分享浚網(wǎng)科技使用多年的squid配置文檔
技術(shù)支持服務(wù)電話:15308000360 【7x24提供運(yùn)維服務(wù),解決各類系統(tǒng)/軟硬件疑難技術(shù)問題】
用了這么多年squid走過無數(shù)的彎路,現(xiàn)在將我們優(yōu)化的squid配置文件分享給大家,雖然談不上很強(qiáng)大,能負(fù)載多少多少,但是基本上運(yùn)行很穩(wěn)定,希望能夠幫到一些正在使用squid的兄弟姐妹們...
# # User Squid # # # Recommended minimum configuration: # http_port 80 accel vhost vport #------------------------------------------------------------------------------ #第一臺(tái)服務(wù)器 cache_peer 118.100.100.133 parent 80 0 no-query originserver weight=1 name=xxcdn cache_peer_domain xxcdn .xxcdn.com #------------------------------------------------------------------------------ #第二臺(tái)服務(wù)器 cache_peer 118.100.100.138 parent 80 0 no-query originserver weight=1 name=jwcdn cache_peer_domain jwcdn .junww.com #------------------------------------------------------------------------------ #讓所有未綁定前面服務(wù)器的域名全部指向下面這臺(tái)服務(wù)器: cache_peer 100.100.100.130 parent 20080 0 no-query originserver weight=1 name=cdnzz cache_peer_domain cdnzz .com .cn .net .org .cc .us .hk .la .pw #------------------------------------------------------------------------------ coredump_dir /usr/local/squid/var/cache/squid cache_log /usr/local/squid/var/logs/cache.log access_log /usr/local/squid/var/logs/access.log squid cache_dir ufs /usr/local/squid/var/caches/ 50000 16 256 #------------------------------------------------------------------------------ visible_hostname znncnn.com cache_mgr web@junww.com cache_mem 512 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 51200 KB maximum_object_size_in_memory 512 KB minimum_object_size 0 KB ipcache_size 16380 ipcache_low 80 ipcache_high 90 logfile_rotate 30 httpd_suppress_version_string off forward_timeout 20 seconds connect_timeout 15 seconds acl OverConnLimit maxconn 128 hierarchy_stoplist cgi-bin ? hierarchy_stoplist -i ^https:\\ ? acl QUERY urlpath_regex -i cgi-bin \? \.asp .\php \.aspx \.php \.jsp \.cgi acl DIRECT url_regex -i ^http:////www/.xxx/.com//.php$ acl DIRECT url_regex -i ^http:////www/.xxx/.com//.htm$ acl DIRECT url_regex -i ^http:////www/.xxx/.org//.html$ acl denyssl urlpath_regex -i ^https:\\ no_cache deny QUERY no_cache deny denyssl cache deny DIRECT max_open_disk_fds 0 relaxed_header_parser on half_closed_clients off buffered_logs on vary_ignore_expire on #------------------------------------------------------------------------------ reply_header_access Via deny all reply_header_access Cache-Control deny all reply_header_access Server deny all reply_header_access X-Squid-Error deny all reply_header_access X-Forwarded-For deny all request_header_access Via deny all request_header_access Age deny all request_header_access X-Squid-Error deny all request_header_access Pragma deny all #request_header_access X-Forwarded-For deny all #------------------------------------------------------------------------------ acl babaicode dstdomain www.xxx.com no_cache deny babaicode acl bbcom dstdomain .xxx.com cache deny bbcom #------------------------------------------------------------------------------ acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access allow all http_access deny all #------------------------------------------------------------------------------------ refresh_pattern ^proxy: 60 20% 10080 refresh_pattern ^gopher: 60 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern -i \.htm$ 10 50% 60 reload-into-ims refresh_pattern -i \.html$ 10 50% 60 reload-into-ims refresh_pattern -i \.shtml$ 10 50% 60 reload-into-ims refresh_pattern -i \.js$ 10 50% 60 reload-into-ims refresh_pattern -i \.css$ 10 50% 60 reload-into-ims refresh_pattern -i \.jpg$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.png$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.gif$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.bmp$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.mp3$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.mp4$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.wmv$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.rm$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.swf$ 1440 20% 2880 reload-into-ims refresh_pattern -i \.mpeg$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.wma$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.rar$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.zip$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.7z$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.pdf$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.exe$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.doc$ 1440 50% 2880 reload-into-ims refresh_pattern -i \.txt$ 1440 50% 2880 reload-into-ims refresh_pattern . 0 20% 4320