Here is my draft squid.conf file, and my configure options when I built
squid..
NOTE ** I am now looking to turn both of my squid servers into cache peers
of each other. Both machines have two network interfaces, and I plan on
dedicating one of these for a "private" LAN connection solely for ICP use.
Am I stating this properly within my squid.conf? I wish to ensure that
inter-caching a) does not leak out of interface A, only interface B (my
private LAN) and that between these two machines on LAN B (again, private
LAN), that they are able to access each others cache freely.
Thank you all!
.vp
----------BUILD LINE-------
./configure --prefix=/opt/squid/current --enable-storeio=ufs,aufs
--enable-icmp --enable-err-languages=English
--enable-default-err-language=English --disable-hostname-checks
--enable-underscores --enable-stacktrace --enable-async-io --enable-snmp
--enable-removal-policies=heap,lru
## Is there any purpose to specifying both ufs *and* aufs for
--enable-storeio?
## I built with just aufs and it seems to be working fine, though I haven't
really
## stressed it much.
-------- SQUID.CONF -------
http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir aufs /usr/local/squid/cache 51200 64 256
# Increase maximum object size ?
maximum_object_size 32 MB
# Use this instead?
# maximum_object_size 5000000 KB
cache_mem 4 MB
cache_swap_low 97
cache_swap_high 100
ipcache_size 4096
ipcache_low 90
ipcache_high 95
fqdncache_size 4096
buffered_logs off
# Use heap LFUDA replacement policy:
cache_replacement_policy heap LFUDA
cache_access_log /usr/local/squid/var/logs/access.log
# cache_access_log /usr/local/squid/cache
# cache_log /dev/null
# cache_store_log none
ftp_user squid_ftp@
# Keep?
# diskd_program /usr/local/squid/libexec/diskd
debug_options ALL,1
#reference_age 6 month
quick_abort_min 1 KB
quick_abort_max 1048576 KB
quick_abort_pct 90
connect_timeout 30 seconds
read_timeout 5 minutes
request_timeout 30 seconds
client_lifetime 2 hour
half_closed_clients off
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 15 seconds
# request_body_max_size 50 MB
request_header_max_size 100 KB
request_body_max_size 1000 KB
refresh_pattern ^ftp: 1440 50% 86400
reload-into-ims
refresh_pattern ^gopher: 1440 0% 1440
reload-into-ims
refresh_pattern . 0 50% 86400
reload-into-ims
acl DIALUPS src 192.168.0.0/16
acl IntraNet_One src 12.20.0.0/16
acl IntraNet_Two src 12.30.0.0/16
acl BACKUPS src 12.40.0.0/16
acl ICP_ONE src 10.20.30.2/255.255.255.252
acl ICP_ONE src 10.20.30.2/255.255.255.252
#
# Everyone Else
#
acl all src 0.0.0.0/255.255.255.255
#
http_access allow DIALUPS
http_access allow IntraNet_One
http_access deny IntraNet_Two
http_access allow BACKUPS
#
http_access deny all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
#
# Define Safe Ports to use.
#
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
#
# Define SSL Ports
#
acl SSL_ports port 443 563
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# http_access allow all
#
# ??? One per each network as above?
#
http_reply_access allow Remote_Access
#
http_reply_access allow DIALUPS
http_reply_access allow IntraNet_One
http_reply_access deny IntraNet_Two
http_reply_access allow BACKUP
#
http_reply_access deny all
cache_mgr squidmgr@xxxxxxxxxx
visible_hostname squidproxy-1
logfile_rotate 14
coredump_dir /usr/local/squid/var/cache
cache_effective_user nobody
cache_effective_group nobody
# CACHE PEER
icp_port 3130
# icp_access allow all
# Is this correct?
icp_access allow ICP_ONE
icp_access allow ICP_TWO
#
cache_peer 10.20.30.2 sibling 3128 3130
# The other host has
# cache_peer 10.20.30.3 sibling 3128 3130
peer_connect_timeout 10 seconds
dns_testnames localhost
------- END OF SQUID.CONF FILE ----
From: Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re: Large Solaris (2.8) Squid Server Advice Needed
Date: Thu, 10 Nov 2005 10:37:59 +0100
On 08.11 14:01, Vadim Pushkin wrote:
> My responses below. Thank you all for the assistance, very much
> appreciated. Is anyone interested in my posting the final squid.conf
when
> this is all said and done?
> >I hope you configured squid with heap removal policies and async IO
allowed
>
> I've configured squid like this:
>
> ./configure --prefix=/usr/local/squid --enable-storeio=diskd,ufs
--enable-i
> cmp --enable-snmp --enable-err-languages=English
> --enable-default-err-language=E
> nglish --disable-hostname-checks --enable-underscores
--enable-stacktrace
>
> What am I missing, if anything?
> These?
>
> --enable-heap-replacement
--enable-removal-policies=heap,lru
> --enable-async-io[=N_THREADS] (Leave N blank?)
yes.
> I will test with your suggests using aufs. Thank you very much, though
I
> did not even think of using aufs as an option. Shall I compile like
this?
>
> --with-aufs-threads=N_THREADS (Leave N blank?, or do not use?)
i think you don't need to use this
> --enable-storeio=ufs,aufs
yes.
> At the moment I am having a discussion on why we should not be using
> Veritas Disk Suite, I couldn't care less if we lose this data, and the
> mirror overhead will slow things down alot, no?
if you have HW mirror, it should not slow writes much, but it would speed
up
reads. it depends how much will you miss your cache if you loose it.
