Linux « VMware server - Virtualization | HOME | New PC 出来たよぉ〜!!! »
Proxy server can store the cache of the web site and when user accessed to the same web site again, the object will be loaded from the cache server. So the web browsing speed can be faster.
Setup squid
# yum install squid
# nano /etc/squid/squid.conf
# http_port 3128
http_port 8080
(Just indicate your proxy port.)
# none
cache_peer proxy-asia.com parent 8080 3130 no-query weight=3
cache_peer proxy-emea.com parent 8080 3130 no-query weight=2
cache_peer proxy-america.com parent 8080 3130 no-query weight=1
(If you have parent or sibling proxy server in your network, setup here. In my case, I have 3 parental proxy server. 8080 means proxy port on parent server. 3130 is ICP port which can be defaut. After that write down options. In my case, indicated no-query and weight. no-query means not to send ICP query to the other proxy server. Because if i send it to parent server, the parent server somehow rejects the query from this children server and the connection was lost. weight means which parent server will be priority server. The server with large figure can be the priority server. See the manual for details.)
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
(By above 3 lines, if the requested URL contains "cgi-bin" or "?", the query will directly goes to the requested web server. No cache is loaded from proxy server. If you want to setup an exception which will directly goes to the web server, you can setup here.)
acl HTML url_regex .html$
no_cache deny HTML
(No cache the objects containing .html in URL.)
acl XYZ url_regex ^http://www.mail.com/aaa.html$
no_cache deny XYZ
(No cache the objects retrieved from this server.)
acl Jobtime time 08:00-11:00
no_cache deny Jobtime
(No cache between the specified time.)
(^ = first character's match, $ = last character's match, ^abc$ = full match)
(For more details for ACL, visit here at http://squid.robata.org/faq_10.html)
acl hotmail dstdomain .hotmail.com
always_direct allow hotmail
acl query dst 10.81.0.0/255.255.0.0
always_direct allow query
(Always direct access for particular domain or IP address.)
# cache_mem 8 MB
cache_mem 128 MB
(Squid uses this amount of system momory.)
# maximum_object_size 4096 KB
maximum_object_size 5120 KB
(If the object is more than the size which you setup here, these cache will not be stored in proxy server.)
# cache_dir ufs /var/spool/squid 100 16 256
cache_dir ufs /opt/squid_cache 1024 16 256
(Setup the directory where cache is stored. 1024 means the folder size which unit is MB. 16 means 16 folders are created in the first hierarchy. 256 means 256 folders are created in second hierarchy.)
# emulate_httpd_log off
emulate_httpd_log on
(Change the format of date/time in a log file.)
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl lan src 10.81.255.0/255.255.255.0 <<<--- Add this line exactly in here. This is your network range.
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow lan <<<--- Add this line exactly in here.
http_access deny manager
# cache_mgr root
cache_mgr tomo@email.com
(This email address is shown on the error page as administrative person.)
# none
visible_hostname linux-tyo.com
(This hostname is shown on the error page.)
# forwarded_for on
forwarded_for off
(If you want to hide your IP address when you access to web site, set it to off.)
#none
never_direct allow all
(if you want to kill any direct connections to the web site, set this. For example, there is a firewall behind you and you can not connect internet without proxy server. Which means the port 80 is opened only for this proxy server.)
# Leave coredumps in the first cache dir
coredump_dir /opt/squid_cache
(Change this if you changed cache_dir.)
(Maybe you had better not change cache_dir since I had a trouble to create another cache_dir. If you wanna create cache_dir manually, execute squid -z, then the system creates cache_dir for you in the directory which you specified here. Or after the system created a default cache_dir by starting this daemon with a default cache_dir setup, you can move it to your appropriate directory and change squid.conf.)
# /etc/init.d/squid start
# chkconfig squid on
Clear cache
To clear cache,
# /etc/init.d/squid stop
# rm -rf /usr/local/squid/cache (This is setup in cache_dir.)
# squid -z
# /etc/init.d/squid start
Access Analysis
You can analyze the usage of proxy server with Webalizer.
# yum install webalizer
# nano /etc/webalizer.conf
LogFile /var/log/squid/access.log
OutputDir /var/www/html/log
LogType squid
(If you set "emulate_httpd_log" on in squid.conf, you need to specify "clf" here. Otherwise a log won't be generated.)
HistoryName /var/lib/webalizer/webalizer.squid.hist
IncrementalName /var/lib/webalizer/webalizer.squid.current
Try to execute and go to the web.
# webalizer
(If you want to indicate which conf file let the system read, use it with -c. Otherwise the system always read the file from "/etc/webalizer.conf".
And add it to crontab for daily report.
---------------------------
reference
http://squid.robata.org
Comment
お疲れ様でした