- 论坛徽章:
- 0
|
本文在FREEBSD系统上,利用大家熟知的SQUID代理软件配合RAMDISK技术和DNS CACHE服务器搭建了一个高速代理服务器。基于RAM的目录池(有时也叫做RAMDISK)可以显著的改善应用程序的性能,特别是对那些I/O比较剧烈的程序更是如此。因为在基于RAM的目录池中的所有I/O操作实际上都是在RAM中完成的。这个在FREEBSD上是很容易实现的。初步使用这个高速代理服务器发现访问网站速度的确有了质的飞跃。SQUID负责代理WWW,其他网络服务使用PF的NAT实现,并在PF中设置了SQUID透明代理(端口转发)。
服务器断电或关机后squid缓存的内容会随即消失,不过做为代理服务器不会经常关机的,这个应该是不什么问题。现在整理一下具体操作过程,有兴趣的朋友不妨一试。
作者:LLZQQ
联系:LLZQQ@126.COM
适用:普通用户
来源:WWW.CHINAUNIX.NET
1. 首先安装SQUID
1.0 利用ports 安装squid
# cd /usr/ports/www/squid
# vi Makefile
加入下面的编译参数
--disable-ident-lookups
--disable-internal-dns
--enable-pf-transparent
--enable-default-err-language=Simplify_Chinese
--disable-hostname-checks
# make install clean
1.1 配置squid服务
# vi /usr/local/etc/squid/squid.conf
===========+===========+===========+===========
http_port 127.0.0.1:3128 //squid服务器监听地址和端口
cache_mem 56 MB //squid内存使用大小控制
cache_swap_low 80 //cache目录空间使用控制
cache_swap_high 90 //cache目录空间使用控制
maximum_object_size_in_memory 32 KB//内存中最大可以cache多大的文件
cache_dir ufs /usr/local/squid/cache 200 16 256 //磁盘上cache目录大小设置
cache_access_log none //为了提高性能关掉了日志
cache_log none
cache_store_log none
emulate_httpd_log on //启用http日志格式
dns_children 15 //查询DNS服务器的线程数量
acl our_networks src 192.168.0.0/16 //定义LAN网段
http_access allow our_networks //允许通过定义的网段
http_access deny all //其他网段DENY掉
http_reply_access allow all //允许应答其他常用的一些请求
icp_access allow all //允许应答其他常用的一些请求
miss_access allow all //允许应答其他常用的一些请求
cache_mgr llzqq@126.com //squid管理员联系方法
visible_hostname llzqq.3322.org //squid主机名称
httpd_accel_port 80 //web主机端口
httpd_accel_single_host off //要是想用反向代理而且仅有一个主机开启此项
httpd_accel_with_proxy on //是否代理本地web主机
httpd_accel_host virtual //允许host_header,这是http1.1和透明代理要求的
httpd_accel_uses_host_header on //允许host_header,这是http1.1和透明代理要求的
error_directory /usr/local/etc/squid/errors/Simplify_Chinese//以何种语言显示错误
ie_refresh on //兼容老版本的IE浏览器
===========+===========+===========+===========
1.2 手动建立高速缓存
# mdmfs -M -s 204m -O time -o noatime -p 0700 -v 2 -w squid:squid md0 \
/usr/local/squid/cache
-M 代表创建一个malloc型,默认是swap
-O是优化,可选为time和space
-o为mount选项
-p是挂载点权限
-v是UFS版本(1、2)
-w是owner和group
md0是设备名
/usr/local/squid/cache是挂载点
注意,不用先创建md0, mdmfs会自己创建
详细参数说明在这里:http://www.freebsd.org/cgi/man.cgi?query=mdmfs&sektion=8
1.3 创建cache目录
# squid -z
1.4 定制squid启动教本
# vi /usr/local/etc/rc.d/squid.sh
===========+===========+===========+===========
#!/bin/sh
# llzqq@126.com
case "$1" in
start)
if [ ! /usr/local/squid/cache/00 ]; then
/usr/local/sbin/squid -D
echo "squid start successful"
else
/usr/local/sbin/squid –z
sleep 5
/usr/local/sbin/squid -D
fi
;;
stop)
/usr/local/sbin/squid -k kill
;;
reload)
/usr/local/sbin/squid -k reconfigure
;;
*)
echo "use: start|stop|reload"
;;
esac
exit 0
===========+===========+===========+===========
# chmod 555 /usr/local/etc/rc.d/squid.sh
1.5 设置开机自动挂载高速缓存
# vi /etc/fstab
在文件最后加入下面这行
/dev/md0 /usr/local/squid/cache mfs rw,-s204m 2 0
2. 安装DNS CAHCE服务器
2.0 利用ports安装bind
# cd /usr/ports/dns/bind9
# make install clean
# vi /etc/namedb/named.conf
===========+===========+===========+===========
acl "trust-lan" { 127.0.0.1/8; 192.168.0.0/16;};
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
version "0.0.0";
recursion yes;
allow-recursion {
"trust-lan";
};
auth-nxdomain no;
listen-on { 192.168.0.20; 192.168.1.10; 127.0.0.1; };
forwarders {
202.99.160.68;
202.99.168.8;};
};
logging {
channel warning
{ file "/var/log/named/dns_warnings" versions 3 size 1240k;
severity warning;
print-category yes;
print-severity yes;
print-time yes;
};
channel general_dns
{ file "/var/log/named/dns_logs" versions 3 size 1240k;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { warning; };
category queries { general_dns; };
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
===========+===========+===========+===========
2.1 更新根区文件
# cd /etc/namedb
# rm named.root
# wget ftp://ftp.internic.org/domain/named.root
2.2 创建日志文件
# mkdir /var/log/named/
# touch /var/log/named/dns_warnings
# touch /var/log/named/dns_logs
# chown bind:wheel /var/log/named/*
2.3 生成localhost.rev
# cd /etc/namedb
# chmod 755 make-localhost
# ./make-localhost
2.4 生成rndc-key
# cd /usr/local/etc
# /usr/local/sbin/rndc-confgen > rndc.conf
把rndc.conf中:
# Use with the following in named.conf, adjusting the allow list as needed:
后面以的部分加到/etc/namedb/named.conf中并去掉注释
2.5 运行测试
# /usr/local/sbin/named -gc /etc/namedb/named.conf
23-Jan-2006 21:03:03.224 starting BIND 9.3.2 -gc /etc/namedb/named.conf
23-Jan-2006 21:03:03.229 loading configuration from '/etc/namedb/named.conf'
23-Jan-2006 21:03:03.230 no IPv6 interfaces found
23-Jan-2006 21:03:03.230 listening on IPv4 interface rl0, 192.168.0.20#53
23-Jan-2006 21:03:03.230 listening on IPv4 interface rl1, 192.168.1.10#53
23-Jan-2006 21:03:03.231 listening on IPv4 interface lo0, 127.0.0.1#53
23-Jan-2006 21:03:03.235 command channel listening on 127.0.0.1#953
23-Jan-2006 21:03:03.235 ignoring config file logging statement due to -g option
23-Jan-2006 21:03:03.254 zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 20051219
23-Jan-2006 21:03:03.254 running
2.6 状态检查
# rndc status
number of zones: 1
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
2.7 建立启动脚本
# vi /usr/local/etc/rc.d/named.sh
================+==============+==============
#!/bin/sh
# Start and Stop BIND Service on FreeBSD
# LLZQQ@126.COM
#
. /etc/rc.subr
name="named"
start_cmd="start"
stop_cmd="stop"
start()
{
if [ "$named_enable" = "YES" ]; then
/usr/local/sbin/named -u bind -c /etc/namedb/named.conf &
echo "named started"
fi
}
stop()
{
pkill named
echo "named stoped"
}
load_rc_config $name
run_rc_command "$1"
================+==============+==============
# chmod 555 /usr/local/etc/rc.d/named.sh
3. 防火墙设置
# vi /etc/pf.conf
================+==============+==============+==============
ext_if = "{ fxp0 }"
int_if = "{ rl0, rl1 }"
int_net = "{ 192.168.0.0/16 }"
loop = "lo0"
noroute = "{ 127.0.0.1/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 255.255.255.255/32 }"
ports = "{ 20, 21, 22, 25, 53, 80, 110 }"
squid = "{127.0.0.1}"
set block-policy return
set optimization aggressive
set loginterface fxp0
set skip on lo0
scrub in all
nat on $ext_if from $int_net to any -> $ext_if
### squid transparent
rdr on $int_if proto tcp from any to any port 80 -> $squid port 3128
antispoof for $ext_if inet
block all
block return
block in quick on $ext_if os NMAP
block in quick on $ext_if from $noroute to any
block out quick on $ext_if from any to $noroute
pass quick on $loop all
pass quick on $int_if all
pass in on $ext_if proto {tcp,udp} from any to any port $ports keep state
pass in quick proto tcp from any to any port 55000 >< 56000 keep state
pass out on $ext_if all keep state
================+==============+==============+==============
4. 其他一些网络的设置
# vi /etc/rc.conf
hostname="llzqq.3322.org"
defaultrouter="61.211.x.x"
ifconfig_rl0="inet 192.168.0.20 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.1.10 netmask 255.255.255.0"
ifconfig_fxp0="inet 61.211.x.x netmask 255.255.255.224"
named_enable="YES"
pf_enable="YES" # Set to YES to enable packet filter (pf)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_program="/sbin/pfctl" # where the pfctl program lives
pf_flags="" # additional flags for pfctl
pflog_enable="YES" # Set to YES to enable packet filter logging
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_program="/sbin/pflogd" # where the pflogd program lives
pflog_flags=""
# vi /etc/resolv.conf
nameserver 211.98.2.4
nameserver 202.99.168.8
nameserver 202.99.160.68
# vi /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.check_interface=1
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535
# vi /boot/loader.conf
kern.maxfiles="65536"
客户端设置网关和DNS的IP地址为这台SQUID代理服务器的IP地址。
到此完成。
[ 本帖最后由 llzqq 于 2006-2-1 08:49 编辑 ] |
|
免费注册
发表于 2006-01-23 21:28
发表于 2006-01-23 21:33
发表于 2006-01-23 21:42
