DNS polling under Linux combined with Squid reverse proxy

First, install reverse proxy server 1. Download the reverse proxy server software using Squid, download address: http://www.squid-cache.org/Versions/v2/2.2/squid-2.2.STABLE5-src.tar.gz Download and store in /usr/local/In the squid/src directory, the file name is squid-2.2.STABLE5 ...

1. Install the reverse proxy server

1. Download the reverse proxy server software using Squid, download address:

http://www.squid-cache.org/Versions/v2/2.2/squid-2.2.STABLE5-src.tar.gz

After downloading, it is stored in the /usr/local/squid/src directory. The file name is

squid-2.2.STABLE5-src.tar.gz;

2. Extract the proxy server package:

Enter the /usr/local/squid/src directory and type the following command:

gzip -dc squid-2.2.STABLE5-src.tar.gz |  Tar -xvf -

This command unpacks the proxy server package, creates a directory called squid-2.2.STABLE5, and puts all the files in this directory.

3. Compile the source program

First run the configuration script to generate the build script for your machine. The command format is:

./configure

The default installation path for compiled scripts generated by this method is /usr/local/squid.

If you want to change the installation path, you need to use the following format:

./configure -prefix=/some/other/directory

This method is compiled and installed to /some Inside /other/directory.

After generating the compiled script, you can officially start compiling. The command is:

make

4. Install Squid Proxy Server

After compiling, install it with the following command:

make install

After the installation is complete, a squid directory will be generated in the installation path you specified. There are three directories under the squid directory: etc, bin, logs. Among them etc is the configuration file, the inside of the bin is the execution file, and the log is the log file.

Second, debug reverse proxy server

After the installation is finished, debug the server to make it work according to your requirements. There is only one Squid configuration file. In the etc directory, the name is squid.conf. All configuration options are in this file. And each configuration item has a note. We only cover a few projects related to reverse proxy.

First, find the following configuration items in the Squid file:

cache_mem

You can add the amount of memory you are going to use for Squid as a cache. Note that if your machine has N megabytes of memory, then it is recommended that the number you add here is N/3.

cache_dir /usr/local/squid/cache 100 16 256

The first number 100 here is the size of the hard disk space you are going to use for Squid as a cache, in megabytes. If you want to draw 100M space as a cache, then write 100 here.

acl, http_access, icp_access

Fill in "allowedip" and "allowedip1"ACL access control lists. Here you should fill in the IP of the server you are publicizing. For example, the external addresses of the two WEB servers in this example are 202.99.157.10 and 202.99.157.18,

acl manager proto cache_object

acl localhost Src 127.0.0.1/255.255.255.255

acl all src 0.0.0.0/0.0.0.0

acl allowedip src 202.99.157.10/255.255.255.255

acl allowedip1 src 202.99 .157.18/255.255.255.255

http_access deny manager all

http_access allow allowedip

http_access allow allowedip1

http_access deny all

icp_access Allow allowedip

icp_access allow allowedip1

icp_access deny all

cache_mgr [email protected]

fill the cache administrator's email address here, system An error will automatically alert the cache administrator.

******The above are all common settings for Squid. The following is the setting for the reverse proxy section. ******

httpd_accel_host test.com.cn

httpd_accel_host test1.com.cn

Set the host name of the reverse proxy here

httpd_accel_port 80

Set the WEB service port number of the reverse proxy here< Br>

#httpd_accel_with_proxy off

When the reverse proxy is set here, whether to open the normal proxy service

modify the configuration file, before running the Squid proxy server, first initialization. The command is as follows:

% /usr/local/squid/bin/squid -z

% /usr/local/squid/bin/squid

Check the cache.log file Make sure all parts are working properly. If there is an error message or the system does not start properly, the general situation is due to the access rights of the directory and files. Please carefully check the permissions settings of each directory and file. Of particular note is that the Squid directory should be set to writable before initialization, and then the created cache directory and logs directory are set to be writable. If everything is ok, then you can put it into use. The default service port of the system is 3128.

After the reverse proxy server software is installed, set the server's http port http service to not enabled.

Three, adjust the DNS server settings

Assuming the DNS server (hereinafter referred to as the standard DNS server) resolve test.com.cn to 202.99.157.10, test1.com.cn resolves to 202.99. 157.18, then when we configure the DNS service of the reverse proxy server (we call it the internal DNS server), we can change the WEB of the internal address as follows:

Hostname standard DNS resolution is internal

DNS resolution is

http://www.test.com.cn/202.99.157.10 192.168.1.10

http://www.test1.com.cn /202.99.157.18 192.168.1.18

Then bind the two IPs 202.99.157.10 and 202.99.157.18 to the reverse proxy server, so that the outside world is http://www.test.com.cn /and http://www.test1.com.cn/access will be resolved by the standard DNS to the reverse proxy server, the default WEB server's service port is 80, but due to the reverse proxy server's 80-port http service Has been terminated, the visit at this time will have no results. In order to enable the access request to be successfully completed, it is necessary to establish a reverse proxy server between the real http://www.test.com.cn/and the http://www.test1.com.cn/WEB server. contact. To establish a connection with a real WEB server with an internal address, first the reverse proxy server needs to bind an internal IP, such as 192.168.1.2, and the rest is done by the transparent proxy software transproxy. The Transproxy service software establishes the connection between port 81 and Squid through the setting, and transmits the resolution address of the internal DNS to http://www.test.com.cn/and http://www.test1.com.cn/to the Squid server. Then, through the setting of the server port in squid.conf, set the service port to 80. In this way, Squid accesses the 80 ports of the internal real WEB server 192.168.1.10 and 192.168.1.18, and retrieves the WEB content that needs to be accessed. In the Squid cache for external access. After the transparent proxy software transproxy is set up, you need to set the ipchains rule to forward the http request from the outside to the reverse proxy server to port 81 of the transproxy. This establishes the indirect and real WEB server through the reverse proxy. The connection between.