Re: [squid-users] large config file issues? from Amos Jeffries on 2011-08-24 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 24 Aug 2011 18:02:13 +1200

On 24/08/11 05:51, Daniel Alfonso wrote:
> Hello, Squid noob here...
>

Squid version please?

> I have about 250 or so different sites that I want to setup in SSL reverse proxy mode
> I have a unique ip bound per site and the 250+ ips are responding on the interface
> I am using the following template to build my config and running into parsing issues (lines may wrap in email)
>
> "
> http_port SQUIDSERVERIP:80 accel defaultsite=www.DOMAIN
> https_port SQUIDSERVERIP:443 accel cert=/certs/DOMAIN.crt key=/certs/DOMAIN.key cafile=/certs/gd_bundle.crt defaultsite=www.DOMAIN
> cache_peer ORIGINSERVERIP parent 80 0 no-query originserver name=SITENAMEaccel
> acl SITENAMEacl dstdomain www.DOMAIN
> acl SITENAMEacl dstdomain DOMAIN
> cache_peer_access SITENAMEaccel allow SITENAMEacl
> http_access allow SITENAMEacl
> "
>
> 1 or 2 sites work ok, but at 1700+ lines full config does not work. I get random parse errors which leads me to believe I'm not building this config as efficiently as I could

Really? Inefficient config should only impact the performance. The only
size limits in squid.conf are individual line lengths (256 bytes in some
versions, a few KB in others). And total available RAM.
- if you have long domain names, you will probably want to convert
those key filenames to IP-indexed and compact them into a .PEM file for
loading.

Take a good look (squid -k parse) at the lines its complaining about.
And why.
* Do you have any entries with duplicate values? With this template
only ORIGINSERVERIP can be repeated in the whole database of clients.
- you may need to alter your template into several pieces. Producing
a separate list of unique values for each of cache_peer, https_port and
acl records.

If you have a version 3.1+ or 2.7 you can use include directive to grok
an entire directory of config snippets.

ie:
include /etc/squid/squid.conf.d/*

To improve speed I'd cut the http_access down to one line following the
templates:
http_access allow allSites

And change the template acl lines to be:
"
acl allSites dstdomain .DOMAIN
acl SITENAMEacl dstdomain .DOMAIN
"

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for 3.2.0.10

Received on Wed Aug 24 2011 - 06:02:27 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 24 2011 - 12:00:10 MDT