cache server緩存伺服器,用來存儲(媒體為記憶體或硬碟)使用者通路的網頁、圖檔、檔案等資訊的專用伺服器,這種server不僅可以使使用者最快的得到他們想要的資訊,而且可大大減少服務端網絡傳輸的資料量;
cache server往往也是proxy server,對使用者來說cache server和proxy server是不可見的;
國内90%的商業CDN公司都在用squid,如網宿、藍訊、帝聯;sina用的是ats;
www.squid-cache.org
提升cache命中率:
httpd、nginx中有expires、Cache-Control緩存頭;
動靜分離,靜态走CDN,動态業務獨立不走squid;
mysql的memcached靠前;
解決4**、5**等錯誤頁面、死鍊;
cache命中(使用者的http請求直接從cache server中傳回結果,命中率是所有用戶端http請求中命中的比例,web緩存典型的cache命中率在30%-60%之間;另一個相似的度量機關是位元組命中率,描述了cache提供服務的資料容量(位元組數));
cache丢失(使用者的http請求不能從cacheserver中傳回結果,原因很多:
(1)cache server剛接收到新資源時,對于第一個使用者的第一次通路就會産生cache丢失,解決:預熱或預取,後端生成資料之後,統一推到前端cache server;内部先請求通路,可通過腳本實作;
(2)存儲空間滿或對象自身過期,cache server會清除這些緩存對象以釋放空間給新對象,解決:加大記憶體或磁盤,過期時間設定長一些,緩存的參數設定大些,最大緩存對象2M,熱點緩存;分資源緩存,圖檔、視訊分拆成不同的server,根據acl和re分給不同的分組;
(3)使用者通路的資源不可達,原始server會訓示cache server如何處理使用者響應,例如,會提示資料不能被緩存,或在有限的時間内才被重複使用等;
);
cache确認(保證不給使用者傳回過期資料,在重複使用緩存對象時,cache server需經常從原始server确認,假如原始server提示squid的拷貝仍有效,資料就發送出去,否則squid更新它的緩存拷貝并轉發給使用者;當使用者更新了資料到DB或storage server時,可從業務角度主動調用接口清除該對象緩存的指令);
注:
對cache server,資料的一緻性是很難解決的問題,尤其是memcached;
推送資源後CDN生效時間一般5-15min;
圖檔放到了CDN上,若是修改圖檔,如ps等,這樣的業務需要推送,其它的操作不需要更新;
網站改版,要在CDN上推送相關資源,推送前要把js、css等檔案改名;
squid是一個高性能的proxy和cache伺服器,支援ftp、gopher、http,與一般的代理緩存軟體不同,squid用一個單獨的、非子產品化的、I/O驅動的程序來處理所有的使用者請求;
squid将資料緩存在記憶體或硬碟中,同時也緩存DNS查詢的結果,支援ssl、acl,由于使用了ICP(internetcache protocol,輕量internet緩存協定,squid叢集中各node通過ICP交流),squid能實作層疊的代理陣列,進而最大限度的節約帶寬;
注:Gopher是Internet上一個非常有名的資訊查找系統,它将Internet上的檔案組織成某種索引,很友善地将使用者從Internet的一處帶到另一處。允許使用者使用層疊結構的菜單與檔案,以發現和檢索資訊,它擁有世界上最大、最神奇的編目。
squid用途:
(1)reverse proxy,放在web server的前面,用于緩存web server的相關資料,這樣使用者請求的内容直接從cache server上傳回,提升使用者體驗,也減輕了後端web server、DB server、storage server的壓力;
<a href="http://s3.51cto.com/wyfs02/M00/86/D7/wKiom1fM2RvRDHkaAAAwOozf8iI335.jpg" target="_blank"></a>
(2)proxy,正向代理,分普通代理和透明代理,放在企業内部關鍵出網位置或某些共享網絡的前端,緩存内部上網使用者的資料、domain系統,其它網絡搜尋資料等,這樣使用者上網請求的資料,由proxy server請求源站最後将結果傳回給内網使用者,通過在LAN内部直接通路公司網站不需經internet上網更快,也節約帶寬;LAN内的主機通過代理上網,代理的主機可上網即可,位置随意,内部人員的browser設定proxy主機的ip及port;
<a href="http://s3.51cto.com/wyfs02/M00/86/D6/wKioL1fM2Sbw223cAAArt2Hv0OU511.jpg" target="_blank"></a>
<a href="http://s4.51cto.com/wyfs02/M01/86/D6/wKioL1fM2S_DQI6xAAAzEDYYkNU769.jpg" target="_blank"></a>
注:透明代理,若與iptables配合作為辦公網的網關,控制内部人員上網行為,放在網絡的關鍵位置過濾網絡流量和通路資料,提升整個網絡安全,proxy+gw+内容過濾+流量控制等完整的上網解決方案,squid和firewall可在一台也可分開
注:squid主要用于類Unix中,發展曆史相當悠久,功能相當完善,對ftp、http、https支援很好,3.0版支援ipv6,目前業界主流CDN都是基于squid二次開發作為cache server
注:haproxy專用于代理,而squid有緩存和代理兩個功能,一般用haproxy做代理(動态、靜态、LB),用squid拆分靜态和動态内容進行緩存;常見的網站架構,動态内容-->靜态化-->CDN,很多CDN已支援動态加速業務
現在網站發展的趨勢對網絡負載均衡的使用是随着網站規模的提升根據不同的階段來使用不同的技術:
第一階段:利用Nginx或者HAProxy進行單點的負載均衡,這一階段伺服器規模剛脫離開單伺服器、單資料庫的模式,需要一定的負載均衡,但是仍然規模較小沒有專業的維護團隊來進行維護,也沒有需要進行大規模的網站部署。這樣利用Nginx或者HAproxy就是第一選擇,此時這些東西上手快,配置容易,在七層之上利用HTTP協定就可以。
第二階段:随着網絡服務進一步擴大,這時單點的Nginx已經不能滿足,這時使用LVS或者商用F5就是首要選擇,Nginx此時就作為LVS或者 F5的節點來使用,具體LVS或者F5的是選擇是根據公司規模,人才以及資金能力來選擇的,但是一般來說這階段相關人才跟不上業務的提升,是以購買商業負載均衡已經成為了必經之路。
第三階段:這時網絡服務已經成為主流産品,此時随着公司知名度也進一步擴充,相關人才的能力以及數量也随之提升,這時無論從開發适合自身産品的定制,以及降低成本來講開源的LVS,已經成為首選,這時LVS會成為主流。
最終形成比較理想的狀态為:F5/LVS<—>Haproxy<—>Squid/Varnish<—>AppServer
<a href="http://s2.51cto.com/wyfs02/M02/86/D6/wKioL1fM2Xnx6PZAAABOkUHR-0M786.jpg" target="_blank"></a>
注:每個squid上緩存的不是完整的内容,所有整合在一起才是完整的資料,這樣才能緩存大量資料,算法url-hash或一緻性hash
<a href="http://s1.51cto.com/wyfs02/M01/86/D7/wKiom1fM2Ybw4iwkAABz0t7486Q474.jpg" target="_blank"></a>
京東網站架構:
<a href="http://s5.51cto.com/wyfs02/M00/86/D7/wKiom1fM2ZDTXMkBAAAsnwXq4ac963.jpg" target="_blank"></a>
硬體方面:
記憶體(重要,記憶體不夠會嚴重影響性能,因為所有對象都盡可能的被緩存在記憶體中,這樣才有更好的使用者體驗和最快的響應速度);
硬碟(重要,最好ssd,其次ssa,更多的磁盤空間意味着更多的緩存目标和更高的命中率,如taobao熱點存儲每台server使用一塊80Gssd+500Gsata;使用raid,同時可指定多個磁盤路徑用于緩存);
cpu(越快越好,但cpu在cache server方面并不是提高性能的關鍵因素);
注:記憶體與硬碟關聯,基本規則,每G磁盤空間對應32M記憶體,約512M的記憶體支援16G的磁盤緩存;内在需求依賴的有:緩存目标大小、cpu arch(32bit or 64bit)、同時線上的使用者數量、使用的其它特殊功能
注:優化Linux OS:最小化系統安裝;核心調優/etc/sysctl.conf;管理開機自啟;關閉iptables和SElinux;修改ssh port,禁止root登入;修改檔案描述符;定時更新時間;定時清理郵件臨時目錄;配置sudo權限管理;配置國内yum源;隐藏server版本号及核心版本;鎖定關鍵檔案
準備:
squid server(eth0:10.96.20.113;eth1:192.168.10.113)
web server(192.168.10.118)
軟體包:squid-3.5.20.tar.gz
[root@master ~]# uname -rm
2.6.32-431.el6.x86_64 x86_64
[root@master ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.5(Santiago)
調整檔案描述符:
[root@master ~]# ulimit -n
1024
[root@master ~]# ulimit -Hn 20480 #(-H表示hard硬限制;檔案描述符,linux預設1024,每一系統使用者運作的程序所打開的檔案和socket,檔案描述符的限制會極大的影響性能,當檔案描述符不夠時,将不能接收新的使用者連接配接,導緻拒絕服務,squid發現檔案描述符不夠時會有警告)
[root@master ~]# vim /etc/security/limits.conf
* - nofile 20480
調整臨時port範圍:
[root@master ~]# cat /proc/sys/net/ipv4/ip_local_port_range #(rhel預設port範圍32768-61000,FreeBSD預設1024-5000,臨時port是TCP/IP棧配置設定出去的連接配接的本地port,臨時port短缺對非常繁忙的porxyserver來說會極大的影響性能,因為一些tcp連接配接在被關閉時進入TIME_WAIT狀态時,臨時port号不能被重用)
32768 61000
[root@master ~]# vim /etc/sysctl.conf
net.ipv4.ip_local_port_range = 1025 65535
[root@master ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route =0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error:"net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables"is an unknown key
error:"net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.ip_local_port_range= 1025 65535
[root@master ~]# cat /proc/sys/net/ipv4/ip_local_port_range
1025 65535
同步時間:
[root@master ~]# ntpdate 202.108.6.95
30 Aug 02:45:25 ntpdate[53292]: adjust timeserver 202.108.6.95 offset -0.013377 sec
[root@master ~]# date
Tue Aug 30 02:45:28 PDT 2016
[root@master ~]# crontab -e
*/5 * * * * /usr/sbin/ntpdate cn.ntp.org.cn&> /dev/null
[root@master ~]# crontab -l
[root@master ~]# tar xf squid-3.5.20.tar.gz
[root@master ~]# cd squid-3.5.20
[root@master squid-3.5.20]# ./configure --prefix=/usr/local/squid --sysconfdir=/etc --enable-gnuregex --enable-icmp --enable-snmp --enable-default-err-language="Simplify_Chinese" --enable-kill-parent-hack --enable-cache-digests --enable-underscore --enable-poll--enable-async-io=240 --enable-arp-acl --enable-delay-pools --enable-follow-x-forwarded-for --with-large-files --with-default-user=squid
[root@master squid-3.5.20]# make
[root@master squid-3.5.20]# make install
--enable-gnuregex:支援GNU正規表達式
--enable-icmp:支援icmp
--enable-snmp:支援snmp,此選項可以讓MRTG使用SNMP協定對伺服器的流量狀态進行監測
--enable-default-err-language="Simplify_Chinese":指定出錯時顯示的錯誤頁面為簡體中文
--enable-kill-parent-hack:關閉squid時,連同其父程序一起關閉
--enable-cache-digests:加快請求時,檢索緩存内容速度
--enable-underscore:允許解析的URL中出現下劃線(squid預設帶下劃線的URL非法并拒絕通路)
--enable-poll:指定使用poll()函數
--enable-async-io=240:異步I/O,用以提升存儲性能
--enable-arp-acl:可以在規則設定中直接通過用戶端的MAC位址進行管理,防止客戶使用IP欺騙
--enable-delay-pools:開啟squid延時池功能。延時池是squid用于傳輸形狀或帶寬限制的技術。
該池由大量的用戶端IP位址組成。當來自這些用戶端的請求處于cache丢失狀态,他們的響應可能
會被人工延遲
--enable-follow-x-forwarded-for:當一個請求被另一些代理伺服器轉發時通過從http頭中尋找X-Forwarded-For來發現直接或間接的用戶端IP位址
--with-large-files:開啟大檔案支援
--with-default-user=squid:設定預設使用者
[root@master squid-3.5.20]# useradd -s/sbin/nologin -M squid #(在編譯時若不指定--with-defautl-user=squid,則使用的是nobody使用者,主配置檔案中選項cache_effective_user和cache_effective_group)
[root@master squid-3.5.20]# ls /usr/local/squid #(bin/squidclient,簡單的http用戶端程式,用于測試,也可對運作的squid程序發起管理請求;bin/RunCache,shell script,可用于啟動squid,當squid挂掉該腳本會自動重新開機;bin/RunAccel,與RunCache類似,增加了一個指令行參數,告訴squid在哪偵聽http請求;libexec/其下是一些輔助程式,這些程式可被其它程式啟動;libexec/cachemgr.cgi,是squid管理功能的CGI接口,使用時要指定這個檔案的位置或拷貝至web server的cgi-bin/下;libexec/unlinkd,從cache目錄裡删除檔案;libexec/diskd,--enable-storeio=diskd;libexec/pinger,--enable-icmp;sbin/squid,主程式;var/,其下包含了經常變化的檔案和不重要的檔案,不需正常的備份;var/logs/,squid不同日志的預設路徑,有access.log、cache.log、store.log;var/cache/,預設緩存目錄,主配置檔案中指定cache-dir)
bin libexec sbin share var
[root@master squid-3.5.20]# cd
[root@master ~]# vim /etc/squid.conf<TAB> #(squid.conf.documented配置文檔,7935行)
squid.conf squid.conf.default squid.conf.documented
[root@master ~]# rm -f /etc/squid.conf
[root@master ~]# egrep -v "^#|^$"/etc/squid.conf.default >> /etc/squid.conf
[root@master ~]# vim /etc/squid.conf
cache_effective_user squid #(配置squid伺服器使用者群組,此處不能是root執行不了)
cache_effective_group squid
visible_hostname squid #(定義可見主機名及管理者郵箱)
cache_mgr [email protected]
http_port 3128 #(預設port,文法:http_port port [mode] [options],可用port或IP:PORT或hostname:port形式,可指定多個,若squid作為cache server此處port應改為80;常用的mode:accel,Accelerator / reverse proxy mode,加速選項vport,Virtual hostport support. Using the http_port number instead of the port passed on Host:headers.)
cache_dir ufs /usr/local/squid/var/cache1024 16 256 #(文法:cache_dir Type Directory-Name Fs-specific-data [options];type有ufs、autfs、diskd、rock,預設ufs,可在編譯時使用--enable-storeio="list of modules"配置;cache_dir ufs Directory-Name Mbytes L1 L2 [options],'Mbytes' is the amount of disk space (MB) to use under this directory. The default is 100MB. Change this to suit your configuration.Do NOT put the size of your disk drive here. Instead, if you want Squid to usethe entire disk drive,subtract 20% and use that value.;'L1' is the number of first-level subdirectories which will be created under the 'Directory'.The default is 16.;'L2' is the number of second-level subdirectories which will be created under each first-level directory. The default is 256.;squid會在設定的cache_dir下建立指定數量的L1目錄,在L1下又建立多個指定數量的L2目錄,cacheobject就放在L2下,squid會根據使用者請求網頁的URL進行hash,生成緩存檔案存放于L2下的某一個目錄中,squid啟動後将在記憶體中建立一張hash表,記錄硬碟中緩存檔案配置的情形)
access_log /usr/local/squid/var/logs/access.log squid #(記錄關于http事務的關鍵資訊,該檔案基于行,每行對應一個client請求,條目有:client IP或主機名、請求的URL、響應size等)
cache_log /usr/local/squid/var/logs/cache.log #(記錄squid的配置資訊、性能警告及嚴重錯誤;可将cache_log放入系統日志中,在/etc/rsyslog.conf中配置local4.warning /var/log/squid.log或者local4.notice @192.168.1.2)
cache_store_log /usr/local/squid/var/logs/store.log #(記錄squid關于存儲或删除cache object的決定,包含記憶體cache和磁盤cache,可設為cache_store_log /dev/null)
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
coredump_dir /usr/local/squid/var/cache/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
注:acl(IP、RE、port、method、proto等等):
squid在搜尋acl元素時使用的是或邏輯,即在定義的acl規則中,有一個能比對的上則結果是比對的;
應用通路規則http_access是有先後次序的,先比對的通過,最後要有一條http_access deny all;
squid預設配置檔案是拒絕每一個使用者請求,在任何人能使用代理之前,必須在squid.conf中加入acl和http_access規則,告訴squid允許哪些位址的http請求,要有兩條acl和http_access,定義的acl規則無先後次序但應用時http_access是有先後次序的
acl aclname acltype argument ...
acl aclname acltype "file" ...
-i(case-insensitive不區分大小寫)
+i(case-sensitive區分大小寫)
-n(Disable lookups and address type conversions.)
IP的acl定義:
# aclaclname src ip-address/mask ... # clientsIP address [fast]
# aclaclname src addr1-addr2/mask ... #range of addresses [fast]
# aclaclname dst [-n] ip-address/mask ... # URLhost's IP address [slow]
# aclaclname localip ip-address/mask ... # IP address the client connected to [fast]
如:acl WorkStations src 10.0.0.0/16 #(源位址比對10.0.0.0/16網段)
tcp port的acl定義:
# acl aclname port 80 70 21 0-1024... #destination TCP port [fast],ranges are alloed
# acl aclname localport 3128 ... # TCP port the client connected to [fast];NP: forinterception mode this is usually '80'
如:
acl Foo port 80
acl Bar port 1-1024
acl Http_ports port 80 8000 8080 #(三個port 間是或的關系)
等同于
acl Http_ports port 80
acl Http_ports port 8000
acl Http_ports port 8080
re的acl定義(url_regex過濾domain及其後的uri、urlpath_regex不過濾domain僅過濾domain後的uri路徑):
# acl aclname url_regex [-i] ^http:// ... #regex matching on whole URL [fast]
# acl aclname urlpath_regex [-i] \.gif$ ... #regex matching on URL path [fast]
acl SEX url_regex -i ^http://.*sex.*
acl FOO url_regex -i ^http://www
acl FTPMP3 url_regex -i^ftp://.*\.mp3$ #(.mp3$中的點表示單個字元,\.mp3$有轉義符表示擴充名)
---------------------------------
限制黃色網站
acl SEX urlpath_regex sex
http_access deny SEX
或
acl SEX url_regex -i ^http://.*sex.*$
-----------------------------------
acl CGI urlpath_regex ^/cgi-bin
method的acl定義:
# acl aclname method GET POST ... # HTTPrequest method [fast](方法有GET、POST、PUT、CONNECT、PURGE;CONNECT,用于通過http代理來封裝某種請求的方法,在處理CONNECT方法和remote server的port時應特别謹慎,應限制CONNECT僅能連接配接到https的443或nntps的563;PURGE是squid專有的請求方法,它讓管理者能強制删除cache object,squid預設拒絕PURGE請求,除非定義使用,一般僅定義localhost允許PURGE)
acl Uploads method PUT POST
-------------------------------
acl SSL_PORTS 443 563
http_access allow CONNECT SSL_PORTS
http_access deny CONNECT
--------------------------------
僅允許定義的Localhost操作定義的Purge方法
acl Purge method PURGE
acl Localhost src 127.0.0.1
http_access allow Purge Localhost
http_access deny Purge
proto的acl定義:
# acl aclname proto HTTP FTP ... # request protocol [fast](協定有:http、https等同于HTTP/TLS、ftp、gopher、urn、whois、cache_object,cache_object是squid的特性,用于通路squid的緩存管理接口)
拒絕所有的FTP請求
acl FTP proto FTP
http_access deny FTP
---------------------------------------
允許本地管理
acl Manager proto cache_object
acl LocalHost src 127.0.0.1 192.168.1.1
http_access allow Manager Localhost
http_access deny Manager
舉例:
限制同一IP client的最大連接配接數
acl OverConnLimit maxconn16
http_access deny OverConnLimit
防止tianya盜鍊轉嫁給baidu
acl tianya refer_regex -i tianya
http_access deny tianya
deny_info http://www.baidu.com/logs.giftianya
防止被利用為http代理,設定允許通路的IP位址
acl myip dst 192.168.1.1
http_access deny !myip
------------------------------------
防止baidu機器人爬死server
acl AntiBaidu req_header User-agentBaiduspider
http_access deny AntiBaidu
----------------------------------
僅允許80 port的代理
acl Safe_port port 80
http_access deny !Safe_port
http_access allow all
限制BT檔案下載下傳
acl BT url_path_regex -i \.torrent$
http_access deny BT
-------------------------------------
更精确的統計page的通路量
acl url_no_log urlpath_regex \.gif \.jpg\.swf \.GIF \.JPG \.SWF \.js \.css F5BigIP
acl method_no_log method PURGE HEAD
access_log /usr/local/squid/var/logs/access.logcombined !url_no_log !method_no_log
[root@master ~]# vim /etc/profile.d/squid.sh
exportPATH=$PATH:/usr/local/squid/sbin:/usr/local/squid/bin
[root@master ~]# source !$
source /etc/profile.d/squid.sh
[root@master ~]# echo $PATH
/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/java/jdk1.8.0_51/bin:/usr/java/jdk1.8.0_51/jre/bin:/usr/local/mysql/bin:/root/bin:/usr/local/squid/sbin:/usr/local/squid/bin
[root@master ~]# squid -h #(#squid -k parse檢查文法;#squid-z初始化緩存;#squid -k reconfigure重新加載配置為檔案;#squid -k rotate日志輪詢;#squid -k shutdown關閉服務)
Usage: squid [-cdhvzCFNRVYX] [-n name] [-s| -l facility] [-f config-file] [-[au] port] [-k signal]
-a port Specify HTTP port number(default: 3128).
-d level Write debugging tostderr also.
-f file Use given config-file instead of
/etc/squid.conf
-h Print help message.
-k reconfigure|rotate|shutdown|restart|interrupt|kill|debug|check|parse
Parse configuration file,then send signal to
running copy (except -k parse)and exit.
-n name Specify service name touse for service operations
default is: squid.
-s | -l facility
Enable logging to syslog.
-u port Specify ICP port number(default: 3130), disable with 0.
-v Print version.
-z Create missing swap directories and then exit.
-C Do not catch fatalsignals.
-D OBSOLETE. Scheduled forremoval.
-F Don't serve any requestsuntil store is rebuilt.
-N No daemon mode.
-R Do not set REUSEADDR onport.
-S Double-check swap duringrebuild.
-X Force full debugging.
-Y Only return UDP_HIT orUDP_MISS_NOFETCH during fast reload.
[root@master ~]# chown -R squid /usr/local/squid/var
[root@master ~]#squid -k parse #(檢查文法)
……
[root@master ~]# squid -z #(初始化緩存)
[root@master ~]# 2016/08/31 03:17:16 kid1|Set Current Directory to /usr/local/squid/var/cache/squid
2016/08/31 03:17:16 kid1| Creating missingswap directories
2016/08/31 03:17:16 kid1|/usr/local/squid/var/cache exists
2016/08/31 03:17:16 kid1| Makingdirectories in /usr/local/squid/var/cache/00
2016/08/31 03:17:16 kid1| Makingdirectories in /usr/local/squid/var/cache/01
2016/08/31 03:17:16 kid1| Makingdirectories in /usr/local/squid/var/cache/02
2016/08/31 03:17:16 kid1| Makingdirectories in /usr/local/squid/var/cache/03
2016/08/31 03:17:16 kid1| Makingdirectories in /usr/local/squid/var/cache/04
2016/08/31 03:17:16 kid1| Makingdirectories in /usr/local/squid/var/cache/05
2016/08/31 03:17:16 kid1| Makingdirectories in /usr/local/squid/var/cache/06
2016/08/31 03:17:16 kid1| Makingdirectories in /usr/local/squid/var/cache/07
2016/08/31 03:17:17 kid1| Makingdirectories in /usr/local/squid/var/cache/08
2016/08/31 03:17:17 kid1| Makingdirectories in /usr/local/squid/var/cache/09
2016/08/31 03:17:17 kid1| Making directoriesin /usr/local/squid/var/cache/0A
2016/08/31 03:17:17 kid1| Makingdirectories in /usr/local/squid/var/cache/0B
2016/08/31 03:17:17 kid1| Makingdirectories in /usr/local/squid/var/cache/0C
2016/08/31 03:17:17 kid1| Makingdirectories in /usr/local/squid/var/cache/0D
2016/08/31 03:17:17 kid1| Makingdirectories in /usr/local/squid/var/cache/0E
2016/08/31 03:17:17 kid1| Makingdirectories in /usr/local/squid/var/cache/0F
[root@master ~]# squid -N -d1 #(啟動squid服務,是在前台運作)
2016/08/31 19:37:44| Set Current Directoryto /usr/local/squid/var/cache/squid
2016/08/31 19:37:44| Starting Squid Cacheversion 3.5.20 for x86_64-pc-linux-gnu...
2016/08/31 19:37:44| Service Name: squid
2016/08/31 19:37:44| Process ID 114408
2016/08/31 19:37:44| Process Roles: masterworker
2016/08/31 19:37:46| storeLateRelease:released 0 objects
2016/08/31 19:39:31| recv: (111) Connectionrefused
2016/08/31 19:39:31| Closing Pinger socketon FD 19
2016/08/31 19:42:30| Preparing for shutdownafter 667 requests
2016/08/31 19:42:30| Waiting 30 seconds foractive connections to finish
2016/08/31 19:42:30| Closing HTTP port[::]:3128
[root@master ~]# netstat -tnulp | grep squid
tcp 0 0 :::3128 :::* LISTEN 113742/(squid-1)
udp 0 0 0.0.0.0:53277 0.0.0.0:* 113742/(squid-1)
udp 0 0 :::21226 :::* 113742/(squid-1)
[root@master ~]# squid -k shutdown
[root@master ~]# squid -k shutdown
[root@master ~]# ps aux | grep squid
root 114453 0.0 0.1 103252 828 pts/3 S+ 19:42 0:00 grep squid [root@master ~]# squid -s #(以守護程序方式啟動服務)
root 114455 0.0 0.4 53368 2400 ? Ss 19:44 0:00 squid -s
squid 114457 0.7 2.7 68184 13300 ? S 19:44 0:00 (squid-1) -s
squid 114458 0.0 0.2 20288 980 ? S 19:44 0:00 (unlinkd)
root 114461 0.0 0.1 103252 828 pts/3 S+ 19:44 0:00 grep squid
按以上配置,預設squid是普通代理,在實體機win上将browser如下設定,即可通過squid代理上網:
<a href="http://s1.51cto.com/wyfs02/M01/86/D6/wKioL1fM27qwMujcAADvbNDnLE8174.jpg" target="_blank"></a>
[root@master ~]#tail -f /usr/local/squid/var/logs/access.log
1472697697.297 60435 10.96.20.89 TCP_MISS_ABORTED/000 0 GEThttp://pki.google.com/GIAG2.crl - HIER_DIRECT/74.125.23.139 -
1472697697.297 60460 10.96.20.89 TCP_MISS_ABORTED/000 0 GEThttp://pki.google.com/GIAG2.crl - HIER_DIRECT/74.125.23.139 -
1472697727.162 65968 10.96.20.89 TCP_TUNNEL/200 8557 CONNECTiecvlist.microsoft.com:443 - HIER_DIRECT/68.232.45.201 -
1472697944.465 15 10.96.20.89 TCP_MISS/200 798 GEThttp://miserupdate.aliyun.com/data/2.4.1.6/brfversion.xml -HIER_DIRECT/222.73.134.40 text/xml
1472697944.471 5 10.96.20.89 TCP_MISS/200 12724 GET
squid的access.log預設不輪詢,始終在一個檔案上,為友善管理,通過腳本可将access.log制作為根據時間戳來輪詢:
[root@master ~]# vim squid_rotate.sh
--------------------script start---------------
#!/bin/bash
#
cd/usr/lcoal/squid/var/logs/
[ -f access.log ]&& mv access.log access_$(date +%F).log
/usr/local/squid/sbin/squid-k rotate
----------------------script end-------------------
59 23 * * * bash /root/squid_rotate.sh &> /dev/null
[root@master ~]# service crond restart
Stopping crond: [ OK ]
Starting crond: [ OK ]
配置squid的web管理界面:
[root@master ~]# rpm -qa httpd
httpd-2.2.15-29.el6_4.x86_64
[root@master ~]# ll /usr/local/squid/libexec/cachemgr.cgi
-rwxr-xr-x. 1 root root 429249 Aug 31 00:02/usr/local/squid/libexec/cachemgr.cgi
[root@master ~]#vim /etc/httpd/conf/httpd.conf
ScriptAlias /squid"/usr/local/squid/libexec/cachemgr.cgi"
<Location"/squid">
order deny,allow
Deny from all
Allow from all
</Location>
[root@master ~]# vim /etc/squid.conf #(Usage: cachemgr_passwd password action action ...
cachemgr_passwd jowinconfig
[root@master ~]# service httpd start
Starting httpd: httpd: Could not reliablydetermine the server's fully qualified domain name, using 10.96.20.113 forServerName
[ OK ]
<a href="http://s4.51cto.com/wyfs02/M02/86/D6/wKioL1fM3AKSfKN5AACJYSTfEao412.jpg" target="_blank"></a>
<a href="http://s5.51cto.com/wyfs02/M00/86/D7/wKiom1fM3A3ygYUVAAD2u6A8Drk271.jpg" target="_blank"></a>
iptables+squid的透明代理(在網關主機上配置,需至少2塊網卡,實作:内部員工上網行為控制、提升上網速度、對早期來說可節約帶寬成本):
--enable-linux-netfilter Enable Transparent Proxy support for Linux(Netfilter)
[root@master ~]# ifconfig | egrep -A 1 "eth0|eth1"
eth0 Link encap:Ethernet HWaddr00:0C:29:1F:B6:AC
inet addr:10.96.20.113 Bcast:10.96.20.255 Mask:255.255.255.0
--
eth1 Link encap:Ethernet HWaddr00:0C:29:1F:B6:B6
inet addr:192.168.10.113 Bcast:192.168.10.255 Mask:255.255.255.0
net.ipv4.ip_forward = 1
[root@master ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@master ~]# vim /etc/squid.conf (更改或添加如下内容,http_port3129 intercept為必須項;squid上的時間要保持與現實同步)
#http_port 3128
http_port 3129 intercept #(3.1版本之後透明代理不能為http_port3128 transparent,改為http_port 3129 intercept,3128繼續用作普通代理)
cache_mem 64 MB #(預設cache_mem 256 MB,不能比cache_dir中設定的磁盤空間大,否則啟動報錯,'cache_mem' specifies the ideal amount of memory to be used for:In-Transitobjects、Hot Objects、Negative-Cached objects)
cache_swap_low 90 #(預設認90,The low-watermark for AUFS/UFS/diskd cache object eviction by he cache_replacement_policyalgorithm.)
cache_swap_high 95 #(預設95,Thehigh-water mark for AUFS/UFS/diskd cache object eviction by thecache_replacement_policy algorithm.)
maximum_object_size 8192 KB #(Set the defaultvalue for max-size parameter on any cache_dir. The value is specified in bytes,and the default is 4 MB.)
minimum_object_size 0 KB #(Objects smaller thanthis size will NOT be saved on disk. Thevalue is specified in bytes, and the default is 0 KB, which means all responsescan be stored. Default:no limit)
maximum_object_size_in_memory 4096 KB #(預設值512KB,Objectsgreater than this size will not be attempted to kept in the memory cache. Thisshould be set high enough to keep objects accessed frequently in memory toimprove performance whilst low enough to keep larger objects from hoardingcache_mem.)
#emulate_httpd_log on #(3.5版本已将此項廢棄,obsolete,Replace this with an access_log directive using the format 'common' or 'combined'. Default:none)
memory_replacement_policy lru #(預設lru最近最少使用算法,least、recently、used;另cache_replace_policty有:(lru : Squid's original list based LRU policy)(heap GDSF :Greedy-Dual Size Frequency)、(heap LFUDA: Least Frequently Used with Dynamic Aging)、(heapLRU : LRU policy implemented using aheap))
[root@master ~]# squid -k parse
[root@master ~]# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-ports 3129
[root@master ~]# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source 10.96.20.113
[root@master ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3129
Chain POSTROUTING (policy ACCEPT)
SNAT all -- 192.168.10.0/24 0.0.0.0/0 to:10.96.20.113
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
<a href="http://s2.51cto.com/wyfs02/M00/86/D6/wKioL1fM3FajcHbIAABWkQejy4Y303.jpg" target="_blank"></a>
内網主機192.168.10.118上的配置(網關要是squid主機的eth1),測試使用#elinks www.baidu.com上網,同時監控squid的access.log
[root@master ~]# tail -f /usr/local/squid/var/logs/access.log
1472719549.725 9 192.168.10.118 TCP_MISS/2007822 GET http://www.baidu.com/baidu.html? - ORIGINAL_DST/115.239.210.27text/html
1472719556.301 24 192.168.10.118 TCP_MISS/200100873 GET http://www.baidu.com/ - ORIGINAL_DST/115.239.210.27 text/html
1472719557.303 0 192.168.10.118 TCP_MEM_HIT/2007828 GET http://www.baidu.com/baidu.html? - HIER_NONE/- text/html
舉例(reverse proxy,cache server,提升使用者體驗,在後端web server、storage、DB扛不住時再部署):
squid reverse proxy一般隻緩存可緩沖的資料,如html網頁、js、css、picture,而一些CGI腳本程式或asp、jsp、php之類的動态程式預設不緩存,它根據從web server傳回的http head标記來緩沖靜态頁面,有4個重要的http頭标記:
Last-Modified(告訴reverse proxy頁面什麼時候被修改);
Expires(告訴reverse proxy頁面什麼時間從緩沖區删除);
Cache-Control(告訴reverse proxy頁面是否應該被緩沖,常用的有:no-store(不緩存控制,禁止中間的cache server存儲這個對象,并把header轉發給使用者),no-cache(cache server可以把檔案緩存在本地,隻是在和源站重新驗證前,不能提供給使用者使用),must-revalidate(嚴格模式,預設緩存代理可提供給使用者舊對象的内容以提高性能,有此項後,舊對象不會傳回,會報504 GatewayTimeout),max-age(表示若cache server拿到這個檔案後,這個object多久之内是可用的,可以讓使用者使用),s-maxage(與max-age相同,僅用于public緩存));
Pragma(用來包含實作特定的指令,常用的是Pragma:no-cache(相容http/1.0時使用,原則隻能用于http請求,功能和Cache-Control: no-cache一樣));
注:這幾個優先級順序,Cache-Control、Expires、refresh_pattern、Last-Modified,前面的生效後,後面的基本就失效了,Etag要向源server發送請求頭确認,而Last-Modified預設是不向源server确認的
[root@master ~]# curl 192.168.10.118 #(在後端192.168.10.118上部署httpd)
www.test.com
[root@master ~]# vim /etc/hosts
192.168.10.118 www.test.com
[root@master ~]# vim /etc/squid.conf #(修改添加如下資訊)
http_port 80 accel vhost vport
refresh_pattern -i \.jpg$ 30 50% 4320 reload-into-ims #(usage: refresh_pattern [-i] regex min percent max [options];'Min' is the time (in minutes) an object without an explicit expiry timeshould be considered fresh. The recommended value is 0, any higher values maycause dynamic applications to be erroneously cached unless the applicationdesigner has taken the appropriate actions.;'Percent'is a percentage of the objects age (time since last modificationage) an object without explicit expiry time will be considered fresh.;'Max' is an upper limit on how longobjects without an explicit expiry time will be considered fresh.;reload-into-ims changes a clientno-cache or ``reload'' request for a cached entry into a conditional requestusing If-Modified-Since and/or If-None-Match headers, provided the cached entryhas a Last-Modified and/or a strong ETag header. Doing this VIOLATES the HTTPstandard. Enabling this feature could make you liable for problems which itcauses.;另options還有:override-expire、override-lastmod、reload-into-ims、ignore-reload、ignore-no-store、ignore-must-revalidate、ignore-private、ignore-auth、max-stale=NN、refresh-ims、store-stale;若某個響應駐留在cache裡的時間未超過30min的最低限制,那它不會過期,4320min是存活響應的最高時間限制,若某個響應駐留在cache裡的時間高于最高限制,那它必須被重新整理,在最低和最高限制之間的響應,會根據squid的LM-factor算法,squid計算響應的年齡和最後修改系數,作為比值,若超過50%,該響應要被重新整理,resource age=對象進入cache的時間-對象的Last-Modified,response age=目前時間-對象進入cache的時間,LM-factor=response age/resource age)
refresh_pattern -i \.png$ 30 50% 4320 reload-into-ims
refresh_pattern -i \.gif$ 30 50% 4320 reload-into-ims
hosts_file /etc/hosts
request_header_max_size 128 KB #(This specifies themaximum size for HTTP headers in a request.Request headers are usuallyrelatively small (about 512 bytes). Placing a limit on the request header sizewill catch certain bugs (for example with persistent connections) and possibly buffer-overflowor denial-of-service attacks. Default: request_header_max_size 64 KB)
ipcache_size 1024 #(Maximum number ofDNS IP cache entries. Default:ipcache_size 1024)
ipcache_low 90
ipcache_high 95
offline_mode on #(Enable thisoption and Squid will never try to validate cached objects.Default:offline_modeoff;離線模式,後端web server挂掉,若squid上有緩存則網頁依然可通路的到)
[root@master ~]# squid -k parse
[root@master ~]# squid -s
[root@master ~]# ps aux | grep squid | grep-v grep
root 10663 0.0 0.4 53372 2404 ? Ss 01:00 0:00 squid -s
squid 10665 0.1 2.7 68264 13568 ? S 01:00 0:00 (squid-1) -s
squid 10666 0.0 0.2 20288 984 ? S 01:00 0:00 (unlinkd)
在win主機上測試
<a href="http://s1.51cto.com/wyfs02/M02/86/D7/wKiom1fM3YeRU93zAAA3fu8aGOo225.jpg" target="_blank"></a>
當再次重新整理後狀态變為TCP_MEM_HIT
[root@master ~]# tail -f/usr/local/squid/var/logs/access.log
1472803272.383 24 10.96.20.89 TCP_MISS/404 567 GEThttp://10.96.20.113/favicon.ico - FIRSTUP_PARENT/192.168.10.118 text/html
1472803274.220 149 10.96.20.89 TCP_MISS/200378 GET http://10.96.20.113/ - FIRSTUP_PARENT/192.168.10.118 text/html
1472803328.186 6 10.96.20.89 TCP_MEM_HIT/200385 GET http://10.96.20.113/ - HIER_NONE/- text/html
1472803334.596 0 10.96.20.89 TCP_MEM_HIT/200 386 GEThttp://10.96.20.113/ - HIER_NONE/- text/html
往192.168.10.118的/var/www/html/下上傳圖檔,再到win下打開
<a href="http://s1.51cto.com/wyfs02/M02/86/D6/wKioL1fM3ZWQIgzZAACRj-bLif4894.jpg" target="_blank"></a>
再次重新整理後狀态由TCP_MISS轉為TCP_REFRESH_UNMODIFIED
1472803645.760 6 10.96.20.89TCP_MISS/200 43843 GET http://10.96.20.113/V901.jpg - FIRSTUP_PARENT/192.168.10.118image/jpeg
1472803655.700 3 10.96.20.89 TCP_REFRESH_UNMODIFIED/20043850 GET http://10.96.20.113/V901.jpg - FIRSTUP_PARENT/192.168.10.118image/jpeg
1472803663.428 3 10.96.20.89 TCP_REFRESH_UNMODIFIED/20043850 GET http://10.96.20.113/V901.jpg - FIRSTUP_PARENT/192.168.10.118image/jpeg
測試将後端web server停掉,離線模式offline_mode on,測試網頁能否通路的到
[root@master ~]# ssh [email protected]'service httpd stop'
[email protected]'s password:
Stopping httpd: [ OK ]
<a href="http://s5.51cto.com/wyfs02/M01/86/D6/wKioL1fM3aeR6knBAACA3YF26lE225.jpg" target="_blank"></a>
注:預設/usr/local/squid/var/logs/access.log的logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs%<st %rm %ru %[un %Sh/%<a %mt,%Ss有:TCP_MISS、TCP_HIT、TCP_DENIED、TCP_REDIRECT、TCP_MEM_HIT、TCP_REFRESH_HIT、TCP_REFRESH_MISS、TCP_IMS_HIT、TCP_SWAPFAIL_MISS、TCP_NEGATIVE_HIT、TCP_OFFLINE_HIT(offline_modeon)、TCP_CLIENT_REFRESH_MISS(ctrl+F5)、TCP_REF_FAIL_HIT
httpd中ExpiresActive設定:
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
LoadModule expires_module modules/mod_expires.so
ExpiresActive on
ExpiresDefault "access plus 12 month"
ExpiresByType text/html "accessplus 12 months"
ExpiresByType text/css "accessplus 12 months"
ExpiresByType image/gif "accessplus 12 months"
ExpiresByType image/jpeg "accessplus 12 months"
ExpiresByType image/jpg "accessplus 12 months"
ExpiresByType image/png "accessplus 12 months"
ExpiresByType application/x-javascript"access plus 12 months"
ExpiresByType video/x-flv "accessplus 12 months"
[root@localhost ~]# httpd -t -f /etc/httpd/conf/httpd.conf
httpd: Could not reliably determine theserver's fully qualified domain name, using localhost.localdomain forServerName
Syntax OK
[root@master ~]# curl -I http://10.96.20.113 #(在squid上測試)
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2016 08:00:32 GMT
Server: Apache/2.2.15 (Red Hat)
Last-Modified: Fri, 02 Sep 2016 06:45:36GMT
ETag: "c28da-d-53b80ad8a25f8"
Accept-Ranges: bytes
Content-Length: 13
Content-Type: text/html; charset=UTF-8
Age: 237090
Warning: 113 squid (squid/3.5.20) Thiscache hit is still fresh and more than 1 day old
Warning: 110 squid/3.5.20 "Response isstale"
X-Cache: HIT from squid
X-Cache-Lookup: HIT fromsquid:80
Via: 1.1 squid (squid/3.5.20)
Connection: keep-alive
[root@master ~]# which squidclient
/usr/local/squid/bin/squidclient
[root@master ~]# squidclient -h
Version: 3.5.20
Usage: squidclient [BasicOptions] [HTTP Options]
-s | --quiet Silent. Do not print response message to stdout.
-v | --verbose Verbose debugging.Repeat (-vv) to increase output level.
Levels:
1 - Print outgoingrequest message to stderr.
2 - Print action trace tostderr.
--help Display this helptext.
Connection Settings
-h | --host host Send message to server on 'host'. Default is localhost.
-l| --local host Specify a local IPaddress to bind to. Default is none.
-p | --port port Port number on server to contact. Defaultis 3128.
-Ttimeout Timeout in seconds forread/write operations
Ping Mode
--ping [options] Enable pingmode.
options:
-g count Ping iterationcount (default, loop until interrupted).
-I interval Ping interval inseconds (default 1 second).
HTTP Options:
-a Do NOT includeAccept: header.
-A User-Agent: header.Use "" to omit.
-H 'string' Extra headers tosend. Use '\n' for new lines.
-i IMS If-Modified-Sincetime (in Epoch seconds).
-j hosthdr Host header content
-k Keep the connectionactive. Default is to do only one request then close.
-m method Request method, default is GET.
-n ProxyNegotiate(Kerberos) authentication
-N WWWNegotiate(Kerberos) authentication
-P file Send content from the named file as request payload
-r Force cache to reload URL
-t count Trace countcache-hops
-u user Proxy authenticationusername
-U user WWW authenticationusername
-V version HTTP Version. Use '-'for HTTP/0.9 omitted case
-w password Proxy authenticationpassword
-W password WWW authenticationpassword
[root@master ~]# squidclient -h localhost -p 80 mgr:info #(mgr:info取得squid運作狀态資訊;mgr:objects取得squid已緩存的清單,列印出所有緩存在記憶體和硬碟上的資料,對象有key來表示;mgr:mem取得squid記憶體使用情況;mgr:diskd取得squid磁盤使用情況;mgr:storedir取得squid緩存存儲目錄資訊;mgr:forward檢視squid轉發情況)
Server: squid/3.5.20
Mime-Version: 1.0
Date: Mon, 05 Sep 2016 02:00:48 GMT
Content-Type: text/plain;charset=utf-8
Expires: Mon, 05 Sep 2016 02:00:48 GMT
Last-Modified: Mon, 05 Sep 2016 02:00:48GMT
X-Cache: MISS from squid
X-Cache-Lookup: MISS from squid:80
Connection: close
Squid Object Cache: Version 3.5.20
Build Info:
Service Name: squid
Start Time: Mon,05 Sep 2016 01:51:43 GMT
Current Time: Mon, 05 Sep 2016 02:00:48 GMT
Connection information for squid:
Numberof clients accessing cache: 2
Numberof HTTP requests received: 3
Numberof ICP messages received: 0
Numberof ICP messages sent: 0
Numberof queued ICP replies: 0
Numberof HTCP messages received: 0
Numberof HTCP messages sent: 0
Requestfailure ratio: 0.00
AverageHTTP requests per minute since start: 0.3
AverageICP messages per minute since start: 0.0
Selectloop called: 782 times, 698.097 ms avg
Cache information for squid:
Hitsas % of all requests: 5min: 0.0%,60min: 66.7%
Hitsas % of bytes sent: 5min: 100.0%, 60min:100.0%
Memoryhits as % of hit requests: 5min: 0.0%,60min: 50.0%
Diskhits as % of hit requests: 5min: 0.0%,60min: 0.0%
StorageSwap size: 18860 KB
StorageSwap capacity: 1.8% used, 98.2% free
StorageMem size: 224 KB
StorageMem capacity: 0.3% used, 99.7% free
MeanObject Size: 50.16 KB
Requestsgiven to unlinkd: 0
#squidclient -m purge -u squid -g squid http://(手動重新整理緩存,http://頁面由業務部提供有問題的URL,解決緩存不同步,不同地區顯示頁面不一緻)
#squidclient -m purge -p 80 http://10.96.20.113/msn.jpg(删除指定對象)
#squidclient -r http://10.96.20.113/msn.jpg(force cacheto reload,若在refresh_pattern中設定了ignore_reload則-r不生效)
squid不支援删除一組對象,可用awk指令配合squidclient删除(例如:#awk'{print $7}' /usr/local/squid/var/logs/access.log | grep www.example.com |xargs -n 1 squidclient -m purge)
#echo '' > /usr/local/squid/var/cache/swap.state(删除所有對象,此指令不會從硬碟中删除檔案,僅是讓squid認為它的cache是空的,當squid運作時它增加新檔案到cache中可能會覆寫舊檔案,若磁盤使用超出了指定的大小,要在再次重新開機squid前删除舊檔案)
#squid -k shutdown
#cd /usr/local/squid/var/
#mv cache oldcache
#mkdir cache
#chown squid:squid cache
#squid -z
#squid -s
#rm -rf oldcache &
squid CDN叢集:
http_port ip:portvhost vport
icp_port 3130
cache_peer ipsibling 80 3130 name=cache1
cache_peer 1.2.3.4 sibling 80 3130name=cache2 #(serverA)
cache_peer 5.6.7.8 sibling 80 3130name-cache3 #(serverB)
cache_peer_domain cache0 www.test.com
本文轉自 chaijowin 51CTO部落格,原文連結:http://blog.51cto.com/jowin/1846348,如需轉載請自行聯系原作者
![github 如何和 xcode 聯系起來[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)