反向代理(反向加速代理)

11

web]---[squid]----internet
client
192.168.1.8   192.168.1.249 192.168.2.249 192.168.2.2
8080

squid server
需要有公网IP,需要在DNS上做好web服务域名和IP的对应关系:

www.51cto.com ---- 192.168.2.249


1
、安装squid软件包
yum -y install squid
2
、配置squid
574 acl all src 0.0.0.0/0.0.0.0

637 #http_access deny all
638 http_access allow all
639
921 http_port 80 accel vhost vport
accel
表示反向加速模式使用
vhost
在使用accel时,至少要加vhost,表示后面web服务器是基于域名的虚拟主机。
vport
如果后端 的web服务器是基于ip的虚拟主机,则使用

1183 cache_peer 192.168.1.8 parent 8080 0 originserver

3
、启动squid(80端口已经被占用,如apache)
[root@localhost spool]# netstat -tnlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21040/(squi

4
、客户端验证
访问 squid的外网卡的80端口,看是否可以访问到内部的web服务器的页面信息
]# ab -n 1000 -c 1000 http://192.168.2.249/index.html
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/

Benchmarking 192.168.2.249 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Finished 1000 requests


Server Software: Apache/2.2.3
Server Hostname: 192.168.2.249
Server Port: 80

Document Path: /index.html
Document Length: 17 bytes

Concurrency Level: 1000
Time taken for tests: 0.483220 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 436000 bytes
HTML transferred: 17000 bytes
Requests per second: 2069.45 [#/sec] (mean)
Time per request: 483.220 [ms] (mean)
Time per request: 0.483 [ms] (mean, across all concurrent requests)
Transfer rate: 879.52 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 1 70 41.2 70 148
Processing: 45 177 79.2 175 384
Waiting: 44 175 78.8 174 384
Total: 58 247 91.7 276 385

Percentage of the requests served within a certain time (ms)
50% 276
66% 307
75% 319
80% 326
90% 348
95% 379
98% 384
99% 385
100% 385 (longest request)







1对多

后端 web服务器是相同内容

squid server
需要有公网IP,需要在DNS上做好web服务域名和IP的对应关系:

后端 web服务器是相同内容
192.168.1.8:8080 \
192.168.1.15:800 - squid----------------client
192.168.1.34:80 /
192.168.1.249 192.168.2.2
192.168.2.249

DNS解析时: www.51cto.com ---- 192.168.2.249


1
、安装squid软件包
yum -y install squid
2
、配置squid
574 acl all src 0.0.0.0/0.0.0.0

637 #http_access deny all
638 http_access allow all
639
921 http_port 80 accel vhost vport
accel
表示反向加速模式使用
vhost
在使用accel时,至少要加vhost,表示后面web服务器是基于域名的虚拟主机。
vport
如果后端 的web服务器是基于ip的虚拟主机,则使用


#cache_peer 192.168.1.8 parent 8080 0 originserver
cache_peer 192.168.1.8 parent 8080 0 round-robin
cache_peer 192.168.1.15 parent 800 0 round-robin
cache_peer 192.168.1.34 parent 80 0 round-robin
3
、启动squid(80端口已经被占用,如apache)
[root@localhost spool]# netstat -tnlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21040/(squid)

4
、客户端测试
]# elinks -dump http://192.168.2.249/



后端 web服务器是不相同内容

后端 web服务器是不相同内容

51cto1 192.168.1.8:8080 \
51cto2 192.168.1.34:800 - squid----------------client
51cto3 192.168.1.15:80 /
192.168.1.249 192.168.2.2
192.168.2.249

DNS解析时: www.51cto1.com ---- 192.168.2.249
www.51cto2.com ---- 192.168.2.249
www.51cto3.com ---- 192.168.2.249
注意:如果不想搭建DNS,请在客户端/etc/hosts文件中暂时定义测试一下

1
、安装squid软件包
yum -y install squid
2
、配置squid
574 acl all src 0.0.0.0/0.0.0.0

637 #http_access deny all
638 http_access allow all
639
921 http_port 80 accel vhost vport
accel
表示反向加速模式使用
vhost
在使用accel时,至少要加vhost,表示后面web服务器是基于域名的虚拟主机。
vport
如果后端 的web服务器是基于ip的虚拟主机,则使用

#cache_peer hostname type http-port icp-port [options]
##
#cache_peer 192.168.1.8 parent 8080 0 originserver
#cache_peer 192.168.1.8 parent 8080 0 round-robin weight=1
#cache_peer 192.168.1.15 parent 800 0 round-robin weight=1
#cache_peer 192.168.1.34 parent 80 0 round-robin weight=1
cache_peer 192.168.1.8 parent 8080 0 originserver name=51cto1
cache_peer 192.168.1.34 parent 80 0 originserver name=51cto2
cache_peer 192.168.1.15 parent 800 0 originserver name=51cto3

#cache_peer_domain cache-host domain [domain ...]
cache_peer_domain 51cto1 www.51cto1.com
cache_peer_domain 51cto2 www.51cto2.com
cache_peer_domain 51cto3 www.51cto3.com

cache_peer_access 51cto1 allow all
cache_peer_access 51cto2 allow all
cache_peer_access 51cto3 allow all
#
注意这里的all是已经定义的acl名称,表示允许所有ip的客户端访问51cto1,51cto2,51cto3
# cache_peer_access cache-host allow|deny [!]aclname ...


3
、启动squid(80端口已经被占用,如apache)
service squid restart
[root@localhost spool]# netstat -tnlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21040/(squid)

4
、客户端测试(的确可以通过域名访问到后端的对应的web服务器)
[root@localhost ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
192.168.2.249 www.51cto1.com
192.168.2.249 www.51cto2.com
192.168.2.249 www.51cto3.com


]# elinks -dump http://www.51cto1.com/
]# elinks -dump http://www.51cto2.com/
]# elinks -dump http://www.51cto3.com/


[root@localhost ~]# elinks -dump http://www.51cto1.com/
Welcome to 192.168.1.8:8080
[root@localhost ~]# elinks -dump http://www.51cto2.com/
192.168.1.34
[root@localhost ~]# elinks -dump http://www.51cto3.com/
welcome to 192.168.1.15