Re: [squid-users] Squid proxy is very slow for web browsing in "near default" config

Thank you. Comments inline.

On Sun, Jan 10, 2010 at 5:49 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> Dave T wrote:
>>
>> I just set up squid for the first time. It is on a Ubuntu box hosted
>> on Linode.com. I have zero experience with proxy servers. I used this
>> guide:
>> http://news.softpedia.com/news/Seting-Up-a-HTTP-Proxy-Server-with-Authentication-and-Filtering-52467.shtml
>
> Eeek! That tutorial is advising people to create open proxies for global public access (allow all).

I think that is just for initial testing. The tutorial actually
changes that in the second step.

>
>
>>
>> (I also looked at a few other guides such as this one:
>> http://ubuntuforums.org/showthread.php?t=320733. However, I wanted to
>> most barebones config to start with and the link I used was the
>> simplest I found.)
>
> The simplest and safest documentation is in:
>  /usr/share/doc/squid-common/QUICKSTART
> or
>  /usr/share/doc/squid3-common/QUICKSTART
>
> ... which outlines the minimal config changes to go from a clean install of your particular version to a working proxy.

Thanks. Amazing that I looked everywhere else but on my local HDD. :)
>
>
>>
>> So now that I have it set up, I'm testing it with FoxyProxy. It is not
>> working well. Many web pages do not load completely. Some load very
>> slowly. A few load fast (but even then, some images are often
>> missing). Many times I have to try an address several times before a
>> page will even start to load.
>>
>> I am using iptables. When I turn the firewall off, I have slightly
>> less problems, but nothing significantly changes. I don't want to
>> leave the firewall off, so I took a few ideas from here:
>> http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
>> But the changes I put in actually made the performance a little worse
>> than before. And like I said, even with the firewall off, the problems
>> I described remain.
>>
>> What should I look at next to begin to understand my problem? Thanks.
>
> Coming here was a good start.
>
> We are going to need to known the version of Squid you are using, there are a dozen or more available on Ubuntu.
>
I assume this will give more than enough info:

$ dpkg -s squid
Package: squid
Status: install ok installed
Priority: optional
Section: web
Installed-Size: 1584
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss_at_lists.ubuntu.com>
Architecture: i386
Version: 2.6.18-1ubuntu3
Replaces: squid-novm
Depends: adduser, libc6 (>= 2.4), libdb4.6, libldap-2.4-2 (>= 2.4.7),
libpam0g (>= 0.99.7.1), logrotate (>= 3.5.4-1), lsb-base, netbase,
squid-common (>= 2.6.18-1ubuntu3), ssl-cert (>= 1.0-11ubuntu1)
Pre-Depends: debconf (>= 1.2.9) | debconf-2.0
Suggests: logcheck-database, resolvconf (>= 0.40), smbclient,
squid-cgi, squidclient, winbind
Conflicts: sarg (<< 1.1.1-2), squid-novm
Conffiles:
 /etc/init.d/squid 19cb626e40f26e79596786ca3dbf991e
 /etc/logrotate.d/squid 04a97ec018c01cd54851de772812067f
 /etc/resolvconf/update-libc.d/squid c066626f87865da468a7e74dc5d9aeb0
Description: Internet object cache (WWW proxy cache)
 This package provides the Squid Internet Object Cache developed by
 the National Laboratory for Applied Networking Research (NLANR) and
 Internet volunteers.
Homepage: http://www.squid-cache.org/
Original-Maintainer: Luigi Gangitano <luigi_at_debian.org>

Linux Linode01 2.6.18.8-linode19 #1 SMP Mon Aug 17 22:19:18 UTC 2009
i686 GNU/Linux

>
> Also, we are going to have to see what squid.conf you have ended up working with. Minus the documentation comments and empty lines please.

Here is what I am using for TESTING only. I was getting TCP_DENIED/407
errors in the log, so I made an attempt to test it with no auth
required at all. (Not sure if I achieved that with this config or not,
but the problems didn't go away.)

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow all
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid

>
>
>>
>> BTW, is there a recent preconfigured squid virtual appliance that I
>> could host on Amazon EC2 (or similar) that would be suitable for my
>> own personal proxy server?
>
> Not that I'm aware of. There have been several attempts in the last years to get a current Squid appliance made. But none of those people have reported back even to advertise their wares.
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
>  Current Beta Squid 3.1.0.15
Received on Mon Jan 11 2010 - 16:25:44 MST