Search squid archive

Re: low squid performance?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dnia środa, 22 lutego 2006 23:57, Chris Robertson napisał:
[cut]
>
> The answer to that question is dependant on a whole host of variables, such
> as ACLs used, whether it's a proxy or an accelerator, the types of clients
> accessing it (client latency has a dramatic effect on CPU usage), types of
> content retrieved, how your cache_dirs are defined, etc.
>
> Various things that can reduce Squid performance:
>
> * regex based ACLs
acl badURL url_regex -i .wmf$
#^ remove wmf after security leaks on ms wmf file format
acl mGG url_regex ^http://adserver.gadu[\-]?gadu.pl/.*$
redirector_access deny !mGG
redirector_bypass on
redirect_program /home/gg_rewrite
#^redirector ro replece banner in popular polish comunicator

acl QUERY urlpath_regex cgi-bin \?

#typical patterns
refresh_pattern -i (.*jpg$|.*gif$|.*png$) 0 50% 28800
refresh_pattern -i (.*html$|.*htm|.*shtml|.*php) 0 20% 1440
refresh_pattern .               0       20%     4320

> * High latency clients

What do you mean "high latecy clients"?

> * blocking cache_dir configuration (e.g. using "ufs" instead of "aufs" or
> "diskd") 
cache_dir aufs /var/cache/squid/dysk1 30000 32 256
cache_dir aufs /var/cache/squid/dysk2 30000 32 256
2x  wd raptor 36GB

> * Anti-virus scanning 

second processor have lot of free time, but first i must tune up squid to 
~130-140 req/s

> * Slow authentication back ends
I don't have authentication backends, ACL from IP (acces filtered by netfilter 
too)

> If none of these issues covers your problem, you might look into
> "experimental" solutions such as the epoll patch
> (http://devel.squid-cache.org/projects.html#epoll).

I recompiled withoud several options and with patch 
http://devel.squid-cache.org/cgi-bin/diff2/epoll-2_5.patch?s2_5

aragorn squid # squid -v
Squid Cache: Version 2.5.STABLE12
configure options:  --prefix=/usr --bindir=/usr/bin --exec-prefix=/usr 
--sbindir=/usr/sbin --localstatedir=/var --mandir=/usr/share/man 
--sysconfdir=/etc/squid --libexecdir=/usr/lib/squid 
--enable-auth=basic,digest,ntlm --enable-removal-policies=lru,heap 
--enable-linux-netfilter --enable-truncate --with-pthreads --enable-epool 
--disable-follow-x-forwarded-for --host=x86_64-pc-linux-gnu --disable-snmp 
--disable-ssl --enable-underscores --enable-storeio='diskd,coss,aufs,null' 
--enable-async-io


fragmenst of squid.conf:
-- cut -- 
http_port [ip:port]
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 512 MB
maximum_object_size 16384 KB
maximum_object_size_in_memory 16 KB
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /var/cache/squid/dysk1 30000 32 256
cache_dir aufs /var/cache/squid/dysk2 30000 32 256
cache_access_log /var/log/squid/access.log
cache_store_log none
mime_table /etc/squid/mime.conf
redirect_children 15
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
request_header_max_size 20 KB
refresh_pattern -i (.*jpg$|.*gif$|.*png$) 0 50% 28800
refresh_pattern -i (.*html$|.*htm|.*shtml|.*php) 0 20% 1440
refresh_pattern .               0       20%     4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl administracja src 82.160.43.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
cache_mgr admin
http_access allow manager localhost
http_access allow manager administracja
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl badURL url_regex -i .wmf$
acl mGG url_regex ^http://adserver.gadu[\-]?gadu.pl/.*$
redirector_access deny !mGG
redirector_bypass on
redirect_program /home/gg_rewrite
acl spywaredomains dstdomain src "/etc/squid/spywaredomains.txt"
acl our_networks src 82.160.43.0/24 82.160.129.0/24
http_access deny badURL
http_access deny spywaredomains
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr admin@xxxxxx
visible_hostname w3cache.abp.pl
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
dns_testnames onet.pl wp.pl microsoft.com abp.pl
logfile_rotate 10
append_domain .abp.pl
forwarded_for off
log_icp_queries off
cachemgr_passwd [cut] all
buffered_logs on
coredump_dir /var/cache/squid
store_dir_select_algorithm least-load
-- cut --


Thanks for advice.
-- 
Tomasz Kolaj


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux