Re: Proxy-only squid setup (was: Re: Redirecting squid requests

From: WWW server manager <>
Date: Thu, 6 Nov 1997 10:04:54 +0000 (GMT)

I had a look at setting up proxy-only Squid a while ago, but can't claim great
experience. Most of my comments below are simply from thinking about the

Stewart Forster wrote:
> > cache_mem 0
> > # good idea/bad idea? cache_mem always puzzles me
> BAD idea. You need cache_mem to at least temporarily store the incoming
> object into before it gets tossed away anyway. Set cache_mem to say 32M.

Unless you're using NOVM... But either way, when I looked briefly at doing
this a while back, I observed that even if Squid was told to cache nothing
and its cache_swap was set to zero, it still wrote the objects into cache
files before immediately discarding them. I thought that using normal Squid
rather than NOVM would mean they just went straight through memory without
the I/O overhead, but that didn't seem to be the case.

> > cache_swap 0
> > # nothing to cache nothing to swap?
> Probably also bad. Set it to 32M also. Squid likes to think it has
> stuff to swap into, even if it actually won't need it. You might like to look
> at pointing your swap dir at a tmpfs mounted directory.

Empirically, all objects will be written out anyway, but then deleted, so
the nominal size is zero but in reality space will be used...

tmpfs seems like a bad idea since

(a) the cache/log file will be written there as well and that can grow to
hundreds of megabytes quite quickly (though if nothing is being cached, it's
a waste of space...), and

(b) squid needs a valid cache hierarchy into which to save objects, even
when it is nominally just proxying; if you use tmpfs, the cache directory
structure would need to be rebuilt every time the system was rebooted.

(c) If tmpfs equates to /tmp, beware the security issues relating to
directories writable by anyone and where, in consequence, anyone can try and
sabotage you e.g. by creating symlinks pointing to embarrassing places. Less
of a problem if it's on a dedicated system and/or the software using /tmp
sets things up before the users get a chance to log on. Also, assuming as in
Solaris 2 that tmps is simply some or all of swap space, you could have a
conflict between other activities on the system using swap and making tmpfs
dynamically too small, or conversely the cache (e.g. the cache/log file, but
also the substantial number of directories in the cache structure) eating
into the available swap space...

                                John Line

University of Cambridge WWW manager account (usually John Line)
Send general WWW-related enquiries to
Received on Thu Nov 06 1997 - 02:18:21 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:27 MST