使用Centos7基于Squid与Lvs搭建小型CDN
程序员文章站
2022-07-10 12:37:23
...
CDN详情查看我这篇文章:https://blog.csdn.net/qq_43442524/article/details/106924003
前期准备
- Centos7 四台
- Xshell
1. Squid
Squid 常常被用作代理缓存服务器,在自建CDN中处于源站和客户端的中间位置,使得用户无需访问源站便可获取内容资源,提高了用户的访问速度。作为代理服务器,Squid 可以支持多种协议,如 HTTP 、 FTP , SSL 协议等,Squid 使用 的是单独的 I/O 驱动进程来获取并响应客户端的请求,这是 Squid 独特的地方。
Squid 作为代理服务器,可以获取并响应用户的访问请求 。当用户向 Squid 发出访 问某个内容的请求时,Squid 会将用户请求转发到需要的网站,然后,网站响应该请求并将内容返回给 Squid,最后 Squid 将内容返回给用户,同时也会在本地存放一份备份内 容,以后遇到同样的用户请求时则将备份传送给用户,以此提高用户的响应速度。
由于Squid 存在己久,导致其与近年来流行的系统特性有很多不兼容之处。所以,目前很多公司在引用 Squid 的时候都会对其核心功能进行修改,比如,修改 Squid 以使得它支持多进程等。对 CDN 的提供服务商而言,也需要根据不同需求对 Squid 进行特定的修改。
虽然 Squid 存在时间比较长,也有很多特性无法支持,但是作为代理缓存服务器, Squid仍然能为用户访问网站起到很好的加速作用,并且在提高访问速度的同时,也拥有身份验证以及流量管理等高级功能。基于此,流服务缓存节点采用 Squid 实现代理缓存功能 。
1.1 安装Squid
[aaa@qq.com ~]# yum install -y squid
[aaa@qq.com ~]# vim /etc/squid/squid.conf
文件最后添加
# Httpd
http_port 80 accel vhost vport
cache_peer 192.168.0.100 parent 80 0 proxy-only
http_access allow all
1.2 启动Squid
[aaa@qq.com ~]# squid -k parse
2020/06/27 15:35:35| Startup: Initializing Authentication Schemes ...
2020/06/27 15:35:35| Startup: Initialized Authentication Scheme 'basic'
2020/06/27 15:35:35| Startup: Initialized Authentication Scheme 'digest'
2020/06/27 15:35:35| Startup: Initialized Authentication Scheme 'negotiate'
2020/06/27 15:35:35| Startup: Initialized Authentication Scheme 'ntlm'
2020/06/27 15:35:35| Startup: Initialized Authentication.
2020/06/27 15:35:35| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2020/06/27 15:35:35| Processing: acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
2020/06/27 15:35:35| Processing: acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
2020/06/27 15:35:35| Processing: acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
2020/06/27 15:35:35| Processing: acl localnet src fc00::/7 # RFC 4193 local private network range
2020/06/27 15:35:35| Processing: acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
2020/06/27 15:35:35| Processing: acl SSL_ports port 443
2020/06/27 15:35:35| Processing: acl Safe_ports port 80 # http
2020/06/27 15:35:35| Processing: acl Safe_ports port 21 # ftp
2020/06/27 15:35:35| Processing: acl Safe_ports port 443 # https
2020/06/27 15:35:35| Processing: acl Safe_ports port 70 # gopher
2020/06/27 15:35:35| Processing: acl Safe_ports port 210 # wais
2020/06/27 15:35:35| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2020/06/27 15:35:35| Processing: acl Safe_ports port 280 # http-mgmt
2020/06/27 15:35:35| Processing: acl Safe_ports port 488 # gss-http
2020/06/27 15:35:35| Processing: acl Safe_ports port 591 # filemaker
2020/06/27 15:35:35| Processing: acl Safe_ports port 777 # multiling http
2020/06/27 15:35:35| Processing: acl CONNECT method CONNECT
2020/06/27 15:35:35| Processing: http_access deny !Safe_ports
2020/06/27 15:35:35| Processing: http_access deny CONNECT !SSL_ports
2020/06/27 15:35:35| Processing: http_access allow localhost manager
2020/06/27 15:35:35| Processing: http_access deny manager
2020/06/27 15:35:35| Processing: http_access allow localnet
2020/06/27 15:35:35| Processing: http_access allow localhost
2020/06/27 15:35:35| Processing: http_access deny all
2020/06/27 15:35:35| Processing: http_port 3128
2020/06/27 15:35:35| Processing: coredump_dir /var/spool/squid
2020/06/27 15:35:35| Processing: refresh_pattern ^ftp: 1440 20% 10080
2020/06/27 15:35:35| Processing: refresh_pattern ^gopher: 1440 0% 1440
2020/06/27 15:35:35| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2020/06/27 15:35:35| Processing: refresh_pattern . 0 20% 4320
2020/06/27 15:35:35| Processing: http_port 80 accel vhost vport
2020/06/27 15:35:35| Processing: cache_peer 192.168.0.100 parent 80 0 proxy-only
2020/06/27 15:35:35| Processing: http_access allow all
2020/06/27 15:35:35| Initializing https proxy context
[aaa@qq.com ~]# squid -k reconfigure
[aaa@qq.com ~]# systemctl start squid
[aaa@qq.com ~]# systemctl status squid
● squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
Active: active (running) since 六 2020-06-27 15:36:40 CST; 11s ago
Process: 2471 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
Process: 2466 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
Main PID: 2473 (squid)
CGroup: /system.slice/squid.service
├─2473 /usr/sbin/squid -f /etc/squid/squid.conf
├─2475 (squid-1) -f /etc/squid/squid.conf
└─2476 (logfile-daemon) /var/log/squid/access.log
6月 27 15:36:40 localhost.localdomain systemd[1]: Starting Squid caching proxy...
6月 27 15:36:40 localhost.localdomain systemd[1]: Started Squid caching proxy.
6月 27 15:36:40 localhost.localdomain squid[2473]: Squid Parent: will start 1 kids
6月 27 15:36:40 localhost.localdomain squid[2473]: Squid Parent: (squid-1) process 2475 started
2. Apache
2.1 安装Httpd服务
[aaa@qq.com ~]# yum install httpd -y
2.2 编写首页
#index.php
<?php
function serverIp(){ //获取服务器IP地址
if(isset($_SERVER)){
if($_SERVER['SERVER_ADDR']){
$server_ip=$_SERVER['SERVER_ADDR'];
}else{
$server_ip=$_SERVER['LOCAL_ADDR'];
}
}else{
$server_ip = getenv('SERVER_ADDR');
}
return $server_ip;
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>CDN测试</title>
</head>
<body>
<div class="banner">
<ul>
<li><img src="1.jpg" /></li>
</ul>
</div>
<div class="main_list">
<ul>
<li><a href="#">CDN测试...</a></li>
</ul>
</div>
<span><?php echo serverIp(); ?></span>
</body>
</html>
2.3 测试
通过192.168.0.101访问到源站192.168.0.100
查看日志:
分两次访问,发现/var/log/squid/access.log
第一次访问时是从源站(192.168.0.100)拉取资源,并且在本机缓存
第二次访问,直接访问本机(192.168.0.101)资源
3. 安装LVS实现负载均衡
[aaa@qq.com ~]# yum install -y ipvsadm
[aaa@qq.com ~]# lsmod |grep ip_vs
[aaa@qq.com ~]# modprobe ip_vs
[aaa@qq.com ~]# lsmod |grep ip_vs
ip_vs 145497 0
nf_conntrack 139224 1 ip_vs
libcrc32c 12644 3 xfs,ip_vs,nf_conntrack
[aaa@qq.com ~]#
3.1 创建VIP调度地址
[aaa@qq.com ~]# ifconfig ens33:0 192.168.0.200 netmask 255.255.255.255
[aaa@qq.com ~]# ipvsadm -At 192.168.0.200:80 -s rr
[aaa@qq.com ~]# ipvsadm -at 192.168.0.200:80 -r 192.168.0.101:80 -g
[aaa@qq.com ~]# ipvsadm -at 192.168.0.200:80 -r 192.168.0.102:80 -g
[aaa@qq.com ~]#
在squid1和squid2两台服务器节点,创建VIP应答地址
[aaa@qq.com ~]# ifconfig lo:0 192.168.0.200 netmask 255.255.255.255
在squid1和squid2两台服务器节点,屏蔽ARP请求
[aaa@qq.com ~]# echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
[aaa@qq.com ~]# echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
[aaa@qq.com ~]# echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
[aaa@qq.com ~]# echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
[aaa@qq.com ~]#
在LVS中,#ipvsadm -L 检查配置情况
[aaa@qq.com ~]# ipvsadm -L
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP localhost.localdomain:http rr
-> 192.168.0.101:http Route 1 0 0
-> 192.168.0.102:http Route 1 0 0
[aaa@qq.com ~]#
3.2 测试
在Windows10访问(192.168.0.200),可以看到从VIP地址通过负载均衡访问到了Squid资源地址
查看日志:
宿主机通过LVS-VIP(192.168.0.200)访问到了Squid2(192.168.0.102),并且Squid2从源站(192.168.0.100)缓存了资源
原理
此CDN方案原理就是客户端通过访问LVS暴露在外的虚拟地址192.168.0.200,将流量负载均衡到Squid1192.168.0.101或者Squid2192.168.0.102机器上,并且Squid实现了从源站192.168.0.100缓存了资源,当以后的流量想要访问源站时,直接从Squid服务器缓存中得到,大幅度减少了源站的压力。
上一篇: zabbix-分布式系统监控