Dnia środa, 22 lutego 2006 23:57, Chris Robertson napisał: [cut] > > The answer to that question is dependant on a whole host of variables, such > as ACLs used, whether it's a proxy or an accelerator, the types of clients > accessing it (client latency has a dramatic effect on CPU usage), types of > content retrieved, how your cache_dirs are defined, etc. > > Various things that can reduce Squid performance: > > * regex based ACLs acl badURL url_regex -i .wmf$ #^ remove wmf after security leaks on ms wmf file format acl mGG url_regex ^http://adserver.gadu[\-]?gadu.pl/.*$ redirector_access deny !mGG redirector_bypass on redirect_program /home/gg_rewrite #^redirector ro replece banner in popular polish comunicator acl QUERY urlpath_regex cgi-bin \? #typical patterns refresh_pattern -i (.*jpg$|.*gif$|.*png$) 0 50% 28800 refresh_pattern -i (.*html$|.*htm|.*shtml|.*php) 0 20% 1440 refresh_pattern . 0 20% 4320 > * High latency clients What do you mean "high latecy clients"? > * blocking cache_dir configuration (e.g. using "ufs" instead of "aufs" or > "diskd") cache_dir aufs /var/cache/squid/dysk1 30000 32 256 cache_dir aufs /var/cache/squid/dysk2 30000 32 256 2x wd raptor 36GB > * Anti-virus scanning second processor have lot of free time, but first i must tune up squid to ~130-140 req/s > * Slow authentication back ends I don't have authentication backends, ACL from IP (acces filtered by netfilter too) > If none of these issues covers your problem, you might look into > "experimental" solutions such as the epoll patch > (http://devel.squid-cache.org/projects.html#epoll). I recompiled withoud several options and with patch http://devel.squid-cache.org/cgi-bin/diff2/epoll-2_5.patch?s2_5 aragorn squid # squid -v Squid Cache: Version 2.5.STABLE12 configure options: --prefix=/usr --bindir=/usr/bin --exec-prefix=/usr --sbindir=/usr/sbin --localstatedir=/var --mandir=/usr/share/man --sysconfdir=/etc/squid --libexecdir=/usr/lib/squid --enable-auth=basic,digest,ntlm --enable-removal-policies=lru,heap --enable-linux-netfilter --enable-truncate --with-pthreads --enable-epool --disable-follow-x-forwarded-for --host=x86_64-pc-linux-gnu --disable-snmp --disable-ssl --enable-underscores --enable-storeio='diskd,coss,aufs,null' --enable-async-io fragmenst of squid.conf: -- cut -- http_port [ip:port] hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 512 MB maximum_object_size 16384 KB maximum_object_size_in_memory 16 KB cache_replacement_policy heap GDSF memory_replacement_policy heap GDSF cache_dir aufs /var/cache/squid/dysk1 30000 32 256 cache_dir aufs /var/cache/squid/dysk2 30000 32 256 cache_access_log /var/log/squid/access.log cache_store_log none mime_table /etc/squid/mime.conf redirect_children 15 auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off request_header_max_size 20 KB refresh_pattern -i (.*jpg$|.*gif$|.*png$) 0 50% 28800 refresh_pattern -i (.*html$|.*htm|.*shtml|.*php) 0 20% 1440 refresh_pattern . 0 20% 4320 half_closed_clients off acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl administracja src 82.160.43.0/24 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT cache_mgr admin http_access allow manager localhost http_access allow manager administracja http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl badURL url_regex -i .wmf$ acl mGG url_regex ^http://adserver.gadu[\-]?gadu.pl/.*$ redirector_access deny !mGG redirector_bypass on redirect_program /home/gg_rewrite acl spywaredomains dstdomain src "/etc/squid/spywaredomains.txt" acl our_networks src 82.160.43.0/24 82.160.129.0/24 http_access deny badURL http_access deny spywaredomains http_access allow our_networks http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all cache_mgr admin@xxxxxx visible_hostname w3cache.abp.pl httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on dns_testnames onet.pl wp.pl microsoft.com abp.pl logfile_rotate 10 append_domain .abp.pl forwarded_for off log_icp_queries off cachemgr_passwd [cut] all buffered_logs on coredump_dir /var/cache/squid store_dir_select_algorithm least-load -- cut -- Thanks for advice. -- Tomasz Kolaj
