Dnia czwartek, 23 lutego 2006 16:17, Matus UHLAR - fantomas napisał:
> On 23.02 14:25, Tomasz Kolaj wrote:
> > Dnia czwartek, 23 lutego 2006 11:32, napisałeś:
> > > On 22.02 23:13, Tomasz Kolaj wrote:
> > > > I observed have too low performance. On 2x 64bit Xeon 2,8GHz 2GB
> > > > DDR2, 2x WD RAPTOR Squid 2.5.STABLE12 can answer max for 120
> > > > requests/s. 115 r/s - 97-98% usage of first processor. Second is
> > > > unusable for squid :/. I have two cache_dirs (aufs). One pre disk.
> > >
> > > Maybe you have too many ACL's?
> >
> > I pasted my squid.conf in one of last posts. I have much of addresses
> > bloacked in file spywaredomains.txt
>
> sorry - the thread was broken and I didn't see it. (b)lame mailers who
> break threads by not using References: or at least In-Reply-To: headers...
Ok, my mistake possible:
-- cut --
aragorn ~ # cat /etc/squid/squid.conf | grep -v "^#" | tr -s '\n'
http_port 82.160.43.14:3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 612 MB
maximum_object_size 8192 KB
maximum_object_size_in_memory 8 KB
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /var/cache/squid/dysk1 30000 32 256
cache_dir aufs /var/cache/squid/dysk2 30000 32 256
cache_access_log none
cache_store_log none
mime_table /etc/squid/mime.conf
redirect_children 15
request_header_max_size 20 KB
refresh_pattern -i (.*jpg$|.*gif$|.*png$) 0 50% 28800
refresh_pattern -i (.*html$|.*htm|.*shtml|.*php) 0 20% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl our_networks src 82.160.43.0/24 82.160.129.0/24
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
cache_mgr admin
http_access allow manager localhost
http_access allow manager our_networks
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl mGG dstdomain .adserver.gadugadu.pl .adserver.gadu-gadu.pl
redirector_access deny !mGG
redirector_bypass on
redirect_program /home/gg_rewrite
acl spywaredomains dstdomain src "/etc/squid/spywaredomains.txt"
http_access deny spywaredomains
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr admin@xxxxxx
visible_hostname w3cache.abp.pl
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
dns_testnames onet.pl wp.pl microsoft.com abp.pl
logfile_rotate 10
append_domain .abp.pl
forwarded_for off
log_icp_queries off
cachemgr_passwd [cut] all
buffered_logs on
coredump_dir /var/cache/squid
store_dir_select_algorithm least-load
-- cut --
> > acl spywaredomains dstdomain src "/etc/squid/spywaredomains.txt"
> > http_access deny spywaredomains
> >
> > but when I remove it from config squid still generate much processor
> > time.
> > What about epool? I aplied patch for squid_2.5 for tests.
>
> I don't think that would help you much. Maybe using external redirector
> (SquidGuard?) instead of squid itself would help - it may reside on another
> CPU, while squid it one-CPU-process.
External redirector? But im redirecting only few requests, (to gadu-gadu
addserver).
squid compiled with options:
aragorn ~ # squid -v
Squid Cache: Version 2.5.STABLE12
configure options: --prefix=/usr --bindir=/usr/bin --exec-prefix=/usr
--sbindir=/usr/sbin --localstatedir=/var --mandir=/usr/share/man
--sysconfdir=/etc/squid --libexecdir=/usr/lib/squid
--enable-auth=basic,digest,ntlm --enable-removal-policies=lru,heap
--enable-linux-netfilter --enable-truncate --with-pthreads --enable-epoll
--enable-time-hack --disable-follow-x-forwarded-for
--host=x86_64-pc-linux-gnu --disable-snmp --enable-ssl --enable-underscores
--enable-storeio='diskd,coss,aufs,null' --enable-async-io
with flags:
CFLAGS="-march=nocona -O3 -pipe -fomit-frame-pointer -ffast-math
-funroll-all-loops"
CXXFLAGS="${CFLAGS} -fno-enforce-eh-specs"
LDFLAGS="-Wl,-O1 -Wl,-Bdirect -Wl,-hashvals -Wl,-zdynsort"
Regards,
--
Tomasz
