CentOS6.5にて、yumでインストールされるSquidでは、よく変わるtokenなどのクエリ文字列を無視してキャッシュする設定ができなかったので、squid3.5をインストールして設定するためのメモ。httpsだとSquidからURLが見えないので、クライアントからはhttpでアクセスさせ、Squidにてmod_rewriteでhttpsに書き換えてアクセスする設定も含む
squidのインストール・確認に必要なライブラリをインストール
yum install libtool-ltdl
yum install telnet
squidインストール
#yumではsquid最新版はダウンロードできないので、wgetする
cd /tmp/
wget http://www1.ngtech.co.il/repo/centos/6/x86_64/squid-3.5.16-1.el6.x86_64.rpm
tar xvzf squid-3.5.16-1.el6.x86_64.rpm
rpm -i squid-3.5.16-1.el6.x86_64.rpm
touch /usr/local/bin/httpTohttps.py
chmod +x /usr/local/bin/httpTohttps.py
touch /usr/local/bin/noapikey.py
chmod +x /usr/local/bin/noapikey.py
/etc/squid/squid.conf
:
visible_hostname unknown
:
negative_ttl 0 minutes #do not cache error pages
:
acl myservers src XXX.XXX.0.0/16
acl mywork src YYY.YYY.YYY.YYY
:
http_access allow myservers
http_access allow mywork
:
url_rewrite_program /usr/local/bin/httpTohttps.py
store_id_program /usr/local/bin/noapikey.py #ref. http://www.squid-cache.org/Doc/config/store_id_program/
store_id_access allow all
:
cache_dir ufs /var/spool/squid 500 16 256
:
refresh_pattern . 36000 90% 360000 override-expire override-lastmod ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-must-revalidate store-stale
#refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 #comment out
:
httpTohttps.py
#!/usr/bin/env python
# vim:et:ts=4:sw=4:
import re
import sys,os
import urlparse
while True:
line = sys.stdin.readline()
if line == "":
break
try:
url, other = line.split(" ", 1)
os.system('echo "url:%s" >> /tmp/squldlog.txt' % url)
httpsurl = url.replace('http://googleapis.com', 'https://googleapis.com').replace('http://www.googleapis.com', 'https://www.googleapis.com')
os.system('echo "urlq:%s" >> /tmp/squidlog.txt' % url)
os.system('echo "urlx:%s" >> /tmp/squidlog.txt' % httpsurl)
print "OK rewrite-url=" + httpsurl
except Exception:
# For Debugging only. In production we want this to never die.
#raise
print line
sys.stdout.flush()
noapikey.py
#!/usr/bin/env python
# vim:et:ts=4:sw=4:
import re
import sys
import urlparse
google_api_re = re.compile(r"^https:\/\/www\.googleapis\.com\/(.*?)$")
def parse_params(url):
"Convert a URL's set of GET parameters into a dictionary"
params = {}
for param in urlparse.urlsplit(url)[3].split("&"):
if "=" in param:
n, p = param.split("=", 1)
params[n] = p
return params
while True:
line = sys.stdin.readline()
if line == "":
break
try:
url, other = line.split(" ", 1)
matched = False
if not matched and google_api_re.match(url):
params = parse_params(url)
if "q" in params:
print "OK store-id=https://googleapis.com/youtube/v3/search?part=snippet&q=%s&maxResults=%s" % (params["q"], params["maxResults"])
matched = True
if not matched:
# print "ERR"
print "OK store-id=" + url
#print channel, "OK store-id=\"%s\"" % (url)
except Exception:
# For Debugging only. In production we want this to never die.
#raise
print line
sys.stdout.flush()
squid 起動
/etc/init.d/squid restart