Skip to content

SCM - 캐시 서버 구축 (Squid in Linux)

조회 수 8027 추천 수 0 2014.04.27 01:20:57
Linux설치
  1. 설치해야 할 패키지:
    1. openssl : yum -y install openssl (or sudo apt-get install openssl  TIP: gksudo gnome-terminal)
    2. openssl-dev  (or libssl-dev)
    3. gcc, g++
    4. make
    5. perl
    6. vim (다른 편집기도 사용 가능)
  2. squid 3.0(http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE25.tar.gz) 압축 풀기
    wget http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE25.tar.gz
    (or wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.12.tar.gz )
    tar zxvf squid-3.0.STABLE25.tar.gz
  3. cd squid-3.0.STABLE25
    (참고 : http://wiki.squid-cache.org/SquidFaq/CompilingSquid )
  4. 컴파일/링크변수 설정
    -참조 : http://gcc.gnu.org/onlinedocs/gcc/i386-and-x86_002d64-Options.html
    -참조 : http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
              gcc -c -Q -march=native --help=target (GCC 4.2 and above support -march=native)
    -참조 : http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD

    • 64비트 OS : export CFLAGS="-O2 -pipe -m64 -march=core2 -fomit-frame-pointer -s"
      32비트 OS : export CFLAGS="-O2 -pipe -m32 -fomit-frame-pointer -s"
    • 64비트 OS : export CXXFLAGS="-O2 -pipe -m64 -march=core2 -fomit-frame-pointer -s"
      32비트 OS : export CXXFLAGS="-O2 -pipe -m32 -fomit-frame-pointer -s"
    • 64비트 OS : export LDFLAGS="-m64 -s -Wl,-O1"
      32비트 OS : export LDFLAGS="-m32 -s -Wl,-O1"
  5. ./configure -prefix=/usr/local/squid --with-pthreads --enable-storeio=ufs,aufs --enable-removal-policies=lru,heap --enable-ssl --with-large-files

    @Ubuntu
    sudo ./configure --prefix=/usr --localstatedir=/var --libexecdir=${prefix}/lib/squid --srcdir=. --datadir=${prefix}/share/squid --sysconfdir=/etc/squid --with-default-user=proxy --with-logdir=/var/log --with-pidfile=/var/run/squid.pid --with-pthreads --enable-storeio=ufs,aufs --enable-removal-policies=lru,heap --enable-ssl --with-large-files --with-filedescriptors=65535 
    -> 참조 : https://help.ubuntu.com/community/Squid : /usr/sbin/squid, /etc/squid/squid.conf
    @Ubuntu
  6. sudo make
  7. sudo make install
  8. /usr/local/squid 쓰기 가능한지 체크 

구성

  1. /usr/local/squid/etc/squid.conf 아래와 같이 대체
    (참조 : http://www.squid-cache.org/Versions/v3/3.0/cfgman/ )

    cache_store_log
     none 
    cache_peer
      parent 0 no-query originserver name=httpsAccel ssl
    (앞줄 계속) login=PROXYPASS sslflags=DONT_VERIFY_PEER 
    cache_peer_access
     httpsAccel allow all
    coredump_dir /usr/local/squid/var/cache 
    http_access
     allow all 
    https_port
      cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost 
    refresh_pattern
     . 0 20% 4320 
    cache_replacement_policy
     heap GDSF 
    memory_replacement_policy
     heap GDSF 
    cache_dir
     aufs /usr/local/squid/var/cache 256 256 
    cache_mem
      MB 
    cachemgr_passwd
     disable all 
    maximum_object_size
     1048576 KB 
    maximum_object_size_in_memory
     16384 KB 
    buffered_logs
     on 
    visible_hostname
     
    1. Replace all references of with the hostname of the server you wish to proxy.
    2. Replace all references of with the port name that your jazz server listens upon.
    3. Replace all references of with the hostname of your proxy machine.
    4. Replace all references of with the port of your proxy machine.
    5. Replace all references of with the amount of RAM that you want to allocate to squid's caching.  This must be less than the available memory on the machine. 
    6. Replace all references of  in MBytes with the amount of diskspace you want ot allocate to squid.  This must be less than the available disk space in "/usr/local/squid/var/cache".  
    Squid 설정 예
    cache_store_log none
    cache_peer x.x.x.x parent 9443 0 no-query originserver name=httpsAccel ssl login=PROXYPASS sslflags=DONT_VERIFY_PEER
    cache_peer_access httpsAccel allow all
    coredump_dir /usr/local/squid/var/cache
    http_access allow all
    https_port 9443 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
    refresh_pattern . 0 20% 4320
    cache_replacement_policy heap GDSF
    memory_replacement_policy heap GDSF
    cache_dir aufs /home/SquidCache 131072 256 256
    cache_swap_low 70
    cache_swap_high 97
    cache_mem 4096 MB
    cachemgr_passwd disable all
    maximum_object_size 1048576 KB
    maximum_object_size_in_memory 16384 KB
    buffered_logs on
    visible_hostname x.x.x.x

  2. server.pem과 privkey.pem 파일을 /usr/local/squid/etc 아래로 복사
    • 인증서 만들기
      1. openssl req -new -keyform PEM -x509 -out server.pem
      2. openssl rsa -in privkey.pem -out privkey.pem.new
      3. cp privkey.pem.new privkey.pem
      4. cp server.pem /usr/local/squid/etc/
      5. cp privkey.pem /usr/local/squid/etc/
  3. cd /usr/local/squid/sbin
  4. 캐시 디렉토리(/usr/local/squid/var/cache) 구조화/초기화 실행 :

    @Ubuntu
    sudo touch /var/log/cache.log /var/log/access.log
    sudo chown proxy /var/log/cache.log /var/log/access.log

    @Ubuntu

    sudo su proxy
    ./squid -z(참조 : http://manpages.ubuntu.com/manpages/dapper/en/man8/squid.8.html )
  5. 프락시서버 데몬 실행 :
    sudo ./squid
If things are not working properly, check the var/logs/cache.log for errors
you will see TCP_HIT and TCP_MISS logging in the access.log which will indicate whether or not the cache is being hit

출처 : https://jazz.net/wiki/bin/view/Main/SCMWithCachingProxy


Squid 로그 처리

/usr/local/squid/var/logs/cache.log

You need to rotate your log files with a cron job. For example in /etc/crontab:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7)  OR
#sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  *  command to be executed
    0  0   *   *  * /usr/local/squid/sbin/squid -k rotate

프락시 캐시 서버 16GB/8GB인 경우 Squid 설정값 예 

cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /usr/local/squid/var/cache 102400 256 256
cache_mem 12288 MB (8GB인 경우 6144 MB)
cache_store_log none
cache_peer xxx.xxx.xxx.xxx parent 9443 0 no-query originserver name=httpsAccel ssl login=PROXYPASS sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 9443 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
refresh_pattern . 0 20% 4320
cachemgr_passwd disable all
maximum_object_size 1024 MB
maximum_object_size_in_memory 16 MB
buffered_logs on
visible_hostname xxx.xxx.xxx.xxx
cache_swap_low 90
cache_swap_high 95

오타와 Lab의 Squid 설정값
  • used 256 Level1 dirs
  • aufs storage (coss would be even better but is not recommended for production in 3.0 yet).
  • Disable the cache_store_log.
  • 4GB of memory cache
  • max object size in memory: 16MB
  • 16GB of disk cache
  • max cached object size: 1GB
  • GDSF as memory and disk cache replacement policy
  • turned on buffered logs
  • set up cron to rotate the logs every day.

캐시서버로 권고하는 RAID 구성RAID 0 
- 이유는 속도가 가장 빠르고,  캐시인 까닭에 미러링을 덜 고려할 수 있습니다.

캐시서버 스펙 예
  • OS : RedHat Enterprise Server 
  • 캐시 서버 S/W : Squid (오픈소스) 
  • CPU : Intel Xeon 3.16 Ghz * 2 
  • RAM : 8GB RAM 
  • HDD : SCSI HDD 6 * 146 GB with RAID 0 
HDD는 일반 PC급 DISK가 아닌 서버급 HDD를 권장하며, Squid를 사용하기 위해서 Linux 서버급 운영체제를 권장합니다.

profile

일요일은 짜빠게뤼~ 먹는날~^^

엮인글 :
http://adminplay.com/297841/72d/trackback
List of Articles
번호 제목 글쓴이 날짜 조회 수sort
367 linux daemon (리눅스 데몬 설명) ADMINPLAY 2014-02-26 567927
366 e2fsck - 파일 시스템 복구 및 검사. - fsck file ADMINPLAY 2010-09-12 60855
365 대용량 HDD 파티셔닝(Mass storage Partitioning) (GPT 파... ADMINPLAY 2010-04-14 59514
364 배치파일을 이용한 백업방법 l2zeo 2010-03-31 59469
363 FFMPEG를 가장쉽게 설치하는 방법(ffmpeg-php 등) ADMINPLAY 2010-05-03 52408
362 CentOS 설치 - VMware 상에서 CentOS 설치하기 file l2zeo 2010-02-24 52055
361 Red Hat Linux 9 ADMINPLAY 2009-09-24 51517
360 rrdtool 컴파일시 에러 configure: error: Please fix the... ADMINPLAY 2009-08-08 50750
359 커널 2.6으로 업그레이드!「A to Z」 ADMINPLAY 2009-08-08 50056
358 Maskrading ADMIN 2008-11-11 44776
357 시스템 백업과 응급 복구 ADMINPLAY 2009-05-11 44741
356 리눅스 전원부터 부팅이 되기까지의 과정이해 ADMIN 2008-11-11 43604
355 리눅스 디렉토리 구조와 파티션 관리의 기본 ADMINPLAY 2009-05-22 43533
354 hdparm 세부옵션 ADMINPLAY 2012-01-16 41133
353 ORA-01031: insufficient privileges 오류 ADMINPLAY 2010-02-24 40837
352 [APM] 리눅스에서 Apache, PHP, MySQL 등 제거 방법 ADMINPLAY 2009-06-29 39322
351 AIX 필수 명령어 ADMINPLAY 2009-12-10 39010
350 mrtg를 이용한 시스템자원 모니터링 ADMINPLAY 2012-01-16 37933
349 tomcat log 쌓이는 것 방지하기 ADMINPLAY 2011-02-17 37504
348 하드디스크 정보보기 smartctl ADMINPLAY 2011-08-17 35992

Copyright ADMINPLAY corp. All rights reserved.

abcXYZ, 세종대왕,1234

abcXYZ, 세종대왕,1234