Squid reverse proxy Apache on centos 4.5

I have a centos 4.5 powered VPS that was running out of memory at peak times and so I decided to take a look at using squid to reverse proxy apache. When squid is used as a reverse proxy all http requests are proxied through squid to apache. The advantage of this setup is:

  • Squid is a caching proxy server that uses much less RAM when serving multiple users simultaneously than apache.
  • Squid first checks each request against its disk and memory cache. If the file requested is found in its cache it need not trouble apache. If it isn’t then it passes the request on to apache. Even though my sites are very dynamic in nature squid can still cache a lot of static content like images and css files. The smaller the number of requests sent to apache the fewer the apache processes spawned and the lower the memory used.
  • Since squid operates faster than apache it means that your sites load faster and that makes your users happy.

Squid 2.5 came preinstalled on my VPS although it had just the default configuration. The best way I found to configure it is to have squid listen to port 80 on your public IP address while apache listens to localhost:80. The advantage of doing it this way is that php scripts that rely on the $_SERVER[‘HOST_NAME’] and other related php variables don’t malfunction because the port number does not change. To bind squid to your public IPs you use the http_port command in the /etc/squid/squid.conf file:

http_port 123.123.123.123:80 124.124.124.124:80

To get squid to reverse proxy apache you tell it to accelerate localhost:


httpd_accel_host localhost
httpd_accel_port 80
httpd_accel_single_host on

Since I am not using squid as a proxy for my outgoing connections I turned off forward proxying:


httpd_accel_with_proxy off

I am also using namebased virtual hosts so I want squid to pass on the header information in http 1.1. This header information tells apache which domain is wanted by the client and apache will use this to determine which files to serve:


httpd_accel_uses_host_header on

I also want anyone to be able to access my sites:


acl all src 0.0.0.0/0.0.0.0
http_access allow all

Squid uses a lot of file descriptors to keep track of multiple cached files, tcp/ip connections etc. so it helps if you increase the number available to a decent amount. In previous versions of squid this required a recompile but not anymore:


max_filedesc 8192

You also have to increase the file descriptors in the operating system so I add this to my squid init file in /etc/init.d/squid right at the top after the comments:


ulimit -HSn 8192

Apache

Apache 2 needs some configuring too. In /etc/httpd/conf/httpd.conf you have to tell it to bind to localhost:80 instead of on all interfaces.:


Listen 127.0.0.1:80

Setup a namevirtualhost directive:


namevirtualhost 127.0.0.1:80

And add the virtual hosts:


<virtualhost 127.0.0.1:80>
documentroot /var/www/html
servername mydomain.com
serveralias www.mydomain.com

</virtualhost>

Logrotation

logrotate.d is a service included with centos 4.5. Services like squid maintain log files. Logrotate truncates and backs up the log files to prevent them from becoming too large and difficult to write to. The default logrotate configuration for squid is weekly log rotation. It is better to change this to daily logrotation by editing /etc/logrotate.d/squid and replacing weekly with daily.

Now just start squid by typing in this command at the command prompt:


service squid start

and apache:


service httpd start

You should have now have an efficient web server accelerated with a squid reverse proxy!

2 thoughts on “Squid reverse proxy Apache on centos 4.5

  1. I’m pretty picky about Apache catching things before PHP knows about them so this concept immediately makes alot of sense to me.

    I might have to reevaluate my opinion of proxy servers after reading this post.

Leave a Reply

Your email address will not be published. Required fields are marked *