squid+icap测试配置
来源:互联网 发布:滑板鞋品牌知乎 编辑:程序博客网 时间:2024/06/07 10:25
相关配置为公司内环境配置,综合网关用squid模拟。
项目基本架构为:网关作为ICAP Client,ICAP Server用的是C-ICAP SERVER 0.2.5,往后为公司的业务系统,ICAP Server作用是在网关与业务系统之间作适配。
1、squid
squid支持ICAP Client,本次配置如下:
--------------------------------------------------------------------squid.conf--------------------------------------------------------------------
#Icap client for squid
icap_enable on
icap_preview_enable on
icap_preview_size 1024
icap_206_enable off
icap_send_client_ip on
#将HTTP回复发送给icap服务器
icap_service service_res respmod_precache 1 icap://192.168.0.246:1344/ToolbarInsertion
#将HTTP请求发送给icap服务器
icap_service service_req reqmod_precache 0 icap://192.168.0.246:2344/ex206
adaptation_access service_res allow all
adaptation_access service_req allow all
--------------------------------------------------------------------end--------------------------------------------------------------------
ToolbarInsertion:RESPMOD请求URI;
ex206:REQMOD请求URI;
2、icap
icap支持OPTIONS、REQMOD、RESPMOD(参考RFC3507);
ToolbarInsertion配置文件:srv_xxxxxxx.conf
--------------------------------------------------------------------srv_xxxxxxx.conf--------------------------------------------------------------------
#
# To enable srv_xxxxxxx service in c-icap, copy this file in c-icap
# configuration directory and add the following line at the end of
# c-icap.conf file:
# Include srv_xxxxxxx.conf
#
# Module: srv_xxxxxxx
#
# Load the srv_xxxxxxx service:
Service wkcash_module srv_xxxxxxx.so
# Add the alias wkwsc for srv_xxxxxxx service. It is used by many
ServiceAlias ToolbarInsertion srv_xxxxxxx
# wk cash module settings
# TAG: srv_xxxxxxx.EmbedHtmlContentTypes
# Format: srv_xxxxxxx.EmbedHtmlContentTypes type1 [type2] ...
# Description:
# the list of Content types or groups of Content types which will be
# Embed. For supported types look in c-icap.magic
# configuration file.
# Default:
# text/html application/vnd.wap.xhtml+xml application/xhtml+xml.
srv_xxxxxxx.EmbedHtmlContentTypes text/html application/vnd.wap.xhtml+xml application/xhtml+xml
# TAG: srv_xxxxxxx.EmbedWmlContentTypes
# Format: srv_xxxxxxx.EmbedWmlContentTypes type1 [type2] ...
# Description:
# the list of Content types or groups of Content types which will be
# Embed. For supported types look in c-icap.magic
# configuration file.
# Default:
# text/vnd.wap.wml
srv_xxxxxxx.EmbedWmlContentTypes text/vnd.wap.wml
# TAG: srv_xxxxxxx.CashMereServer
# Format: srv_xxxxxxx.CashMereServer Host Port
# Description:
# The CashMere Server Host Information
# Default:
# localhost 18080
srv_xxxxxxx.CashMereServer 192.168.0.246 8090
#srv_xxxxxxx.CashMereServer 192.168.0.246 80
#srv_xxxxxxx.CashMereServer 192.168.0.45 80
# TAG: srv_xxxxxxx.LocalMemCacheServer
# Format: srv_xxxxxxx.LocalMemCacheServer onoff
# Description:
# Set To Enable or Disable The Local Memcache Server
# Default:
# off
srv_xxxxxxx.LocalMemCacheServer off
# TAG: srv_xxxxxxx.MemCacheServer
# Format: srv_xxxxxxx.MemCacheServer Host Port
# Description:
# The Memcache Server Host Information
# Default:
# localhost 11211
srv_xxxxxxx.MemCacheServer localhost 11212
#srv_xxxxxxx.MemCacheServer 192.168.0.45 11212
# TAG: srv_xxxxxxx.MemCacheExpireTime
# Format: srv_xxxxxxx.MemCacheExpireTime seconds
# Description:
# Set To Memcache Server ExpireTime
# Default:
# off
srv_xxxxxxx.MemCacheExpireTime 60
# TAG: srv_xxxxxxx.AccessLogPath
# Format: srv_xxxxxxx.AccessLogPath path
# Description:
# The Access Log Path Information
# Default:
# c-icap default log path
srv_xxxxxxx.AccessLogPath /home/src/c_icap-0.2.5_req_mod/var/log
srv_xxxxxxx.ServerGroup 1
# End module: srv_xxxxxxx
--------------------------------------------------------------------end--------------------------------------------------------------------
C-ICAP Server安装后配置文件在:etc/c-icap.conf
--------------------------------------------------------------------c-icap.conf--------------------------------------------------------------------
#
# This file contains the default settings for c-icap
#
#
# TAG: PidFile
# Format: PidFile pid_file
# Description:
# The file to store the pid of the main process of the c-icap server.
# Default:
# PidFile /var/run/c-icap/c-icap.pid
PidFile /var/run/c-icap/c-icap-req.pid
# TAG: CommandsSocket
# Format: CommandsSocket socket_file
# Description:
# The path of file to use as control socket for c-icap
# Default:
# CommandsSocket /var/run/c-icap/c-icap.ctl
CommandsSocket /var/run/c-icap/c-icap-req.ctl
# TAG: Timeout
# Format: Timeout seconds
# Description:
# The time in seconds after which a connection without activity
# can be cancelled.
# Default:
# Timeout 300
Timeout 300
# TAG: MaxKeepAliveRequests
# Format: MaxKeepAliveRequests number
# Description:
# The maximum number of requests can be served by one connection
# Set it to -1 for no limit
# Default:
# MaxKeepAliveRequests 100
MaxKeepAliveRequests 100
# TAG: KeepAliveTimeout
# Format: KeepAliveTimeout seconds
# Description:
# The maximum time in seconds waiting for a new requests before a
# connection will be closed.
# If the value is set to -1, there is no timeout.
# Default:
# KeepAliveTimeout 600
KeepAliveTimeout 600
# TAG: StartServers
# Format: StartServers number
# Description:
# The initial number of server processes. Each server process
# generates a number of threads, which serve the requests.
# Default:
# StartServers 3
StartServers 3
# TAG: MaxServers
# Format: MaxServers number
# Description:
# The maximum allowed number of server processes.
# Default:
# MaxServers 10
MaxServers 10
# TAG: MinSpareThreads
# Format: MinSpareThreads number
# Description:
# If the number of the available threads is less than number,
# the c-icap server starts a new child.
# Default:
# MinSpareThreads 10
MinSpareThreads 10
# TAG: MaxSpareThreads
# Format: MaxSpareThreads number
# Description:
# If the number of the available threads is more than number then
# the c-icap server kills a child.
# Default:
# MaxSpareThreads 20
MaxSpareThreads 20
# TAG: ThreadsPerChild
# Format: ThreadsPerChild number
# Description:
# The number of threads per child process.
# Default:
# ThreadsPerChild 10
ThreadsPerChild 10
# TAG: MaxRequestsPerChild
# Format: MaxRequestsPerChild number
# Description:
# The maximum number of requests that a child process can serve.
# After this number has been reached, process dies. The goal of this
# parameter is to minimize the risk of memory leaks and increase the
# stability of c-icap. It can be disabled by setting its value to 0.
# Default:
# MaxRequestsPerChild 0
MaxRequestsPerChild 0
# TAG: Port
# Format: Port port
# Description:
# The port number that the c-icap server uses to listen to requests.
# Default:
# Port 1344
Port 1344
# TAG: User
# Format: User username
# Description:
# The user owning c-icap's processes. By default, the owner is the
# user who runs the program.
# Default:
# No value
# Example:
# User wwwrun
# TAG: Group
# Format: Group groupname
# Description:
# The group of users owning c-icap's processes, which, by default
# is the group of the current user.
# Default:
# No value
# Example:
# Group nogroup
# TAG: ServerAdmin
# Format: ServerAdmin admin_mail
# Description:
# The Administrator of this server. Used when displaying information
# about this server (logs, info service, etc)
# Default:
# No value
ServerAdmin you@your.address
# TAG: ServerName
# Format: ServerName aServerName
# Description:
# A name for this server. Used when displaying information about this
# server (logs, info service, etc)
# Default:
# No value
ServerName YourServerName
# TAG: TmpDir
# Format: TmpDir dir
# Description:
# dir is the location of temporary files.
# Default:
# TmpDir /var/tmp
TmpDir /var/tmp
# TAG: MaxMemObject
# Format: MaxMemObject bytes
# Description:
# The maximum memory size in bytes taken by an object which
# is processed by c-icap . If the size of an object's body is
# larger than the maximum size a temporary file is used.
# Default:
# MaxMemObject 131072
MaxMemObject 131072
# TAG: DebugLevel
# Format: DebugLevel level
# Description:
# The level of debugging information to be logged.
# The acceptable range of levels is between 0 and 10.
# Default:
# DebugLevel 1
DebugLevel 1
# TAG: ModulesDir
# Format: ModulesDir dir
# Description:
# The location of modules
# Default:
# ModulesDir /home/src/c_icap-0.2.5/lib/c_icap
ModulesDir /home/src/c_icap-0.2.5_req_mod/lib/c_icap
# TAG: ServicesDir
# Format: ServicesDir dir
# Description:
# The location of services
# Default:
# ServicesDir /home/src/c_icap-0.2.5/lib/c_icap
ServicesDir /home/src/c_icap-0.2.5_req_mod/lib/c_icap
# TAG: TemplateDir
# Format: TemplateDir dir
# Description:
# The location of the text templates used by c-icap and its services,
# categorized by language and services/modules
# Default:
# No value
# Example:
TemplateDir /home/src/c_icap-0.2.5_req_mod/share/c_icap/templates/
# TAG: TemplateDefaultLanguage
# Format: TemplateDefaultLanguage lang
# Description:
# Sets the default language to use for text templates
# Default:
# TemplateDefaultLanguage en
TemplateDefaultLanguage en
#TemplateReloadTime 360
#TemplateCacheSize 20
#TemplateMemBufSize 8192
# TAG: LoadMagicFile
# Format: LoadMagicFile path
# Description:
# Load a c-icap magic file. A magic file contains various
# data type definitions. Look inside default c-icap.magic file
# for more informations.
# It can be used more than once to use multiple magic files.
# Default:
# LoadMagicFile /home/src/c_icap-0.2.5/etc/c-icap.magic
LoadMagicFile /home/src/c_icap-0.2.5_req_mod/etc/c-icap.magic
# TAG: RemoteProxyUsers
# Format: RemoteProxyUsers onoff
# Description:
# Set it to on if you want to use username provided by the proxy server.
# This is the recomended way to use users in c-icap.
# If the RemoteProxyUsers is off and c-icap configured to use users or
# groups the internal authentication mechanism will be used.
# Default:
# RemoteProxyUsers off
RemoteProxyUsers off
# TAG: RemoteProxyUserHeader
# Format: RemoteProxyUserHeader Header
# Description:
# Used to specify the icap header used by the proxy server to send
# the authenticated client username to c-icap server
# Default:
# RemoteProxyUserHeader X-Authenticated-User
RemoteProxyUserHeader X-Authenticated-User
# TAG: RemoteProxyUserHeaderEncoded
# Format: RemoteProxyUserHeaderEncoded onoff
# Description:
# Set it to off if the RemoteProxyUserHeader is not base64 encoded
# Default:
# RemoteProxyUserHeaderEncoded on
RemoteProxyUserHeaderEncoded on
# TAG: AuthMethod
# Format: AuthMethod Method Authenticator
# Description:
# Used to define the internal authentication mechanism to use. This
# feature is not well tested and may cause problems. It is better to use
# RemoteProxyUser configuration.
# Method is the authentication method to use (basic, digest, etc).
# Currently only basic authentication method is implemented as build in
# module
# Authenticator currently can only be "basic_simple_db"
# It can be considered as a user/password store and can be
# implemented as external module. The basic_simple_db is implemented as
# build it module
# Default:
# No set
# Example:
# AuthMethod basic basic_simple_db
# TAG: basic.Realm
# Format: basic.Realm ARealm
# Description:
# Specify the basic method realm
# Default:
# basic.Realm "Basic authentication"
# Example:
# basic.Realm "c-icap server authentication"
# TAG: basic_simple_db.UsersDB
# Format: basic_simple_db.UsersDB LookupTable
# Description:
# Specify the lookup table where the usernames/passwords pairs
# are stored. The paswords must be unencrypted
# For more information about c-icap lookup tables read c-icap server
# manual page
# Default:
# No value
# Example:
# basic_simple_db.UsersDB hash:/usr/local/c-icap/etc/c-icap-users.txt
# TAG: GroupSourceByGroup
# Format: GroupSourceByGroup LookupTable
# Description:
# Defines a lookup table where the groups of users are stored indexed
# by group. It can be used more than once.
# For more information about c-icap lookup tables read c-icap server
# manual page
# Default:
# No set
# Example:
# GroupSourceByGroup hash:/usr/local/c-icap/etc/c-icap-groups.txt
# TAG: GroupSourceByUser
# Format: GroupSourceByUser LookupTable
# Description:
# Defines a lookup table where the groups of users are stored indexed
# by user. It can be used more than once.
# For more information about c-icap lookup tables read c-icap server
# manual page
# Default:
# No set
# Example:
# GroupSourceByUser hash:/usr/local/c-icap/etc/c-icap-user-groups.txt
# TAG: acl
# Format: acl name type[{param}] value1 [value2] [...]
# Description:
# Supported acl types are:
# acl aclname service service1 ...
# The servicename
# acl aclname type OPTIONS|RESPMOD|REQMOD ...
# The icap method
# acl aclname port port1 ...
# The icap server port
# acl aclname src ip1/netmask1 ...
# The client ip address
# acl aclname srvip ip1/netmask1 ...
# The c-icap server ip address
# acl aclname icap_header{HeaderName} value1 ...
# Matches the icap header HeaderName with value1 ...
# The values are in regex form: /avalue/
# acl aclname icap_resp_header{HeaderName} value1 ...
# The icap response header
# The values are in regex form: /avalue/
# acl aclname http_req_header{HeaderName} value1 ...
# The http request header
# The values are in regex form: /avalue/
# acl aclname http_resp_header{HeaderName} value1 ...
# The http response header
# The values are in regex form: /avalue/
# acl aclname data_type type1 ...
# The data type as recognized by the internal data type
# recognizer. The types are defined in c-icap.magic file
# acl aclname auth username|* ...
# The authenticated users. Using * instead of username means
# all users.
# acl aclname group group1 ...
# if the user of request belongs to given groups
# Default:
# None set
# Examples:
# acl OPTIONS type OPTIONS
# acl RESPMOD type RESPMOD
# acl REQMOD type REQMOD
# acl ALLREQUESTS type OPTIONS RESPMOD REQMOD
# acl XHEAD icap_header{X-Test} /value/
# acl ECHO service echo
# acl localnet src 192.168.1.0/255.255.255.0
# acl localhost src 127.0.0.1/255.255.255.255
# acl all src 0.0.0.0/0.0.0.0
# TAG: icap_access
# Format: icap_access allow|deny [!]acl1 ...
# Description:
# Allowing or denying ICAP access based on defined access lists
# Default:
# None set
# Example:
# icap_access deny XHEAD
# #Allow OPTIONS method for all:
# icap_access allow localnet OPTIONS
# #Require authentication for all users from local network:
# icap_access allow AUTH localnet
# icap_access deny all
# TAG: client_access
# Format: client_access allow|deny acl1 [acl2] [...]
# Description:
# Allowing or denying connections on c-icap based on
# defined access lists. Only the acl types src, srvip and port
# can be used.
# Default:
# None set
# Example:
# client_access allow all
# TAG: LogFormat
# Format: LogFormat Name Format
# Description:
# Name is a name for this log format.
# Format is a string with embedded % format codes. % format codes
# has the following form:
# % [-] [width] [{argument}] formatcode
# if - is specified then the output is left aligned
# if width specified then the field is exactly width size
# some formatcodes support arguments given as {argument}
#
# Format codes:
# %a: Remote IP-Address
# %la: Local IP Address
# %lp: Local port
# %>a: Http Client IP Address. Only supported if the proxy
# client supports the "X-Client-IP" header
# %<A: Http Server IP Address. Only supported if the proxy
# client supports the "X-Server-IP" header
# %ts: Seconds since epoch
# %tl: Local time. Supports optional strftime format argument
# %tg: GMT time. Supports optional strftime format argument
# %>ho: Modified Http request header. Supports header name
# as argument. If no argument given the first line returned
# %huo: Modified Http request url
# %<ho: Modified Http reply header. Supports header name
# as argument. If no argument given the first line returned
# %iu: Icap request url
# %im: Icap method
# %is: Icap status code
# %>ih: Icap request header. Supports header name
# as argument. If no argument given the first line returned
# %<ih: Icap response header. Supports header name
# as argument. If no argument given the first line returned
# %Ih: Http bytes received
# %Oh: Http bytes sent
# %Ib: Http body bytes received
# %Ob: Http body bytes sent
# %I: Bytes received
# %O: Bytes sent
# %bph: The first 5 bytes of the body preview data. Non
# printable characters printed in hex form.
# Supports the number of bytes to output as argument.
# %un: Username
# %Sl: Service log string
# %Sa: Attribute value set by service. The attribute name must
# given as argument.
# Default:
# None set
# Example:
# LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph"
# TAG: ServerLog
# Format: ServerLog LogFile
# Description:
# the file used by the build-in logger file_logger to
# store debugging information, errors and other
# information about the c-icap server.
# Default:
# ServerLog /home/src/c_icap-0.2.5/var/log/server.log
ServerLog /home/src/c_icap-0.2.5_req_mod/var/log/server.log
# TAG: AccessLog
# Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...]
# Description:
# LogFile is a file where to log access information.
# LogFormat is the log format to use. If ommited c-icap uses:
# "%tl, %la %a %im %iu %is"
# Also acls can be used to select certain requests to be logged.
# This directive can be used more than once to specify more than
# one access log files
# Default:
# AccessLog /home/src/c_icap-0.2.5/var/log/access.log
# Example:
# AccessLog /home/src/c_icap-0.2.5/var/log/access.log MyFormat all
AccessLog /home/src/c_icap-0.2.5_req_mod/var/log/access.log
# TAG: Logger
# Format: Logger LoggerName
# Description:
# Specify wich logger to use. By default uses the build in "file_logger" which
# uses files for access and server logging.
# Default:
# Logger file_logger
# Example:
# Logger sys_logger
# TAG: Module
# Format: Module Type ModuleFile
# Description:
# Load an external module/plugin to c-icap.
# ModuleFile is the filename of the module. If no full path given then c-icap
# searche in path defined by the ModulesDir configuration parameter.
# Type is the type of the external module and can be one of the following:
# - "logger" for modules implement a logger
# - "common" for general purpose modules
# Default:
#
# Example:
# Module logger sys_logger.so
# TAG: Service
# Format: Service aName ServiceFile
# Description:
# It loads the service ServiceFile. The argument aName used
# as alias name for the service
# Default:
#
# Example:
# Service echo_service srv_echo.so
# TAG: ServiceAlias
# Format: ServiceAlias AliasName ServiceName[?param1=value1¶m2=value2...]
# Description:
# Used to define an alias name for a service.
# Default:
#
# Example:
# ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple
#
# TAG: General configuration parameters for all services
# Description:
# PreviewSize: The preview data size to advertise to the icap client
# MaxConnections: The client should not use more than MaxConnections
# for this service.
# TransferPreview: The list of file extensions, seperated by commas,
# for which the client should send preview data.
# TransferIgnore: The list of file extensions that should not be sent
# to the icap server
# TransferComplete: The list of file extensions that should be sent
# in their entirety, without preview, to the icap server
# OptionsTTL: The options ttl for the service. The "sec[s]", "min" or
# "hour[s]" can be used to secify that the time is in seconds
# minutes or hours respectively. If no time-units given
# seconds are assumed.
# Allow206 on|off: Enable/disable advertise of 206 responses.
#
# Example:
# echo.PreviewSize 512
# echo.TransferIgnore gif, jpeg
# echo.OptionsTTL 3 min
######################################################
# External modules comming with core c-icap server
#
# Module: echo
# Description:
# Simple test service
# Example:
# Service echo srv_echo.so
Service echo srv_echo.so
######此处是将services库添加进来,其他地方大部分不用改,部分路径依实际情况更改
Service ex206 srv_ex206.so
# Module: sys_logger
# Description:
# Add support for logging access and server events to syslog server
# Use "Module" configuration parameter to load this module and "Logger"
# to make it default logger for the c-icap.
# Example:
# Module logger sys_logger.so
# Logger sys_logger
# TAG: sys_logger.Prefix
# Format: sys_logger.Prefix string
# Description:
# string is be presented in every syslog message.
# Default:
# sys_logger.Prefix "C-ICAP:"
# TAG: sys_logger.Facility
# Format: sys_logger.Facility daemon|user|local1|local2|local3|local4|local5|local6|local7
# Description:
# specifies the facility type of syslog.
# Default:
# sys_logger.Facility daemon
# TAG: sys_logger.access_priority
# Format: sys_logger.access_priority alert|crit|debug|emerg|err|info|notice|warning
# Description:
# determines the importance of the access log message
# Default:
# sys_logger.access_priority info
# TAG: sys_logger.server_priority
# Format: sys_logger.server_priority alert|crit|debug|emerg|err|info|notice|warning
# Description:
# determines the importance of the server log message
# Default:
# sys_logger.server_priority crit
# TAG: sys_logger.LogFormat
# Format: sys_logger.LogFormat LOGFORMAT
# Description:
# The log format to use. If no log format defined then
# the following will be used:
# "%la %a %im %iu %is"
# Default:
# None set
# Example:
# Logformat BasicFormat "%la %a %im %iu %is"
# sys_logger.LogFormat BasicFormat
# TAG: sys_logger.access
# Format: sys_logger.access [!]acl1 ...
# Description:
# Allow selecting ICAP requests to be logged using acls.
# By default all requests will be logged.
# Default:
# None set
# Example:
# sys_logger.access all
# End module: sys_logger
# Module: bdb_tables
# Description:
# Add support for Berkeley DB based lookup tables. The format for
# bdb path of the lookup table is:
# bdb:/path/to/bdb
# Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables
# Example:
# Module common bdb_tables.so
# End module: bdb_tables
# Module: dnsbl_tables
# Description:
# Add support for dns lookup tables. Can be used to access
# dns block lists. The dnsbl lookup table path definition is:
# dnsbl:domainname
# For example the lookup table for accessing the black.uribl.com
# dns black list is:
# dnsbl:black.uribl.com
# Example:
# Module common dnsbl_tables.so
# End module: dnsbl_tables
# Module: ldap_module
# Description:
# Add LDAP support to c-icap. The user can use LDAP based lookup tables
# using the following lookup table path:
# ldap://[username:password@]ldapserver?base?attr1,attr2?filter[{[cache=no]}]
# The filter can contain the "%s" formating code which will be replaced by
# the search key
# Examples of supported ldap urls:
# ldap://ldap.chtsanti.net?o=chtsanti?cn,uid?uid=%s
# ldap://cn=Directory Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))
#
# WARNING: is not enough tested it may contain bugs!
# Example:
# Module common ldap_module.so
# End module: ldap_module
####包含services库
Include srv_xxxxxxx.conf
--------------------------------------------------------------------end--------------------------------------------------------------------
更改后将各自进程重启,生效。
- squid+icap测试配置
- squid+icap测试配置
- squid+icap+clamav网关杀毒
- Netscreen + Squid (Transparent) + c-icap + ClamAV
- squid测试
- squid 配置
- squid配置
- squid配置
- squid配置
- squid配置
- squid配置
- Squid配置
- squid配置-squid详细配置
- CentOS 7 配置squid 透明代理(测试笔记)
- squid 压力测试工具
- Squid 安装测试
- Squid配置与认证
- squid快速配置
- STM8SCPU简介
- 解决Eclipe安装不上androd的ADT的办法
- linux如何查看系统信息
- 如何解决win7下一些exe图标丢失的问题
- mpd起不来
- squid+icap测试配置
- ORB算法分析(草稿)
- 使用YUI Compressor压缩CSS/JS
- 本机设备驱动程序
- 【web前端面试题整理07】我不理解表现与数据分离。。。
- java第二章
- 结构体指针和结构体对象的创建、置空、赋值以及与string的转换
- 数据库锁
- 阿里云开放云搜索初探