squid正向代理配置详解 squid启动脚本代码分享

# tar xvzf squid-3.2.3.tar.gz
# cd squid-3.2.3
# ./configure --prefix=/usr/local/squid
--enable-dlmalloc
--enable-gnuregex
--disable-carp
--enable-async-io=100
--with-aufs-threads=32
--with-pthreads
--enable-storeio="ufs,aufs"
--enable-removal-policies="heap,lru"
--enable-icmp
--enable-htcp
--enable-delay-pools
--enable-useragent-log
--enable-referer-log
--disable-wccp
--disable-wccpv2
--enable-kill-parent-hack
--enable-arp-acl
--disable-snmp
--enable-default-err-language=Simplify_Chinese
--enable-err-languages="Simplify_Chinese English"
--disable-poll
--disable-select
--enable-epoll
--enable-auth
--enable-auth-basic="DB,NCSA,PAM,RADIUS,SASL"
--with-aio
--disable-ident-lookups
--enable-truncate
--enable-stacktraces
--with-maxfd=65535
--disable-ipv6
--enable-ipf-transparent
--enable-linux-netfilter
# make && make install

# mkdir -p /data/squid/{cache,coredump,logs}

# /usr/sbin/groupadd squid
# /usr/sbin/useradd squid -g squid -s /sbin/nologin

# chmod -R 777 /data/squid/{cache,coredump,logs}
# chown -R squid:squid /data/squid/{cache,coredump,logs}

# vim /usr/local/squid/etc/squid.conf
http_port 内网口IP:8080

cache_effective_user squid
cache_effective_group squid

cache_mem 2048 MB
cache_swap_low 90
cache_swap_high 95

ipcache_size 1024
ipcache_low 90
ipcache_high 95

cache_replacement_policy lru
memory_replacement_policy lru

cache_dir aufs /data/squid/cache 20480 16 256
coredump_dir /data/squid/coredump

memory_pools_limit 1024 MB
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 32768 KB
maximum_object_size_in_memory 2048 KB

#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" >Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /dev/null
cache_access_log none

cache_log /dev/null
cache_store_log none

cache_swap_log /data/squid/logs/swap.log

logfile_rotate 1
pid_filename /usr/local/squid/var/logs/squid.pid

cache_mgr admin@jb200.com
strip_query_terms off
visible_hostname ProxySrv
error_directory /usr/local/squid/share/errors/zh-cn

request_header_max_size 64 KB
request_body_max_size 0 KB

negative_ttl 5 minutes
read_timeout 1 minutes
client_lifetime 10 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
request_timeout 2 minutes
persistent_request_timeout 1 minute

client_persistent_connections off
server_persistent_connections on
tcp_recv_bufsize 65535 bytes
half_closed_clients off
httpd_suppress_version_string off
ie_refresh off
allow_underscore on

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|?) 0     0%      0
refresh_pattern .               0       20%     4320

dns_nameservers DNS服务器IP

acl OverConnLimit maxconn 300
http_access deny OverConnLimit

acl our_network src 192.168.0.0/16
http_access allow our_network

acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports

request_header_access Via deny all
request_header_access X-Forwarded-For deny all

# vim /etc/init.d/squid
#!/bin/sh
#========
# squid - this script start and stop the squid daemon
#
# chkconfig: - 90 25
# description: squid is a pagecache reverse proxy.
# processname: squid
# pidfile: /usr/local/squid/var/logs/squid.pid
# config: /usr/local/squid/etc/squid.conf
#
#=======
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

BINFILE="/usr/local/squid/sbin/squid"
CFGFILE="/usr/local/squid/etc/squid.conf"
PIDFILE="/usr/local/squid/var/logs/squid.pid"
LOCKFILE="/var/lock/squid.lock"
CACHEPATH="/data/squid/cache"
OUTFILE="/data/squid/logs/squid.out"

SQUID_OPTS=${SQUID_OPTS:-"-D"}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}

[ -f $BINFILE ] && SQUID="${BINFILE}"

CACHE_SWAP=`sed -e 's/#.*//g' ${CFGFILE} | grep cache_dir | awk '{print $3}'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP="${CACHEPATH}"

RETVAL=0

start() {
       if [ ! -f ${CFGFILE} ]; then
               echo "The configuration file: ${CFGFILE} has no found!" 1>&2
               exit 6
       fi

       SQUID_OPTS="-s -f ${CFGFILE}"
       SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
       SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}

       if [ -z "$SQUID" ]; then
               echo "Insufficient privilege" 1>&2
               exit 4
       fi

       for adir in $CACHE_SWAP
       do
               if [ ! -d $adir/00 ]; then
                       echo -n "init_cache_dir $adir"
                       $SQUID -z -F -D >> ${OUTFILE} 2>&1
               fi
       done

       echo -n "Starting squid..."
       $SQUID $SQUID_OPTS >> ${OUTFILE} 2>&1

       RETVAL=$?

       if [ $RETVAL -eq 0 ]; then
               timeout=0;

               while :
               do
                       [ ! -f ${PIDFILE} ] || break

                       if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
                               RETVAL=1
                               break
                       fi

                       sleep 1 && echo -n "."
                       timeout=$((timeout+1))
               done
       fi

       echo
       [ $RETVAL -eq 0 ] && touch ${LOCKFILE}
       [ $RETVAL -eq 0 ] && echo "start squid is ok!"
       [ $RETVAL -ne 0 ] && echo "start squid is failed!"

       return $RETVAL
}

stop() {
       SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}
       echo -n "Stopping squid..."
       $SQUID -k check >> ${OUTFILE} 2>&1

       RETVAL=$?

       if [ $RETVAL -eq 0 ]; then
               $SQUID -k shutdown &
               rm -f ${LOCKFILE}

               timeout=0

               while :
               do
                       [ -f ${PIDFILE} ] || break

                       if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
                               echo ""
                               return 1
                       fi

                       sleep 2 && echo -n "."
                       timeout=$((timeout+2))
               done

               echo
               echo "Stop squid is ok!"
       else
               echo
               echo "Stop squid is failed!"
               if [ ! -e ${LOCKFILE} ]; then
                       RETVAL=0
               fi
       fi

       return $RETVAL
}

restart() {
       stop
       sleep 1
       start
}

case "$1" in
start)
       start
       ;;

stop)
       stop
       ;;

reload)
       SQUID_OPTS=${SQUID_OPTS:-"-D"}
       $SQUID -k reconfigure -f ${CFGFILE}
       ;;

restart)
       restart
       ;;

condrestart)
       [ -e ${LOCKFILE} ] && restart || :
       ;;

*)
       echo $"Usage: $0 {start|stop|reload|restart|condrestart}"
       exit 2
esac

exit $RETVAL

#!/bin/sh
#-------
# check health status for squid proxy
#-------
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin

PORT='8080'
ETH1_ADDR=`/sbin/ifconfig eth1 | awk -F ':' '/inet addr/{print $2}' | sed 's/[a-zA-Z ]//g'`

if [ ! -e /usr/local/squid/sbin/squid ]; then
       echo "The squid service has no been installed ^_^"
       exit 1
fi

## 服务挂掉的情况
retval=`ps aux | grep 'sbin/squi[d]' | wc -l`
if [ ${retval} -eq 0 ]; then
       /sbin/service squid restart >/dev/null 2>&1
       exit 0
fi

## 服务僵死的情况
retval=`/usr/local/squid/bin/squidclient -s -h ${ETH1_ADDR} -p ${PORT}`
if [ "${retval}X" != "X" ]; then
       /sbin/service squid restart >/dev/null 2>&1
fi