ihd4ff8wem
User
Dołączył: 03 Maj 2011
Posty: 101
Przeczytał: 0 tematów
Ostrzeżeń: 0/5 Skąd: England Płeć: Kobieta
|
Wysłany: Sob 4:32, 28 Maj 2011 Temat postu: diddy beats Some explanations squid configuration |
|
|
http_port 3128
# General squid HTTP service port 80 only accelerated. Instructions for using the http_port squid listening on that port:
http_port 80
If both want to make
squid proxy cache, but also for the accelerator, then list these two ports, but all ports must be specified in a command line:
http_port 80 http_port 3128
logfile_rotate 3
# roll log files periodically, to prevent them from becoming too large. In order to reasonably control the consumption of disk space, use the following command in the cron:
% squid-k rotate
example, the following tasks interface to 4 am every day rolling log:
0 4 * * * / usr / local / squid / sbin / squid-k rotate
work process: the command to do two things. First, it closes the currently open log file. Then, the file name followed by number of extension, rename it cache.log, store.log, and access.log. For example, cache.log into cache.log.0, cache.log.0 into cache.log.1,[link widoczny dla zalogowanych], so continue to scroll to the logfile_rotate option to specify the value.
cache_mem 1024 MB
squid can use the memory specified ideal value,[link widoczny dla zalogowanych], the proposed set of memory 1 / 3.
# This parameter is not specified the maximum value of the process,[link widoczny dla zalogowanych], it is just a squid can be used to set the number of additional memory to cache the object limit,[link widoczny dla zalogowanych],[link widoczny dla zalogowanych], squid in other areas also need to use memory.
read-only
read-only option instructs Squid cache_dir continue to read the file,[link widoczny dla zalogowanych], but not entered, and write new goals. He looks in the squid.conf file as follows:
cache_dir ufs / cache0 7000 16 256 read-only
If you want to cache files from one disk to another disk, then use this option. If you simply add a cache_dir, and remove the other, squid hit rate dropped significantly. In the old directory is read-only, you can still obtain from the cache hit. After a period of time, you can delete the file from the set read-only cache directory.
max-size
use this option, you can specify the cache directory is stored in the maximum target size. For example:
cache_dir ufs / cache0 7000 16 256 max-size = 1048576
note value is in bytes. In most cases, you do not increase the options. If you do, please do all the cache_dir max-size line in order to store the size (from small to large.)
# cache_swap_low and cache_swap_high command control objects stored on disk replacement. Their values is the largest percentage of cache size, the maximum cache size of the volume from the sum of all cache_dir. For example:
cache_swap_low 90
cache_swap_high 95
If the total disk usage below
cache_swap_low, squid does not delete the cache target. If the cache size increases, squid will gradually remove the target. In the steady state, you find that disk usage is always relatively close to cache_swap_low value. You can request the storedir cache manager page to view current disk usage
Please note that changing the cache_swap_high squid may not have much effect with the disk. In the early versions of squid, this parameter has an important role; However now, it is not the case.
squid cache any files if you do not, as some proprietary systems with limited space, you can use the null file system (which does not require such cache strategy)
Cache_dir null / tmp
cache_vary on (the default on that can cache static files)
acl apache rep_header Server ^ Apache
broken_vary_encoding allow apache
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
# cache replacement strategy, the small files more cache servers, easily accessible by GDSF
good hit rate, especially in the memory hit rate.
minimum_object_size 0 KB
maximum_object_size 6 MB
worth more than the object will not be stored. If you want to improve the access speed to lower the value; If you want to maximize the bandwidth savings, reduce costs, to increase the value.
maximum_object_size_in_memory 1024 KB
Set the value of the smaller maximum_object_size_in_memory
help control excessive memory for squid
cache_dir aufs / opt / squid / cache 4000 16 32
cache_dir aufs / opt/squid/cachedir/cache01 4000 16 32
cache_log / opt / squid / var / logs / cache.log
# cache_dir directive is the squid.conf configuration file one of the most important commands. It tells what way squid stored in cache files to disk what position. cache_dir directive to take the following parameters:
# set cache directory, you can set multiple cache directory, the syntax is:
cache_dir aufs / opt/squid/cachedir/cache01 4000 16 32 that
4000 the directory in which the buffer is used under sub-4000MB 16 is cache01 Shuliang 32 is cache01 subdirectory under the directory number of the next level
strip_query_terms off
# This directive is another privacy protection. In the record before the request, Squid delete query. Unfortunately, if the log file into the wrong hands, they will not find any user name and password. When this command is activated, the question mark (?) After all the bytes are deleted. For example, a URl as follows:
[link widoczny dla zalogowanych]
will be recorded as:
[link widoczny dla zalogowanych]
acl nolog urlpath_regex-i . dll
emulate_httpd_log on
logformat combined%> a% ui% un [% tl] ; h
# apache all log formats in accordance with the standard format output, and does not define the access log record nolog eg: 192.168.19.212 - - [23/Oct/2008: 00:00:24 +0800] .zhaopin.com/new4/images/nub/1.gif HTTP/1.0 6.0; Windows NT 5.1; SV1;. NET CLR 2.0.50727;. NET CLR 3.0.04506.30) To record the source IP address
:
logformat combined% {X-Forwarded-For1}> h%> a% ui% un [% tl] ; h
log shall: 82.145.157.175 192.168.10.114 - - [14/Dec/2009: 09 ...
Similarly:
acl nolog urlpath_regex-i . css . js . swf
cache_access_log / opt / squid / var / logs / access.log combined! nolog
access_log / opt / squid / var / logs / newaccess.log! nolog
above the log records do not contain . css . js . swf type of access log
Note: apache format string variable meanings:
% ... a: Remote IP address
% ... A: local IP address
% ... B: the number of bytes sent, excluding HTTP headers
% .. . b: CLF format, in bytes, excluding HTTP headers. For example, when not sending data, write '-' instead of 0.
%...{ FOOBAR} e: the contents of environment variable FOOBAR
% ... f: file name
% ... h: Remote host
% ... H The request protocol
%...{ Foobar} i: Foobar the content of the request sent to the server header line.
% ... l: remote logname (from identd, if supplied)
% ... m The request method
%...{ Foobar} n: a module from another Notes P: response to the request of the child process ID.
% ... q query string (if the query string, then contains a
% ... s: status. Request for an internal redirect, which refers to the * original * request state. If you use% ... s, refers to subsequent requests.
% ... t: the time format to the public log of time (or standard English format)
%...{ format} t: to specify the format, time format that
% .. . T: In response to the request time-consuming, in seconds,
% ... u: Remote user (from auth; if return status (% s) is 401 may be forged)
%. .. U: The URL path requested by the user
% ... v: the server to respond to requests ServerName
% ... V: UseCanonicalName set by the server according to the name
cache_store_log none
# As with other log file, Squid will write the latest log entries at the end of the file. A given URI may appear several times in the log file. For example, it is first cache, and then delete, and then another cache to live. Just before the recent log entries to reflect the objectives of the current value.
Log_fqdn: If a domain name, then Client, access.log will complete the domain name record. Otherwise, only records the IP address, because after the opening, squid need to access DNS to resolve the customer's domain name, will increase the server load, resulting in decreased performance.
ftp_user: If need to use anonymous ftp to get the file, then sends back the string as password.
Dns_children: Squid own procedures to deal with a dnsserver domain name Client-side needs, in general, when a greater use of proxy when, dns children set can handle more domain name request more fairly quickly, but too much dnsserver set the system will have considerable impact on performance, use the cache manger to see the use of each dnsserver number of how many decisions.
reference_age: object LRU, the ratio of big words, if they clear the cache of the object. Such as setting a week, if there is no access to action within a week, put the object removed from the cache, if the value is zero, then the object will be stored in the cache until the cache swap in the ceiling.
Read_time: When the proxy and web connection, after read_time the time to send data receiving station will be less than web break, there may be remote server or the sudden interruption of network connectivity and other factors.
Shutdown_lifetime: When the cache server when receiving SIGTERM, or SIGHUP, squid will use the client to issue
Err_html_text: users browsing the web, we often encounter non-existent or disconnected sites, squid itself will respond to an error message to the client, squid managers can use this parameter to change the response to the client's error message, to connect to the manager's homepage.
Deny_html_text: If they are in the case of access control fail to respond to one access fail message, squid itself provides a simple message, this feature can be used to connect to the homepage.
ipcache_size 1024
# ip cache corresponding to the size of 1024
ipcache_low 95
ipcache_high 95
fqdncache_size 1024 domain to 1024 full cache size (default 1024)
# prohibit caching
hierarchy_stoplist cgi-bin?
hierarchy_stoplist-i ^ https: ?
acl QUERY urlpath_regex-i cgi-bin ? . asp . php . jsp . cgi
acl denyssl urlpath_regex-i ^ https:
no_cache deny QUERY
no_cache deny denyssl
# URL above, there are several means that include experience cgi-bin and to https: Do not start the cache,
# There asp, cgi, php and other dynamic scripts do not cache,
# because these scripts are usually dynamic updates, so data is not synchronized.
# also https: / / cache is not open our e-commerce transactions because of the general,
# such as bank payments are based on this, if what the credit card number, the cache was not very dangerous.
example:
acl Local dst 10.0.1.0/24
cache deny Local
10.1.1.1 --- 255 destination address is the address of the file does not write all cached
acl HTML url_regex. html $
cache deny HTML
refused to write HTML caching suffix
acl XYZZY url_regex ^ [link widoczny dla zalogowanych] $
cache deny XYZZY
reject a site cache
acl Morning time 08:00-11:00
cache deny Morning
eight o'clock to ten point refused to write the cache
ACL's basic format is as follows: acl
or: acl list name control control targets
Eg: list of ip addresses from 192.168.0.2 to 192.168.0.10 on all computers
Acl advance 192.168.0.2-192.168.0.20/32
* Note that: squid will use the allow-deny-allow-deny ... .. in this order to apply the rules
example, when a user to access the proxy server, squid squid will be defined in the order of testing did not match all the rules, squid will be used contrary to the rules and the last one
acl cache_object urlpath_regex-i . jpg $ . png $ . htm . html . gif $ . swf $
no_cache deny! cache_object (not cache to the format defined above)
acl bmsDomain dstdomain. test.com
no_cache deny bmsDomain (not cached. test.com all files in the)
200,404 other error pages are not cached
acl badhttp http_status 200 301 500 - 400-403
http_access deny badhttp
match the user name contains the numbers
acl NumberInNname ident_regex [0-9]
allows for proxy authentication user name to use regular expressions
acl Admins proxy_auth_regex-i ^ admin
you want to view mgr information, such as mgr: info, etc., please add what statement
acl localhost src 127.0.0.1/255.255.255.255
acl Manager proto cache_object
http_access allow Manager localhost
want to manually force a refresh:
acl localhost src 127.0.0.1/255.255.255.255
acl Purge method PURGE
http_access allow Purge localhost
dns_children 120
refresh_pattern role:
refresh_pattern directive indirectly control the disk cache. It helps squid to decide whether a given request is a cache hit, or be treated as a missing cache. Relaxed setting to increase your cache hit rate, but also increased the opportunities for users to receive outdated response. On the other hand, the conservative set, reducing the cache hit rate and outdated response.
refresh_pattern rules apply only to the deadline date no clear response. Original server can use the Expires header or Cache-Control: max-age command to specify the date period.
refresh_pattern syntax is as follows:
refresh_pattern [-i] regexp min percent max [options]
example:
refresh_pattern ^ ftp:1440 20% 10080
refresh_pattern ^ gopher: 1440 0% 1440
refresh_pattern. 0 20% 4320
refresh_pattern-i . gif $ 180 90% ; 1440 reload-into-ims ignore-no-cache
refresh_pattern-i . jpg $ 180 90% ; 1440 reload-into-ims ignore-no-cache
refresh_pattern-i . wmv $ 1440 90% 2880 reload-into-ims ignore -no-cache
refresh_pattern-i [link widoczny dla zalogowanych] 1440 50% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private (caching dynamic file, you can do it, but personally think that meaningless)
############################################### ########################### beginning of the compile and install:
. / configure
- prefix = / opt / squid specify software installation path
- enable-delay-pools support flow control
- enable-async-io = 120 This is mainly to set async mode to run squid, my understanding is to set the thread to run with the squid, very good if the server is configured, there are more than 1G of memory, cpu use words the way SMP can be considered set
; 160 or higher. If the server is relatively poor set up under actual conditions. In addition this is also another cache
; file support aufs
- enable-auth ==
- enable-basic-auth-helpers =
; these two is to compile the user authentication module.
- enable-storeio = aufs, coss, diskd, ufs make squid support for these file systems
- enable-useragent-log URL parsing allowed under the program first appears, because the default squid would think that with underscore the URL address is illegal, and refused access to the address
- enable-referer-log request from the client the option to activate the HTTP referer log
- enable-kill-parent-hack off suqid time, you do not turn off along with the parent process
- enable-forward-log
- enable-snmp This option allows MRTG using SNMP protocol on the server monitors the status of traffic, so this must be selected so that Squid supports SNMP interfaces
- enable-cache-digests speed up the request, retrieve the contents of the cache speed.
- enable-default-err-language = Simplify_Chinese specify the error is the error page is displayed in Simplified Chinese
- enable-epoll can improve performance. squid is a single process, multiplexing, epoll is more efficient than select better.
- enable-removal-policies = heap, lru can use GDSF or LFUDA strategy. For small files, use the cache option GDSF
; selection algorithm than the default lru algorithm efficiency is higher
- enable-large- cache-files
- disable-internal-dns squid source code contains two different DNS solution, called Internal query is the default, but some people may want to use external technology. This option disables the internal functions, switch to the old way. The tool is one of the favorable place, squid obtain accurate DNS response TTLs.
- enable-x-accelerator-vary the advanced features may be configured in squid accelerator use. It recommended that squid in response to a request from the original server in the background looking for X-Accelerator-Vary header.
- enable-follow-x-forwarded-for
- with-large-files
- disable-ident-lookups to prevent the system requirements to use RFC931 identification method
- enable-underscore allows the requested URL is underlined
- disable-arp-acl can be set in the rules directly by the client's MAC address management to prevent customers using IP spoofing.
- enable-ssl squid to use the option given to terminate the SSL / TLS connection capacity. Note that this only works in web accelerator to speed the request
- with-filedescriptors = 65535 (3.0 to set the file descriptor size. 2.6 with a with-maxfd)
- enable-auth = basic
- enable-basic-auth-helpers = NCSA user authentication needs to be done to add
- enable-delay-pools restrict traffic, bandwidth to add
- enable-linux-netfilter
- enable-linux-tproxy
can support transparency above two Agent
Post został pochwalony 0 razy
|
|