On Mon, 6 Jun 2005, Chris Robertson wrote:
-----Original Message-----
From: Richard 'toast' Russo [mailto:russor@xxxxxxxx]
Sent: Friday, June 03, 2005 11:29 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: [squid-users] Accelerator and ICP
I'm setting up a squid proxy to reduce load on a partner's origin servers.
Right now I have two machines, and am using Apache mod_proxy, because it
was quick to setup, but I'd like to switch to squid so I can check my
cache peer before going to the origin server, and also generate better
statistics. (The partner really wants us to reduce the amount of traffic
going to their servers)
It looks like I definitely want to do something like
http_port 80
httpd_accel_host partner.example.org
httpd_accel_port 80
And maybe I need to add
httpd_accel_with_proxy on
cache_peer otherhost sibling 3128 3130
I'm worried that by adding httpd_accel_with_proxy on, I may be opening my
servers up to proxy the world for everybody (especially if I don't write
good acls)
Would it be better to setup squid as a 'regular' proxy on port 3128, and
configure apache on port 80 to be an accelerator proxy using squid?
Thanks,
Richard
For what it's worth, good ACLs in this case (assuming that all this Squid is
doing is acceleration duty) would simply be something like:
acl partner dst partner.example.org
http_access deny !partner
Or if you don't like double negatives:
acl partner dst partner.example.org
http_access allow partner
http_access deny all
Thanks, this is a lot simpler than I thought it would be. :)
Serving as an accelerator is much lighter duty for Squid than serving as a
general web cache. While you could set the two boxes up as cache peers, I
don't think you would see much benefit, as each box should be able to cache
the entire website. Cache peers are really useful when you have more to
cache than you can fit on one box (like the entire internet).
I need two boxes for redundancy. And actually I'll need four boxes over
two colos if this stays in production very much longer. I'm hoping this
cache is a temporary fix for some big configuration issues with our normal
cache that are beyond my immediate control. So far, our partners have
seen a 50% reduction in traffic attributed to our site with two distinct
caches... And the stats I've run suggest I can reduce that even further
with the caches talking to each other.
