web前端 https 缓存加速squid 3.3.8 实战【原创】 -凯发k8网页登录

都知道 http加速器现在 varnish 比 squid 名声大，所以先整了一把varnish，但是研究之后，发现不支持ssl，只得作罢，开始换上squid.

到网上下了一个最新版 3.3.8，开始搜索配置资料，发现都是以前的旧的，不适用，后来发现了一个针对3.0的配置: 按照提示安装完成了，启用了 --enable-ssl选项。

后来又参考官方文档加上了https支持，参考：但是很不辛，居然报错：“fatal: http(s)_port: defaultsite option requires acceleration mode flag.”

然后根据提示去查找https_port用法，参考资料：原来是缺少[mode]选项，根据我的需要，加了“accel”，问题解决.

具体业务的完整配置参考附件。

https_port 443 cert=/usr/local/squid/cert.pem key=/usr/local/squid/cert.key accel defaultsite=img0-yoursite.yourdomain.com vhost
cache_peer 1.2.3.4 parent 80 0 no-query originserver ssl sslflags=dont_verify_peer name=img0
acl sites_server_img0 dstdomain img0-yoursite.yourdomain.com
cache_peer_access img0 allow sites_server_img0
http_access allow sites_server_img0

https_port 443 cert=/usr/local/squid/cert.pem key=/usr/local/squid/cert.key accel defaultsite=img1-yoursite.yourdomain.com vhost
cache_peer 1.2.3.4 parent 80 0 no-query originserver ssl sslflags=dont_verify_peer name=img1
acl sites_server_img1 dstdomain img1-yoursite.yourdomain.com
cache_peer_access img1 allow sites_server_img1
http_access allow sites_server_img1

####base######
visible_hostname localhost
cache_mgr xiaomage234@163.com
cache_effective_user nobody
cache_effective_group nobody
####cache#####
cache_mem 600 mb
cache_swap_low 90
cache_swap_high 95
maximum_object_size 12000 kb
maximum_object_size_in_memory 1024 kb
cache_dir ufs /usr/local/squid/var/cache 10000 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
#####no-cache##########
hierarchy_stoplist cgi-bin ?/.php
acl query urlpath_regex cgi-bin /?/.php
#acl direct url_regex -i ^http://192.168.0.201
cache deny query
#cache deny direct
#####refresh_pattern####
refresh_pattern ^ftp: 60 20% 10080
refresh_pattern ^gopher: 60 0% 1440

refresh_pattern ^gopher: 60 0% 1440
refresh_pattern . 0 20% 1440
refresh_pattern -i /.css$       360     50%     2880     reload-into-ims
refresh_pattern -i /.js$        1440    50%     2880     reload-into-ims
refresh_pattern -i /.html$      720     50%     1440     reload-into-ims
refresh_pattern -i /.jpg$       1440    90%     2880     ignore-reload
refresh_pattern -i /.gif$       1440    90%     2880     ignore-reload
refresh_pattern -i /.swf$       1440    90%     2880     ignore-reload
refresh_pattern -i /.jpg$       1440    50%     2880     ignore-reload
refresh_pattern -i /.png$       1440    50%     2880     ignore-reload
refresh_pattern -i /.bmp$       1440    50%     2880     ignore-reload
refresh_pattern -i /.doc$       1440    50%     2880     ignore-reload
refresh_pattern -i /.ppt$       1440    50%     2880     ignore-reload
refresh_pattern -i /.xls$       1440    50%     2880     ignore-reload
refresh_pattern -i /.pdf$       1440    50%     2880     ignore-reload
refresh_pattern -i /.rar$       1440    50%     2880     ignore-reload
refresh_pattern -i /.zip$       1440    50%     2880     ignore-reload
refresh_pattern -i /.txt$       1440    50%     2880     ignore-reload
######proxy agent###
http_port 80 accel vhost vport
cache_peer 1.2.3.4 parent 80 0 no-query originserver name=img00
cache_peer_domain img00 img0-yoursite.yourdomain.com

cache_peer 1.2.3.4 parent 80 0 no-query originserver name=img01
cache_peer_domain img01 img1-yoursite.yourdomain.com
######alc#####
acl manager2 proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8     # rfc1918 possible internal network
acl localnet src 172.16.0.0/12  # rfc1918 possible internal network
acl localnet src 192.168.0.0/16 # rfc1918 possible internal network
acl lansrc src all
acl landst dst all
acl ssl_ports port 443
acl safe_ports port 80          # http
acl safe_ports port 21          # ftp
acl safe_ports port 443         # https
acl safe_ports port 70          # gopher
acl safe_ports port 210         # wais
acl safe_ports port 1025-65535  # unregistered ports
acl safe_ports port 280         # http-mgmt
acl safe_ports port 488         # gss-http
acl safe_ports port 591         # filemaker
acl safe_ports port 777         # multiling http
acl connect method connect
acl landstdm dstdomain .kanbox.com

http_access allow manager2 localhost
http_access deny manager2
http_access deny !safe_ports
http_access deny connect !ssl_ports
http_access allow landstdm
http_access allow lansrc
http_access allow landst
http_access allow localnet
http_access deny all

下载附件:
arnish的配置，不支持https:

posted on 2013-07-31 13:58 小马歌阅读(4115) 评论(1) 所属分类: web tools 、performance 、http accelerator

# re: web前端 https 缓存加速squid 3.3.8 实战【原创】

高手啊。我用的是3.4, 配置后，就是不能缓存，是什么原因，希望能指教下。谢谢！

posted @ 2015-07-30 15:20 回复

新用户注册


只有注册用户后才能发表评论。




网站导航:
相关文章:

web前端 https 缓存加速squid 3.3.8 实战【原创】 -凯发k8网页登录

留言簿(26)

搜索

最新评论

阅读排行榜

评论排行榜