Re: [squid-users] No great results after 2 weeks with squid

On Tue, 18 Dec 2007, Amos Jeffries wrote:

>> Hi List,
>>
>> I've being testing and studying squid for almost two weeks now and I'm
>> getting no results. I already understood the problems related to http
>> headers where in most cases web servers administrators or programmers
>> are creating more and more dynamic data which is bad for caching. So,
>> I installed CentOS 5 along with 2.6.STABLE6 using yum install and set
>> only an ACL for my internal network. After that I set also
>> visible_hostname to localhost since quid was complaining about it.
>
> Your DNS is broken silghtly. Any web-service mserver should have a FQDN
> for its hostname. Many programs like squid use the hostname in their
> connections outward, and many validate all connecting hosts before
> accepting data traffic.
>
>> Now, as I a stated already I read a lot regarding to squid including
>> some tips in order to optimize sda access or increasing memory size
>> limit but shouldn't squid be working great out-of-the-box?! Oh, I
>
> It does ... for a generic 1998-era server.
> To work these days the configuration is very site-specific.
>
>> forgot my problem is that on mysar that I installed in order to see
>> the performance I only see 0% of TRAFFIC CACHE PERCENT when already
>> visited almost 300 websites. In some ocassions I see 10% or even
>> 30/40% but for almost of 98% of websites I get 0%.
>
> The would be ones including '?' in the URI methinks.
>
>>
>> So my questions are:
>> - Should Squid be taking only in consideration for large environments
>> with hundreds or even thousands of people accessing web?!
>> - In these days a proxy like Squid for caching purposes is more a
>> "have to have" or a "must to have" when for almost every site proxy's
>> are skipped and the wan speed access are increasing every day now!?
>>
>> Thanks!
>>
>> By the way:
>>
>> I intend use Squid for caching purposes only since I already have
>> Cisco based QOS and bandwidth management. My deploying site as only at
>> most 5 people accessing web simultaneous under a 8Mb dsl connection.
>
> Well then as said earlier, you need more than 100MB of data cache, and
> probably more than 64MB of RAM cache.
>
>> My current config is:
>>
>> http_port 3128
>> hierarchy_stoplist cgi-bin ?
>> acl QUERY urlpath_regex cgi-bin \?
>> cache deny QUERY
>
> Right here you are non-caching a LOT of websites, some of which are
> actually cachable.
>
> We now recommend using 2.6STABLE17 with some new refresh_pattern set instead.
>
> refresh_pattern cgi-bin 0 0% 0
> refresh_pattern \? 0 0% 0
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440

also add these refresh_pattern lines here and see if it helps...

refresh_pattern -i \.exe$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.zip$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.tar\.gz$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.tgz$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.mp3$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.ram$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.jpeg$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.gif$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.wav$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.avi$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.mpeg$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.mpg$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.pdf$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.ps$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.Z$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.doc$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.ppt$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.tiff$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.snd$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.jpe$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.midi$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.ico$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.mp3$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.bin$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.jpg$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.wmv$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.flv$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.swf$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern . 0 35% 6480

> refresh_pattern . 0 20% 4320
>
>
>> acl apache rep_header Server ^Apache
>> broken_vary_encoding allow apache
>> cache_mem 64 MB
>> maximum_object_size 40 MB
>
> You will get at most 3 of these in the cache the way things are.
> It will also skip most video and download content. To do bandwidth-saving
> you should have gigs of disk available, and max object should be at least
> 720MB.
>
>> access_log /var/log/squid/access.log squid
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern . 0 20% 4320
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl to_localhost dst 127.0.0.0/8
>> acl SSL_ports port 443
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
>> acl myNetwork src 10.10.1.0/255.255.255.0
>> http_access allow manager localhost
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access allow localhost
>> http_access allow myNetwork
>> http_access deny all
>> http_reply_access allow all
>> icp_access allow all
>
> Stand alone squid does not need ICP. Drop that.
>
>> cache_effective_user squid
>> cache_effective_group squid
>
> These are better left to the OS. Slight misconfigurations here can really
> screw your system security.
>
>> delay_pools 1
>> delay_class 1 1
>> delay_parameters 1 -1/-1
>
> These are useless. The delay_parameters effectivly say no pooling.
>

also

reload_into_ims on

Manoj

>> coredump_dir /var/spool/squid
>> visible_hostname localhost
>
> This soulhd be a publicly accessible FQDN. It is the name squid connects
> outbound with. If the machine is a server (likely) its hostname should be
> a FQDN to communicate well with the Internet.
>
>
> Amos
>
>

--