit -a
core file size        (blocks, -c) unlimited
data seg size         (kbytes, -d) unlimited
file size             (blocks, -f) unlimited
open files                    (-n) 65536
pipe size          (512 bytes, -p) 10
stack size            (kbytes, -s) 8480
cpu time             (seconds, -t) unlimited
max user processes            (-u) 8485
virtual memory        (kbytes, -v) unlimited

修改：vi /usr/include/sys/types.h

#define FD_SETSIZE 10240
#ifndef _SYS_TYPES_H
#define _SYS_TYPES_H

2）将squid软件解压和安装到制定目录：
   ./configure --prefix=/usr/local/squid --disable-internal-dns --enable-useragent-log --enable-referer-log（可以看到连接数已经修改为10240）
   make；make install；
3）在squid.conf文件里修改配置：
   vi /usr/local/squid/etc/squid.conf

   增加和修改的部分：
   http_port 80 accel vhost
   hierarchy_stoplist cgi-bin ?
   acl QUERY urlpath_regex cgi-bin \?
   cache deny QUERY
   acl apache rep_header Server ^Apache
   broken_vary_encoding allow apache
   cache_mem 1024 MB
   cache_dir ufs /export/home/squid/cache 4000 16 256
   access_log /export/home/squid/logs/access.log squid
   cache_log /export/home/squid/logs/cache.log
   cache_store_log /export/home/squid/logs/store.log
   pid_filename /export/home/squid/logs/squid.pid
   cache_dns_program /usr/local/squid/libexec/dnsserver
   dns_children 10
   hosts_file /etc/hosts
   refresh_pattern ^ftp:           1440    20%     10080
   refresh_pattern ^gopher:        1440    0%      1440
   refresh_pattern .jsp            0       20%     0
   refresh_pattern .               0       20%     2
   acl acceleratedHostSCUT dstdomain .abc.com

   acl acceleratedProtocol protocol HTTP
   acl acceleratedPort port 80

   acl all src 0.0.0.0/0.0.0.0
   acl manager proto cache_object
   acl localhost src 127.0.0.1/255.255.255.255
   acl to_localhost dst 127.0.0.0/8
   acl SSL_ports port 443
   acl Safe_ports port 80          # http
   acl Safe_ports port 21          # ftp
   acl Safe_ports port 443         # https
   acl Safe_ports port 70          # gopher
   acl Safe_ports port 210         # wais
   acl Safe_ports port 1025-65535  # unregistered ports
   acl Safe_ports port 280         # http-mgmt
   acl Safe_ports port 488         # gss-http
   acl Safe_ports port 591         # filemaker
   acl Safe_ports port 777         # multiling http
   acl CONNECT method CONNECT
   http_access allow acceleratedProtocol acceleratedPort acceleratedHostABC

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname webcache3.abc.com
logfile_rotate 10
always_direct allow acceleratedHostABC

coredump_dir /export/home/squid/cache

4)配置hosts文件
#vi /etc/hosts
#
127.0.0.1       localhost
IP                   www.abc.com

5）配置/etc/init.d/squid
#!/bin/bash
# squid         This shell script takes care of starting and stopping
#               Squid Internet Object Cache
#
# chkconfig: - 90 25
# description: Squid - Internet Object Cache. Internet object caching is \
#       a way to store requested Internet objects (i.e., data available \
#       via the HTTP, FTP, and gopher protocols) on a system closer to the \
#       requesting site than to the source. Web browsers can then use the \
#       local Squid cache as a proxy HTTP server, reducing access time as \
#       well as bandwidth consumption.
# pidfile: /home/squid/logs/squid.pid
# config: /usr/local/squid/etc/squid.conf

PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH


# check if the squid conf file is present
[ -f /usr/local/squid/etc/squid.conf ] || exit 0

# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-"-D"}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}

# determine the name of the squid binary
[ -f /usr/local/squid/sbin/squid ] && SQUID=/usr/local/squid/sbin/squid
[ -z "$SQUID" ] && exit 0

prog="$SQUID"

# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' /usr/local/squid/etc/squid.conf | \
        grep cache_dir |  awk '{ print $3 }'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP=/export/home/squid/cache

RETVAL=0

start() {
    for adir in $CACHE_SWAP; do
        if [ ! -d $adir/00 ]; then
             echo -n "init_cache_dir $adir... "
             $SQUID -z -F -D 2>/dev/null
        fi
    done
    echo -n $"Starting $prog: "
    $SQUID $SQUID_OPTS 2> /dev/null
    RETVAL=$?
    if [ $RETVAL -eq 0 ]; then
       timeout=0;
       while : ; do
          [ ! -f /export/home/squid/logs/squid.pid ] || break
          if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
             RETVAL=1
             break
          fi
          sleep 1 && echo -n "."
          timeout=$((timeout+1))
       done
    fi
    [ $RETVAL -eq 0 ] && echo "OK"
    [ $RETVAL -ne 0 ] && echo "Failed"
    echo
    return $RETVAL
}

stop() {
    echo -n  $"Stopping $prog: "
    $SQUID -k check >/dev/null 2>&1
    RETVAL=$?
    if [ $RETVAL -eq 0 ] ; then
        $SQUID -k shutdown &
        timeout=0
        while : ; do
                [ -f /export/home/squid/logs/squid.pid ] || break
                if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
                    echo
                    return 1
                fi
                sleep 2 && echo -n "."
                timeout=$((timeout+2))
        done
        echo "OK"
        echo
    else
        echo "Failed"
        echo
    fi
    return $RETVAL
}

reload() {
    $SQUID $SQUID_OPTS -k reconfigure
}

restart() {
    stop
    start
}


rhstatus() {
    status $SQUID
    $SQUID -k check
}

probe() {
    return 0
}

case "$1" in
start)
    start
    ;;

stop)
    stop
    ;;

reload)
    reload
    ;;

restart)
    restart
    ;;

status)
    rhstatus
    ;;

probe)
    exit 0
    ;;

*)
    echo $"Usage: $0 {start|stop|status|reload|restart}"
    exit 1
esac

exit $?