글 수 367
Linux설치
출처 : https://jazz.net/wiki/bin/view/Main/SCMWithCachingProxy
Squid 로그 처리
프락시 캐시 서버 16GB/8GB인 경우 Squid 설정값 예
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /usr/local/squid/var/cache 102400 256 256
cache_mem 12288 MB (8GB인 경우 6144 MB)
cache_store_log none
cache_peer xxx.xxx.xxx.xxx parent 9443 0 no-query originserver name=httpsAccel ssl login=PROXYPASS sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 9443 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
refresh_pattern . 0 20% 4320
cachemgr_passwd disable all
maximum_object_size 1024 MB
maximum_object_size_in_memory 16 MB
buffered_logs on
visible_hostname xxx.xxx.xxx.xxx
cache_swap_low 90
cache_swap_high 95
오타와 Lab의 Squid 설정값
캐시서버로 권고하는 RAID 구성 : RAID 0
- 설치해야 할 패키지:
- openssl : yum -y install openssl (or sudo apt-get install openssl TIP: gksudo gnome-terminal)
- openssl-dev (or libssl-dev)
- gcc, g++
- make
- perl
- vim (다른 편집기도 사용 가능)
- squid 3.0(http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE25.tar.gz) 압축 풀기
wget http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE25.tar.gz
(or wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.12.tar.gz )
tar zxvf squid-3.0.STABLE25.tar.gz - cd squid-3.0.STABLE25
(참고 : http://wiki.squid-cache.org/SquidFaq/CompilingSquid ) - 컴파일/링크변수 설정
-참조 : http://gcc.gnu.org/onlinedocs/gcc/i386-and-x86_002d64-Options.html
-참조 : http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel
gcc -c -Q -march=native --help=target (GCC 4.2 and above support -march=native)
-참조 : http://en.gentoo-wiki.com/wiki/Safe_Cflags/AMD
- 64비트 OS : export CFLAGS="-O2 -pipe -m64 -march=core2 -fomit-frame-pointer -s"
32비트 OS : export CFLAGS="-O2 -pipe -m32 -fomit-frame-pointer -s" - 64비트 OS : export CXXFLAGS="-O2 -pipe -m64 -march=core2 -fomit-frame-pointer -s"
32비트 OS : export CXXFLAGS="-O2 -pipe -m32 -fomit-frame-pointer -s" - 64비트 OS : export LDFLAGS="-m64 -s -Wl,-O1"
32비트 OS : export LDFLAGS="-m32 -s -Wl,-O1"
- 64비트 OS : export CFLAGS="-O2 -pipe -m64 -march=core2 -fomit-frame-pointer -s"
- ./configure -prefix=/usr/local/squid --with-pthreads --enable-storeio=ufs,aufs --enable-removal-policies=lru,heap --enable-ssl --with-large-files
@Ubuntu
sudo ./configure --prefix=/usr --localstatedir=/var --libexecdir=${prefix}/lib/squid --srcdir=. --datadir=${prefix}/share/squid --sysconfdir=/etc/squid --with-default-user=proxy --with-logdir=/var/log --with-pidfile=/var/run/squid.pid --with-pthreads --enable-storeio=ufs,aufs --enable-removal-policies=lru,heap --enable-ssl --with-large-files --with-filedescriptors=65535
-> 참조 : https://help.ubuntu.com/community/Squid : /usr/sbin/squid, /etc/squid/squid.conf
@Ubuntu - sudo make
- sudo make install
- /usr/local/squid 쓰기 가능한지 체크
구성
- /usr/local/squid/etc/squid.conf 아래와 같이 대체
(참조 : http://www.squid-cache.org/Versions/v3/3.0/cfgman/ )
cache_store_log none
cache_peerparent 0 no-query originserver name=httpsAccel ssl
(앞줄 계속) login=PROXYPASS sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_portcert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
refresh_pattern . 0 20% 4320
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /usr/local/squid/var/cache256 256
cache_memMB
cachemgr_passwd disable all
maximum_object_size 1048576 KB
maximum_object_size_in_memory 16384 KB
buffered_logs on
visible_hostname - Replace all references of
with the hostname of the server you wish to proxy. - Replace all references of
with the port name that your jazz server listens upon. - Replace all references of
with the hostname of your proxy machine. - Replace all references of
with the port of your proxy machine. - Replace all references of
with the amount of RAM that you want to allocate to squid's caching. This must be less than the available memory on the machine. - Replace all references of
in MBytes with the amount of diskspace you want ot allocate to squid. This must be less than the available disk space in "/usr/local/squid/var/cache". - server.pem과 privkey.pem 파일을 /usr/local/squid/etc 아래로 복사
- 인증서 만들기
- openssl req -new -keyform PEM -x509 -out server.pem
- openssl rsa -in privkey.pem -out privkey.pem.new
- cp privkey.pem.new privkey.pem
- cp server.pem /usr/local/squid/etc/
- cp privkey.pem /usr/local/squid/etc/
- cd /usr/local/squid/sbin
- 캐시 디렉토리(/usr/local/squid/var/cache) 구조화/초기화 실행 :
@Ubuntu
sudo touch /var/log/cache.log /var/log/access.log
sudo chown proxy /var/log/cache.log /var/log/access.log
@Ubuntu
sudo su proxy
./squid -z(참조 : http://manpages.ubuntu.com/manpages/dapper/en/man8/squid.8.html ) - 프락시서버 데몬 실행 :
sudo ./squid
cache_store_log none
cache_peer x.x.x.x parent 9443 0 no-query originserver name=httpsAccel ssl login=PROXYPASS sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 9443 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
refresh_pattern . 0 20% 4320
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /home/SquidCache 131072 256 256
cache_swap_low 70
cache_swap_high 97
cache_mem 4096 MB
cachemgr_passwd disable all
maximum_object_size 1048576 KB
maximum_object_size_in_memory 16384 KB
buffered_logs on
visible_hostname x.x.x.x
If things are not working properly, check the var/logs/cache.log for errors
you will see TCP_HIT and TCP_MISS logging in the access.log which will indicate whether or not the cache is being hit
출처 : https://jazz.net/wiki/bin/view/Main/SCMWithCachingProxy
Squid 로그 처리
/usr/local/squid/var/logs/cache.log
You need to rotate your log files with a cron job. For example in /etc/crontab:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR
#sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * command to be executed
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR
#sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * command to be executed
0 0 * * * /usr/local/squid/sbin/squid -k rotate프락시 캐시 서버 16GB/8GB인 경우 Squid 설정값 예
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /usr/local/squid/var/cache 102400 256 256
cache_mem 12288 MB (8GB인 경우 6144 MB)
cache_store_log none
cache_peer xxx.xxx.xxx.xxx parent 9443 0 no-query originserver name=httpsAccel ssl login=PROXYPASS sslflags=DONT_VERIFY_PEER
cache_peer_access httpsAccel allow all
coredump_dir /usr/local/squid/var/cache
http_access allow all
https_port 9443 cert=/usr/local/squid/etc/server.pem accel key=/usr/local/squid/etc/privkey.pem vhost
refresh_pattern . 0 20% 4320
cachemgr_passwd disable all
maximum_object_size 1024 MB
maximum_object_size_in_memory 16 MB
buffered_logs on
visible_hostname xxx.xxx.xxx.xxx
cache_swap_low 90
cache_swap_high 95
오타와 Lab의 Squid 설정값
- used 256 Level1 dirs
- aufs storage (coss would be even better but is not recommended for production in 3.0 yet).
- Disable the cache_store_log.
- 4GB of memory cache
- max object size in memory: 16MB
- 16GB of disk cache
- max cached object size: 1GB
- GDSF as memory and disk cache replacement policy
- turned on buffered logs
- set up cron to rotate the logs every day.
- 이유는 속도가 가장 빠르고, 캐시인 까닭에 미러링을 덜 고려할 수 있습니다.
캐시서버 스펙 예
캐시서버 스펙 예
- OS : RedHat Enterprise Server
- 캐시 서버 S/W : Squid (오픈소스)
- CPU : Intel Xeon 3.16 Ghz * 2
- RAM : 8GB RAM
- HDD : SCSI HDD 6 * 146 GB with RAID 0
HDD는 일반 PC급 DISK가 아닌 서버급 HDD를 권장하며, Squid를 사용하기 위해서 Linux 서버급 운영체제를 권장합니다.
일요일은 짜빠게뤼~ 먹는날~^^