Using squid to build a proxy server on windows_PHP tutorial

Use squid to build a proxy server on windows

In this article, the SQUID is placed on the machine 172.20.65.201, and the application WEB SERVER IP is 172.20.65.203, where the SQUID is listening on port 80 on 201 , the test client machine is 172.20.65.231, # in squid.conf represents a comment, so to enable a certain setting, you need to remove the preceding #. The TAG label represents the setting of each function item.

1. Download

Download SQUID FOR WINDOWS (the version I am using is Squid 2.7.STABLE6, the configuration of each version may be slightly different, please pay attention)

2. Install
Extract SQUID to c:squid (of course it can also be decompressed in other drive letters)

3. Create disk cache and log directories
The default is Create it under the installation disk. In order to ensure a significant improvement in performance, select a drive letter with a larger disk space capacity, such as: create a d:squidvar directory, create logs and cache directories under the var directory, where the logs directory is used to store logs. The cache directory is used to store hard disk cache data.

4. Establish cache directory operation permissions
In order to enable the captured data to be stored in the cache directory, create a system account such as squidApp and make it belong to the ordinary user group. Change d :squid just grant the user read and write permissions.

5. File changes
c:squidetc is the storage place for SQUID configuration information. To ensure safety, before you modify the configuration file, please back it up and then change squid.conf. Default is changed to squid.conf,
mime.conf.default is changed to mime.conf, cachemgr.conf.default is changed to cachemgr.conf

6. Configure SQUID
for SQUID Generally speaking, most of the configurations are in squid.conf. The environment used in this article is as follows:

Turn on the following access control [plain]view plaincopy

1. aclallsrcall
2. aclmanagerprotocache_object
3. acllocalhostsrc127.0.0.1/32
4. aclto_localhostdst127.0.0.0/8
5. acllocalnetsrc172.16.65.231/255.255.0.0Specify the local network and mask

Open access port [plain] view plaincopy

1. aclSSL_portsport443
2. aclSafe_portsport80#http
3. aclSafe_portsport21#ftp
4. aclSafe_portsport443#https
5. aclSafe_portsport70#gopher
6. aclSafe_portsport210#wais
7. aclSafe_portsport1025-65535#unregisteredports
8. aclSafe_portsport280#http-mgmt
9. aclSafe_portsport488#gss-http
10. aclSafe_portsport591#filemaker
11. aclSafe_portsport777#multilinghttp
12. aclCONNECTmethodCONNECT

Turn on access control, please be sure to pay attention to the order [plain]view plaincopy

1. http_accessallowmanagerlocalhost
2. http_accessdenymanager
3. http_accessdeny!Safe_ports
4. http_accessdenyCONNECT!SSL_ports
5. http_accessallowall
6. http_accessallowlocalnet
7. http_accessdenyall

Specify SQUID to listen on port 80, vhost specifies the use of acceleration mode, http_prot should be 3128 by default, you can search http_prot in the configuration file to view [plain]view plaincopy

1. http_port80vhost

172.20.65.203 Backend WEB SERVER, parent refers to the parent node, 80 refers to the port of the backend website, 0 ICP service port, no-query originserver option when obtaining cache [plain] view plaincopy

1. cache_peer172.20.65.203parent800no-queryoriginserver

Cache settings [plain] view plaincopy

1. maximum_object_size_in_memory1024KB
2. cache_dirufsd:/ squid/var/cache102416256 Note the path
3. maximum_object_size4096KB
4. cache_swap_low90
5. cache_swap_high95

Log settings [plain] view plaincopy

1. access_logd: /squid/var/logs/access.logsquid access log
2. cache_logd:/squid/var/logs/cache.log
3. cache_store_logd:/squid/var/logs/store.log
4. emulate_httpd_logon

Control page cache content [plain]view plaincopy

1. refresh_pattern^ftp:144020 080
2. refresh_pattern^gopher:14400 40
3. refresh_pattern-i(/cgi-bin/|?)00%0
4. refresh_pattern.020C20
5. refresh_pattern-i.css$2050 0reload-into-ims
6. refresh_pattern-i.xml$2050 0reload-into-ims
7. refresh_pattern- i.html$2090 0reload-into-ims
8. refresh_pattern-i.jpg$2090 0reload-into-ims
9. refresh_pattern-i.png$2090 0reload-into-ims
10. refresh_pattern-i.gif$2090 0ignore-reload
11. refresh_pattern-i.js$2090 0reload-into-ims
12. refresh_pattern-i.htm$2090 0reload-into-ims

Set up mailbox
[plain]view plaincopy

1. cache_mgrwebmaster_breeze

Set up local host file [plain]view plaincopy

1. hosts_filec:/windows/system32/drivers/etc/hosts

7. Install service
Install Squid as a service, command format: [plain]view plaincopy

1. squid-i[-fconfigfile][-nservicename], such as c:squidsbinsquid-i-nSquid_Proxy

8. Initialize the cache directory
[plain]view plaincopy

1. c:squidsbinsquid-z

9. Start the Squid_Proxy service
Run services.msc to open the service window and select the Squid_Proxy service. If 90% of errors occur during the startup process, there is a problem with the configuration file.

10. squid command
[plain]view plaincopy

1. squid-kreconfigure//Enable new configuration file
2. squid-krotate//Truncate log
3. squid-kshutdown//stopsquid
4. squid-dx debugs when the service cannot be started

For more configuration, please refer to the document

4. SQUID Test
Find a machine for testing and check the access.log log. If TCP_DENY information appears, it may be that the configuration is incorrect. If the following message TCP_MEM_HIT/200 appears, it means that SQUID has taken effect, and the request is responded from the memory of the machine where SQUID is running.

######################
Common debugging commands
############# #########

1. Initialize the cache directory you configured in squid.conf
#squid/sbin/squid -z //Start the squid service for the first time This command must be entered

If there is an error message, please check the permissions of your cache directory.

2. Troubleshoot your squid.conf, that is, verify the syntax and configuration of squid.conf.

#squid/sbin/squid -k parse

If there is a syntax or configuration error in squid.conf, you will be prompted here. If not, congratulations, you can try to start Squid.

3. Start Squid in the foreground and output the startup process.

#squid/sbin/squid -N -d1
If there are ready to server reques, congratulations, the startup is successful.

Then ctrl c to stop Squid and start it running in the background.

4. Start Squid to run in the background.

#squid/sbin/squid -s

At this time, you can use ps -A to view the system processes, and you can see two squid processes.

5. Stop squid

#squid/sbin/squid -k shutdown
No need to explain this.

6. Reboot the modified squid.conf

#squid/sbin/squid -k reconfigure

This is probably used more often. When you find that your When the configuration is not what you want, you can modify squid.conf at any time, and don't forget to troubleshoot your squid.conf, and then execute this command to make running Squid run according to your squid.conf again.

7. Add squid to the system startup items

Edit /etc/rc.d/rc.local
Add the following line: /usr/local/squid/sbin/squid -s

Of course, not everyone likes this startup method. You can use the method you are most comfortable with; or install it as a service.

Others

1. Modify the permissions of the cache directory.

#chown -R squid:squid /home/cache

My cache directory is /home/cache, and the squid execution user and user group are squid, squid.

2. Modify the permissions of the squid log directory

#chown -R squid:squid /usr/local/squid/var/logs
This step is not suitable for every user who uses squid. It means to let squid Have permission to write in this directory.

For example, generate access.log cache.log store.log

3. Check your log document.

#more /usr/local/squid/var/logs/access.log | grep TCP_MEM_HIT
This command can see which files are cached by Squid in the memory during the running of Squid and returned to access. user.
#more /usr/local/squid/var/logs/access.log | grep TCP_HIT
This command can see which files are cached by Squid into the cache directory during the running of Squid and returned to Access user.
#more /usr/local/squid/var/logs/access.log | grep TCP_MISS
This command can see which files are not cached by Squid during the running of Squid, but are now copied to the original server. Get and return to the accessing user.
For information about parameters and representatives such as TCP_XXXX, please refer to Chapter 13.2.1 of "Squid Chinese Authoritative Guide" by Peng Yonghua.

Of course, the blue text in this example can be modified to other parameters, such as your domain name. You can also see the line about the domain name in access.log.

4. squid -k rotate rotates the Squid log file /var/log/squid. The growth rate of the Squid proxy server log file
is amazing and easy. Penalty balls fill up the disk space, causing the system to not work properly or even crash. In order to solve the problem of log files growing too fast, Squid adopts the "rotation" method. In squid.conf, you can set the number of file rotations through logfile_rotate. For example:
logfile_rotate 10. The rotation work is generally done by crontab timer in periodic log rotation. For example, if log rotation is performed at 2:00 am every Saturday, execute the following command: crontab -e
0 2 * * 6 squid -k rotate
Tips: Squid’s default error message is in English, which is really inconvenient for users who are not good at English. Add the following to /etc/squid/squid.conf:
error_directory /usr/share/squid/errors/Simplify_Chinese will display Chinese error prompts.

http://www.bkjia.com/PHPjc/1127279.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1127279.htmlTechArticleUsing squid to build a proxy server on windows. In this article, the SQUID is placed on the machine 172.20.65.201, and the application WEB SERVER IP is 172.20.65.203, where SQUID is listening on port 80 on 201, test client...