On 23/10/10 03:01, Ananth wrote:
> Dear team,
>
> I run a Squid Cache: Version 3.1.8. i have a problem when my
> client_http.requests = is more than 200/sec. pages doesn't browse but
> when the request are less than 200 i dont find any problem. i don't
> see any errors in /etc/var/squid/cache.log. my file descriptors is
> 32768.
>
> Please find my configuration below and do suggest me if i m any where
> wrong in my configuration.
There is nothing visibly wrong with the below config. It's essentially
the default one which most are using happily.
I've pointed out a few bits which could be improved for overall speed,
but the gains are not ones which would suddenly cut in like that.
What does "squid -v" produce? and what OS is this on please?
>
> Thanks in advance.
>
> my h/w details is as fallows:
> CPU: 3.00 GHZ XEON processor
> RAM: 8 GB
> HDD: 148 GB * 2 SAS HDD
>
> my ulimint -n = 32768
>
> File descriptor usage for squid:
> Maximum number of file descriptors: 32768
> Largest file desc currently in use: 6064
> Number of file desc currently in use: 5656
> Files queued for open: 0
> Available number of file descriptors: 27112
> Reserved number of file descriptors: 100
> Store Disk files open: 119
>
> my squid.conf:
>
> ########### Start of squid.conf #created by ANANTH#############
> cache_effective_user squid
> cache_effective_group squid
effective-group is a piece of major voodoo with VERY limited real
use-cases. *general* recommendation is to trust the OS security settings
membership of "squid" user and remove that group option from the config.
>
> http_port 3128 transparent
With 3.1 this is now "intercept" to avoid confusion with tproxy
(transparent proxy).
>
> # httpd_accel_host virtual
> # httpd_accel_port 80
> # httpd_accel_with_proxy on
> # httpd_accel_uses_host_header on
Um, those should be removed.
From your choice of "transparent" as a replacement I'm assuming you
want this as a transparent interception-proxy.
If you want it as a reverse-proxy (what those old config lines did)
that is a whole separate config now.
>
> # cache_dir aufs /var/spool/squid 16384 32 512
> #--This has been inserted to check the cache--
> #cache_dir ufs /var/spool/squid 16384 16 256
> #cache_dir ufs /cache0/squid 16384 16 256
> #cache_dir ufs /squid0/squid 16384 16 256
> cache_dir aufs /squid1/squid 16384 32 512
> #cache_dir /tmp null
>
> cache_access_log /var/log/squid/access.log
> cache_log /var/log/squid/cache.log
> cache_store_log none
> logfile_rotate 7
> emulate_httpd_log on
Drop "emulate_httpd_log" and "cache_access_log".
Use this instead for the same output slightly faster:
access_log /var/log/squid/access.log common
>
> cache_mem 3 GB
> maximum_object_size_in_memory 256 KB
> memory_replacement_policy lru
> cache_replacement_policy lru
> maximum_object_size 64 MB
>
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
Drop the QUERY and cgi-bin stuff here. It will be forcing your Squid to
do slow network fetches for a lot of otherwise cacheable dynamic pages.
There is a refresh_pattern below which fixes up the non-cacheable ones
behaviour.
>
> hosts_file /etc/hosts
Just a note:
I've been seeing this in a lot of tutorials lately. This is not
needed unless you have a weird location for the hosts file (ie
/home/youraccount/hosts).
There are ./configure options that should be used to integrate
correctly with the OS filesystem. This fixes a lot of file and folder
paths. Details in the squid wiki about each OS type.
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
Add this right here:
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 40% 4320
>
> ##Define your network below
>
> #acl mynetwork src 192.168.0.0/24
> acl mynetwork src 192.168.106.0/24 # cbinetwork private
> acl mynetwork src 192.168.107.0/24 # cbinetwork private
> acl mynetwork src 192.168.110.0/24 # cbinetwork private
> acl mynetwork src 192.168.120.0/24 # cbinetwork private
> acl mynetwork src 192.168.121.0/24 # cbinetwork private
> acl mynetwork src 192.168.130.0/24 # cbinetwork private
> acl mynetwork src 192.168.150.0/24 # cbinetwork private
> acl mynetwork src 192.168.151.0/24 # cbinetwork private
> acl mynetwork src 192.168.160.0/24 # cbinetwork private
> acl mynetwork src 10.100.101.0/24 # cbinetwork private
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl localhost src ::1/128
> acl to_localhost dst 127.0.0.0/8
> acl to_localhost dst ::1/128
> acl purge method PURGE
> acl CONNECT method CONNECT
>
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
>
> acl Safe_ports port 1025-65535 #unregistered ports
>
> acl SSL_ports port 443 563
>
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
Um do you actually need PURGE?
If not remove it entirely from the config. Including the ACL
definition. Simply defining it makes Squid do more work tracking every
request.
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> http_access allow localhost
> http_access allow mynetwork
> # http_access deny all
"deny all" is the implicit final rule anyways. Leaving it configured
helps to make it explicitly clear where the denial happens.
> http_reply_access allow all
> icp_access allow mynetwork
>
> # icp_access deny all
>
> visible_hostname proxy.cbinet.bi
>
> coredump_dir /squid1/squid
>
> #
> ###############################################
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2Received on Sat Oct 23 2010 - 00:19:23 MDT
This archive was generated by hypermail 2.2.0 : Sat Oct 23 2010 - 12:00:04 MDT