Re: [squid-users] Large Solaris (2.8) Squid Server Advice Needed

Here is my draft squid.conf file, and my configure options when I built
squid..

NOTE ** I am now looking to turn both of my squid servers into cache peers
of each other. Both machines have two network interfaces, and I plan on
dedicating one of these for a "private" LAN connection solely for ICP use.
Am I stating this properly within my squid.conf? I wish to ensure that
inter-caching a) does not leak out of interface A, only interface B (my
private LAN) and that between these two machines on LAN B (again, private
LAN), that they are able to access each others cache freely.

Thank you all!

.vp

----------BUILD LINE-------

./configure --prefix=/opt/squid/current --enable-storeio=ufs,aufs
--enable-icmp --enable-err-languages=English
--enable-default-err-language=English --disable-hostname-checks
--enable-underscores --enable-stacktrace --enable-async-io --enable-snmp
--enable-removal-policies=heap,lru

## Is there any purpose to specifying both ufs *and* aufs for
--enable-storeio?
## I built with just aufs and it seems to be working fine, though I haven't
really
## stressed it much.

-------- SQUID.CONF -------

http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir aufs /usr/local/squid/cache 51200 64 256
# Increase maximum object size ?
maximum_object_size 32 MB
# Use this instead?
# maximum_object_size 5000000 KB
cache_mem 4 MB
cache_swap_low 97
cache_swap_high 100

ipcache_size 4096
ipcache_low 90
ipcache_high 95
fqdncache_size 4096
buffered_logs off
# Use heap LFUDA replacement policy:
cache_replacement_policy heap LFUDA
cache_access_log /usr/local/squid/var/logs/access.log
# cache_access_log /usr/local/squid/cache
# cache_log /dev/null
# cache_store_log none
ftp_user squid_ftp@
# Keep?
# diskd_program /usr/local/squid/libexec/diskd
debug_options ALL,1
#reference_age 6 month
quick_abort_min 1 KB
quick_abort_max 1048576 KB
quick_abort_pct 90
connect_timeout 30 seconds
read_timeout 5 minutes
request_timeout 30 seconds
client_lifetime 2 hour
half_closed_clients off
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 15 seconds
# request_body_max_size 50 MB
request_header_max_size 100 KB
request_body_max_size 1000 KB

refresh_pattern ^ftp: 1440 50% 86400
reload-into-ims
refresh_pattern ^gopher: 1440 0% 1440
reload-into-ims
refresh_pattern . 0 50% 86400
reload-into-ims

acl DIALUPS src 192.168.0.0/16
acl IntraNet_One src 12.20.0.0/16
acl IntraNet_Two src 12.30.0.0/16
acl BACKUPS src 12.40.0.0/16
acl ICP_ONE src 10.20.30.2/255.255.255.252
acl ICP_ONE src 10.20.30.2/255.255.255.252
#
# Everyone Else
#
acl all src 0.0.0.0/255.255.255.255
#
http_access allow DIALUPS
http_access allow IntraNet_One
http_access deny IntraNet_Two
http_access allow BACKUPS
#
http_access deny all
acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255
#
# Define Safe Ports to use.
#
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
#
# Define SSL Ports
#
acl SSL_ports port 443 563

acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#
# http_access allow all
#
# ??? One per each network as above?
#
http_reply_access allow Remote_Access
#
http_reply_access allow DIALUPS
http_reply_access allow IntraNet_One
http_reply_access deny IntraNet_Two
http_reply_access allow BACKUP
#
http_reply_access deny all

cache_mgr squidmgr@vadims.edu

visible_hostname squidproxy-1

logfile_rotate 14

coredump_dir /usr/local/squid/var/cache

cache_effective_user nobody
cache_effective_group nobody

# CACHE PEER
icp_port 3130
# icp_access allow all
# Is this correct?
icp_access allow ICP_ONE
icp_access allow ICP_TWO

#
cache_peer 10.20.30.2 sibling 3128 3130

# The other host has
# cache_peer 10.20.30.3 sibling 3128 3130

peer_connect_timeout 10 seconds
dns_testnames localhost

------- END OF SQUID.CONF FILE ----

>From: Matus UHLAR - fantomas <uhlar@fantomas.sk>
>To: squid-users@squid-cache.org
>Subject: Re: [squid-users] Large Solaris (2.8) Squid Server Advice Needed
>Date: Thu, 10 Nov 2005 10:37:59 +0100

>On 08.11 14:01, Vadim Pushkin wrote:

> > My responses below. Thank you all for the assistance, very much
> > appreciated. Is anyone interested in my posting the final squid.conf
>when
> > this is all said and done?
>
> > >I hope you configured squid with heap removal policies and async IO
>allowed
> >
> > I've configured squid like this:
> >
> > ./configure --prefix=/usr/local/squid --enable-storeio=diskd,ufs
>--enable-i
> > cmp --enable-snmp --enable-err-languages=English
> > --enable-default-err-language=E
> > nglish --disable-hostname-checks --enable-underscores
>--enable-stacktrace
> >
> > What am I missing, if anything?
> > These?
> >
> > --enable-heap-replacement
>
>--enable-removal-policies=heap,lru
>
> > --enable-async-io[=N_THREADS] (Leave N blank?)
>
>yes.
>
> > I will test with your suggests using aufs. Thank you very much, though
>I
> > did not even think of using aufs as an option. Shall I compile like
>this?
> >
> > --with-aufs-threads=N_THREADS (Leave N blank?, or do not use?)
>
>i think you don't need to use this
>
> > --enable-storeio=ufs,aufs
>
>yes.
>
> > At the moment I am having a discussion on why we should not be using
> > Veritas Disk Suite, I couldn't care less if we lose this data, and the
> > mirror overhead will slow things down alot, no?
>
>if you have HW mirror, it should not slow writes much, but it would speed
>up
>reads. it depends how much will you miss your cache if you loose it.
Received on Thu Nov 10 2005 - 12:41:26 MST