aamall

2011年01月18日

[いまさら] イカ娘でキャッシュサーバ

光の時代にキャッシュサーバの実用性は求めない。
単なる知的好奇心のためインストール

・公式HP
http://www.squid-cache.org/

▼インストール
# wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.10.tar.gz
# tar xvfz squid-3.1.10.tar.gz
# cd squid-3.1.10 ; pwd

# ./configure \
--prefix=/usr/local/squid \
--enable-useragent-log \
--enable-referer-log \
--enable-linux-netfilter \
--enable-removal-policies="heap,lru" \
--enable-storeio="diskd,ufs" \
--disable-ipv6 \
--disable-ident-lookups \
--disable-internal-dns

# make
# make install

# touch /etc/sysconfig/squid

▼アカウント作成
# useadd -d /usr/local/squid -s /sbin/nologin squid
# chown -R squid:squid /usr/local/squid/var/

▼設定(詳細は/usr/local/squid/etc/squid.conf.documentedを参照)
# vi /usr/local/squid/etc/squid.conf

### ACL
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl homenet src 192.168.11.0/24
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow homenet
http_access allow localhost
http_access deny all

# Squid normally listens to port 3128
http_port 8080 transparent

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /usr/local/squid/var/cache 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/var/cache

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 ignore-reload ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 43200 ignore-reload ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 ignore-reload ignore-no-cache ignore-no-store ignore-must-revalidate ignore-private
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 40% 40320

### SEQULITY
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all

### USE
cache_effective_user squid
cache_effective_group squid

### CACHE
maximum_object_size_in_memory 512 KB
maximum_object_size 10240 KB
cache_dir ufs /usr/local/squid/var/cache 1024 16 256

### LOGS
access_log /usr/local/squid/var/logs/access.log squid
cache_store_log /usr/local/squid/var/logs/store.log squid

### PID
pid_filename /usr/local/squid/var/run/squid.pid

### MEMORY
memory_pools on
memory_pools_limit 256 MB

▼起動
# vi /etc/init.d/squid

#!/bin/bash
# squid This shell script takes care of starting and stopping
# Squid Internet Object Cache
#
# chkconfig: - 90 25
# description: Squid - Internet Object Cache. Internet object caching is \
# a way to store requested Internet objects (i.e., data available \
# via the HTTP, FTP, and gopher protocols) on a system closer to the \
# requesting site than to the source. Web browsers can then use the \
# local Squid cache as a proxy HTTP server, reducing access time as \
# well as bandwidth consumption.
# pidfile: /usr/local/squid/var/run/squid.pid
# config: /usr/local/squid/etc/squid.conf

PATH=/usr/local/squid/sbin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
export PATH

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# don't raise an error if the config file is incomplete
# set defaults instead:
#SQUID_OPTS=${SQUID_OPTS:-"-D"}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}

# determine the name of the squid binary
[ -f /usr/local/squid/sbin/squid ] && SQUID=/usr/local/squid/sbin/squid

prog="$SQUID"

# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' /usr/local/squid/etc/squid.conf | \
grep cache_dir | awk '{ print $3 }'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP=/usr/local/squid/var/cache

RETVAL=0

start() {

#check if the squid conf file is present
if [ ! -f /usr/local/squid/etc/squid.conf ]; then
echo "Configuration file /usr/local/squid/etc/squid.conf missing" 1>&2
exit 6
fi
. /etc/sysconfig/squid

# don't raise an error if the config file is incomplete.
# set defaults instead:
#SQUID_OPTS=${SQUID_OPTS:-"-D"}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}

if [ -z "$SQUID" ]; then
echo "Insufficient privilege" 1>&2
exit 4
fi

for adir in $CACHE_SWAP; do
if [ ! -d $adir/00 ]; then
echo -n "init_cache_dir $adir... "
$SQUID -z -F -D >> /usr/local/squid/var/logs/squid.out 2>&1
fi
done
echo -n $"Starting $prog: "
$SQUID $SQUID_OPTS >> /usr/local/squid/var/logs/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
timeout=0;

while : ; do
[ ! -f /usr/local/squid/var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
RETVAL=1
break
fi
sleep 1 && echo -n "."
timeout=$((timeout+1))
done
fi
[ $RETVAL -eq 0 ] && touch /usr/local/squid/var/run/squid.pid
[ $RETVAL -eq 0 ] && echo_success
[ $RETVAL -ne 0 ] && echo_failure
echo
return $RETVAL
}

stop() {
. /etc/sysconfig/squid

# don't raise an error if the config file is incomplete.
# set defaults instead:
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}

echo -n $"Stopping $prog: "
$SQUID -k check >> /usr/local/squid/var/logs/squid.out 2>&1
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
$SQUID -k shutdown &
timeout=0
while : ; do
[ -f /usr/local/squid/var/run/squid.pid ] || break
if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
echo
return 1
fi
sleep 2 && echo -n "."
timeout=$((timeout+2))
done
echo_success
echo
else
echo_failure
if [ ! -e /usr/local/squid/var/run/squid.pid ]; then
RETVAL=0
fi
echo
fi
return $RETVAL
}

reload() {
. /etc/sysconfig/squid
# don't raise an error if the config file is incomplete.
# set defaults instead:
#SQUID_OPTS=${SQUID_OPTS:-"-D"}

$SQUID $SQUID_OPTS -k reconfigure
}

restart() {
stop
start
}

condrestart() {
[ -e /usr/local/squid/var/run/squid.pid ] && restart || :
}

rhstatus() {
status $SQUID && $SQUID -k check
}

probe() {
return 0
}

case "$1" in
start)
start
;;

stop)
stop
;;

reload)
reload
;;

restart)
restart
;;

condrestart)
condrestart
;;

status)
rhstatus
;;

probe)
exit 0
;;

*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 2
esac

exit $?

# chmod 755 /etc/init.d/squid
# chkconfig --add squid
# chkconfig squid on

# /etc/init.d/squid start

# ps awwxu | grep squid
root 10534 0.0 0.0 4008 592 pts/5 R+ 00:58 0:00 grep squid
root 12031 0.0 0.1 6832 1304 ? Ss Jan17 0:00 /usr/local/squid/sbin/squid
squid 12033 0.6 9.8 104416 101488 ? S Jan17 1:15 (squid)
squid 12040 0.0 0.0 2880 812 ? S Jan17 0:00 (unlinkd)
squid 14944 0.0 0.1 3212 1220 ? S 00:22 0:00 (dnsserver)
squid 14945 0.0 0.1 3212 1204 ? S 00:22 0:00 (dnsserver)
squid 14946 0.0 0.1 3212 1208 ? S 00:22 0:00 (dnsserver)
squid 14947 0.0 0.1 3212 1208 ? S 00:22 0:00 (dnsserver)
squid 14948 0.0 0.1 3212 1204 ? S 00:22 0:00 (dnsserver)
[root@fw-tuzzy etc]#

▼透過プロキシ設定
# iptables -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
# iptables -t nat -A POSTROUTING -o eth0-s $_MY_NETWORK -j MASQUERADE

※eth1=インターナル側NIC eth0=グローバル側NIC

▼ログ確認
# tail -F /usr/local/squid/var/logs/access.log
TCP_HIT|TCP_MEM_HITがあると気持ちいいw

tuzzy92 at 01:21│Comments(0)SQUID | LINUX

コメントする

名前
URL
 
  絵文字