Re: [squid-users] large config file issues?

From: Amos Jeffries <>
Date: Wed, 24 Aug 2011 18:02:13 +1200

On 24/08/11 05:51, Daniel Alfonso wrote:
> Hello, Squid noob here...

Squid version please?

> I have about 250 or so different sites that I want to setup in SSL reverse proxy mode
> I have a unique ip bound per site and the 250+ ips are responding on the interface
> I am using the following template to build my config and running into parsing issues (lines may wrap in email)
> "
> http_port SQUIDSERVERIP:80 accel defaultsite=www.DOMAIN
> https_port SQUIDSERVERIP:443 accel cert=/certs/DOMAIN.crt key=/certs/DOMAIN.key cafile=/certs/gd_bundle.crt defaultsite=www.DOMAIN
> cache_peer ORIGINSERVERIP parent 80 0 no-query originserver name=SITENAMEaccel
> acl SITENAMEacl dstdomain www.DOMAIN
> acl SITENAMEacl dstdomain DOMAIN
> cache_peer_access SITENAMEaccel allow SITENAMEacl
> http_access allow SITENAMEacl
> "
> 1 or 2 sites work ok, but at 1700+ lines full config does not work. I get random parse errors which leads me to believe I'm not building this config as efficiently as I could

Really? Inefficient config should only impact the performance. The only
size limits in squid.conf are individual line lengths (256 bytes in some
versions, a few KB in others). And total available RAM.
  - if you have long domain names, you will probably want to convert
those key filenames to IP-indexed and compact them into a .PEM file for

Take a good look (squid -k parse) at the lines its complaining about.
And why.
  * Do you have any entries with duplicate values? With this template
only ORIGINSERVERIP can be repeated in the whole database of clients.
   - you may need to alter your template into several pieces. Producing
a separate list of unique values for each of cache_peer, https_port and
acl records.

If you have a version 3.1+ or 2.7 you can use include directive to grok
an entire directory of config snippets.

  include /etc/squid/squid.conf.d/*

To improve speed I'd cut the http_access down to one line following the
   http_access allow allSites

And change the template acl lines to be:
  acl allSites dstdomain .DOMAIN
  acl SITENAMEacl dstdomain .DOMAIN


Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for
Received on Wed Aug 24 2011 - 06:02:27 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 24 2011 - 12:00:10 MDT