OK, so I've got Squid 3.1.6 (from Debian Wheezy) running on a OpenVZ
container. There are very few users, often just one at a time - we use
this for caching and filtering customer computers being repaired in a
small computer repair shop.
Any time we download anything over a couple of megabytes in size, the
CPU hits 100%, and the download gets progressively slower. Starts off
around the network speed (100mbps) but over a period of about 30 seconds
it will drop down to as low as 20KB/s (200kbps). Sometimes it gets even
worse...
It also appears that the longer the server is up, the worse it gets. If
we reboot it, the CPU still hits 100%, but the speeds drop far slower.
Once it's been running for a few days, it will run at dialup pace almost
instantly on bigger files.
I've checked some of the possible causes suggested by Google, but most
things that come up are defaults in my config, so presumably aren't the
problem.
Below is the config with comments removed. The couple of included files
in the ACLs are very small (the regex one is only about maybe 5 lines).
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl bench_lan src 192.168.42.0/24
acl wireless_lan src 192.168.21.0/24
acl normal_lan src 192.168.1.0/24
acl vlans src 192.168.2.0/24
acl VIP_bench src 192.168.42.2/32-192.168.42.29/32
acl VIP_wireless src 192.168.21.2-192.168.21.29/32
acl banned-for-all dstdomain "/etc/squid3/banned-all-clients.conf"
acl product_updates dstdomain "/etc/squid3/wifi-allowed-domains.conf"
acl bench_sites dstdomain "/etc/squid3/bench-allowed-domains.conf"
acl spybot_update url_regex "/etc/squid3/spybot-update-urls.conf"
acl trend-activation browser TMhtload
acl google dstdomain www.google.com
acl fixSupportMicrosoft dstdomain support.microsoft.com
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow trend-activation google
http_access deny banned-for-all
http_access allow normal_lan
http_access allow VIP_bench
http_access allow VIP_wireless
http_access allow bench_lan product_updates
http_access allow bench_lan bench_sites
http_access allow bench_lan spybot_update
http_access allow vlans product_updates
http_access allow vlans bench_sites
http_access allow vlans spybot_update
http_access allow wireless_lan product_updates
http_access allow wireless_lan spybot_update
http_access deny wireless_lan
http_access deny bench_lan
http_access deny vlans
http_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
maximum_object_size 350 MB
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
shutdown_lifetime 5 seconds
deny_info DENIED_LODERS_WIFI wireless_lan
deny_info DENIED_LODERS_BENCH optus firefox
deny_info DENIED_LODERS_BENCH bench_lan
deny_info DENIED_LODERS_BENCH vlans
append_domain .loders
Anyone got any ideas where I've gone wrong?
Tim B
Received on Wed Jul 24 2013 - 04:01:30 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 24 2013 - 12:00:43 MDT