> Hi List, > > I've being testing and studying squid for almost two weeks now and I'm > getting no results. I already understood the problems related to http > headers where in most cases web servers administrators or programmers > are creating more and more dynamic data which is bad for caching. So, > I installed CentOS 5 along with 2.6.STABLE6 using yum install and set > only an ACL for my internal network. After that I set also > visible_hostname to localhost since quid was complaining about it. Your DNS is broken silghtly. Any web-service mserver should have a FQDN for its hostname. Many programs like squid use the hostname in their connections outward, and many validate all connecting hosts before accepting data traffic. > Now, as I a stated already I read a lot regarding to squid including > some tips in order to optimize sda access or increasing memory size > limit but shouldn't squid be working great out-of-the-box?! Oh, I It does ... for a generic 1998-era server. To work these days the configuration is very site-specific. > forgot my problem is that on mysar that I installed in order to see > the performance I only see 0% of TRAFFIC CACHE PERCENT when already > visited almost 300 websites. In some ocassions I see 10% or even > 30/40% but for almost of 98% of websites I get 0%. The would be ones including '?' in the URI methinks. > > So my questions are: > - Should Squid be taking only in consideration for large environments > with hundreds or even thousands of people accessing web?! > - In these days a proxy like Squid for caching purposes is more a > "have to have" or a "must to have" when for almost every site proxy's > are skipped and the wan speed access are increasing every day now!? > > Thanks! > > By the way: > > I intend use Squid for caching purposes only since I already have > Cisco based QOS and bandwidth management. My deploying site as only at > most 5 people accessing web simultaneous under a 8Mb dsl connection. Well then as said earlier, you need more than 100MB of data cache, and probably more than 64MB of RAM cache. > My current config is: > > http_port 3128 > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > cache deny QUERY Right here you are non-caching a LOT of websites, some of which are actually cachable. We now recommend using 2.6STABLE17 with some new refresh_pattern set instead. refresh_pattern cgi-bin 0 0% 0 refresh_pattern \? 0 0% 0 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 > acl apache rep_header Server ^Apache > broken_vary_encoding allow apache > cache_mem 64 MB > maximum_object_size 40 MB You will get at most 3 of these in the cache the way things are. It will also skip most video and download content. To do bandwidth-saving you should have gigs of disk available, and max object should be at least 720MB. > access_log /var/log/squid/access.log squid > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > acl myNetwork src 10.10.1.0/255.255.255.0 > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > http_access allow myNetwork > http_access deny all > http_reply_access allow all > icp_access allow all Stand alone squid does not need ICP. Drop that. > cache_effective_user squid > cache_effective_group squid These are better left to the OS. Slight misconfigurations here can really screw your system security. > delay_pools 1 > delay_class 1 1 > delay_parameters 1 -1/-1 These are useless. The delay_parameters effectivly say no pooling. > coredump_dir /var/spool/squid > visible_hostname localhost This soulhd be a publicly accessible FQDN. It is the name squid connects outbound with. If the machine is a server (likely) its hostname should be a FQDN to communicate well with the Internet. Amos
