《squid proxy server 3.1--beginner's guide》学习笔记

以前研究squid时记录的笔记,估计以后可能都不会再继续搞squid了,现在放到博客来,做个备份。

1.squid需要使用内存去存磁盘文件的索引

On average, Squid consumes up to 32 MB of the main memory for every GB of disk caching.

2.缓存使用内存

cache_mem 2500 MB

3.This command will set the allowed maximum object size in memory cache to 1 MB

maximum_object_size_in_memory 1 MB

4.内存缓存模式

memory_cache_mode always

always The mode always is used to keep all the most recently fetched objects that can fit in the available space. This is the default mode used by Squid.

disk When the disk mode is set, only the objects which are already cached on a hard disk and have received a HIT (meaning they were requested subsequently after being cached), will be stored in the memory cache.

network Only the objects which have been fetched from the network (including neighbors) are kept in the memory cache, if the network mode is set.

5.Cache directory selection

store_dir_select_algorithm least-load|round-robin

6.Cache object size limits

minimum_object_size 0 KB
maximum_object_size 96 MB

This configuration will set the minimum and maximum object size in the cache to 0 (zero) and 96 MB respec􏰀vely, which means that objects with a size larger than 96 MB will not be cached.

7.Setting limits on object replacement

cache_swap_low 96
cache_swap_high 97

So, in accordance with these values, when the space occupied for a cache directory crosses 96 percent, Squid will start dele􏰀ng objects from the cache and will try to maintain the u􏰀liza􏰀on near 96 percent. However, if the incoming rate is high and the space u􏰀liza􏰀on starts to touch the high limit (97 percent), the dele􏰀on becomes quite frequent un􏰀l u􏰀liza􏰀on moves towards the lower limit.

Squid's defaults for low and high limits are 90 percent and 95 percent respec􏰀vely, which are good if the size of cache directory is low (like 10 GB). However, if we have a large amount of space for caching (such as a few hundreds GBs), we can push the limits a bit higher and closer because even 1 percent will mean a difference of more than a gigabyte.

8.不缓存

acl local_machines dst 192.0.2.0/24 198.51.100.0/24
cache deny local_machines

9.查看squid的版本和编译参数

squid -v

10.启动squid的调试模式

squid -d 2
更加详细
squid -X

11.reload squid

squid -k reconfigure

12.关闭squid

squid -k shutdown 优雅的关闭,等待活动的连接关闭
squid -k interrupt  立即关闭,不等待活动的连接关闭
squid -k kill  不废话,立即结束

13.检查squid是否在运行

squid  -k  check
写脚本时可以根据返回的状态码来干点啥 echo $?

14.日志轮询

59 23 * * * /opt/squid/sbin/squid -k rotate

15.rebuild the cache metadata

squid -F

16.force Squid to double check the cache during rebuild

squid -S -d 1

17.init 开机启动脚本

#!/bin/bash
# init script to control Squid server
case "$1" in
start)
  /opt/squid/sbin/squid
  ;;
stop)
  /opt/squid/sbin/squid -k shutdown
  ;;
reload)
  /opt/squid/sbin/squid -k reconfigure
  ;;
restart)
  /opt/squid/sbin/squid -k shutdown
  sleep 2
  /opt/squid/sbin/squid
  ;;
*)
  echo $"Usage: $0 {start|stop|reload|restart}"
  exit 2
esac
exit $?

18.ACL权限控制

src
acl client src 192.0.2.25/32
acl mkt_dept src 10.1.2.0-10.1.6.0/24
acl bad_clients src 10.2.44.25-10.2.44.35/32

arp
acl mac_acl arp 00:1D:7D:D4:F3:EE

dstdomain
acl example dstdomain www.example.com
acl example dstdomain .example.com
A dot is treated as a wildcard by Squid and an ACL will match that domain or any sub-domain of that par􏰀cular domain. Let's see an example.

port
acl allowed_port port 80
http_access deny !Safe_ports

ftp
acl ftp_requests proto FTP
acl research_labs src 192.0.2.0/24
http_access deny research_labs ftp_requests

cache
For example, for denying caching of any content on the local area network, we can add the following lines to our configuration on file:

  acl local_domain dstdomain .local.example.com
  cache deny local_domain
  cache allow all

19.日志格式

有个默认的Emulating HTTP server-like logs
common

20.排错,可以把日志打的详细些,然后再看cache.log

debug_options ALL,1 11,5