old document about 3 years ago
using reverse proxy to increase customer visit speed, concurrent performance etc,we use squid cluster to cache our dynamic jsp file before our web server cluster.
first compile with gcc under linux, without openssl, if u want,pls compile with the -with-openssl option,then make&make install
./configure --prefix=/opt/squid --disable-internal-dns --enable-async-io --enable-storeio=diskd,ufs --enable-removal-policies --e
nable-cache-digests --enable-poll --enable-gnuregexedit the default squid.conf, open HTTPD-ACCELERATOR OPTIONS and others like http_port, our simple config file below:
http_port 80
#https_port 443 cert=/etc/ssl/cacert.pem key=/etc/ssl/privkey.pem
icp_port 0
hierarchy_stoplist cgi-bin ?
cache_mem 128 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 6144 KB
maximum_object_size_in_memory 512 KB
ipcache_size 2048
fqdncache_size 2048
cache_replacement_policy heap GDSF
memory_replacement_policy heap LRU
cache_dir diskd /opt/cachedir 2048 32 256
#cache_access_log /opt/squid/var/logs/access.log
logformat combined %>a %ui %un [%{%d/%b/%Y:%H:%M:%S +0000}tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h"
cache_access_log /opt/squid/var/logs/access.log combined
cache_log /opt/squid/var/logs/cache.log
cache_store_log none
emulate_httpd_log on
debug_options ALL,1
dns_children 32
hosts_file /etc/hosts
redirect_children 50
redirect_rewrites_host_header off
auth_param basic children 50
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern -i .jsp 360 25% 720 override-expire ignore-reload
refresh_pattern -i .php 360 20% 720 override-expire ignore-reload
refresh_pattern -i .htm 360 25% 720 override-expire ignore-reload
refresh_pattern -i .html 360 25% 720 override-expire ignore-reload
refresh_pattern -i .js 360 25% 720 override-expire ignore-reload
connect_timeout 2 minute
peer_connect_timeout 60 seconds
read_timeout 10 minutes
request_timeout 60 seconds
persistent_request_timeout 60 seconds
client_lifetime 10 minutes
half_closed_clients off
pconn_timeout 1 seconds
ident_timeout 5 seconds
shutdown_lifetime 45 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl trust_group 123.123.123.0/255.255.255.0
acl SSL_ports port 443 563i
acl CONNECT method CONNECT
acl PURGE method PURGE
acl Safe_ports port 80 # http
acl Safe_ports port 443 563 # https, snews
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow trust_group
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr admin@youdomain.com
visible_hostname squid.youdomain.com
httpd_accel_port 80
httpd_accel_host 222.60.80.65
httpd_accel_single_host off
httpd_accel_with_proxy off
httpd_accel_uses_host_header on
memory_pools off
memory_pools_limit 100 MB
coredump_dir /opt/squid/var/cache
ie_refresh offin the config file, i patched squid 2.5 with the customlog patch from squid-cache.org, using refresh_pattern to force squid cache the jsp/php file and ie_fresh to anti the F5 fresh under ms ie and open the ssl port as u wish etc.ps: increase system file-max parameters to anti squid run out of filedescriptor(squid max use 32768,suggest to change file-max more than it), otherwise in high traffic squid will run out of file descrptor and response slow and slow.
the last thing is the /etc/hosts file, edit it to add the reverse cache domain name and ip address which resolve to the behind web server. DON'T use the outside name server.