Search squid archive

Re: No great results after 2 weeks with squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Hi List,
>
> I've being testing and studying squid for almost two weeks now and I'm
> getting no results. I already understood the problems related to http
> headers where in most cases web servers administrators or programmers
> are creating more and more dynamic data which is bad for caching. So,
> I installed CentOS 5 along with 2.6.STABLE6 using yum install and set
> only an ACL for my internal network. After that I set also
> visible_hostname to localhost since quid was complaining about it.

Your DNS is broken silghtly. Any web-service mserver should have a FQDN
for its hostname. Many programs like squid use the hostname in their
connections outward, and many validate all connecting hosts before
accepting data traffic.

> Now, as I a stated already I read a lot regarding to squid including
> some tips in order to optimize sda access or increasing memory size
> limit but shouldn't squid be working great out-of-the-box?! Oh, I

It does ... for a generic 1998-era server.
To work these days the configuration is very site-specific.

> forgot my problem is that on mysar that I installed in order to see
> the performance I only see 0% of TRAFFIC CACHE PERCENT when already
> visited almost 300 websites. In some ocassions I see 10% or even
> 30/40% but for almost of 98% of websites I get 0%.

The would be ones including '?' in the URI methinks.

>
> So my questions are:
> - Should Squid be taking only in consideration for large environments
> with hundreds or even thousands of people accessing web?!
> - In these days a proxy like Squid for caching purposes is more a
> "have to have" or a "must to have" when for almost every site proxy's
> are skipped and the wan speed access are increasing every day now!?
>
> Thanks!
>
> By the way:
>
> I intend use Squid for caching purposes only since I already have
> Cisco based QOS and bandwidth management. My deploying site as only at
> most 5 people accessing web simultaneous under a 8Mb dsl connection.

Well then as said earlier, you need more than 100MB of data cache, and
probably more than 64MB of RAM cache.

> My current config is:
>
> http_port 3128
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY

Right here you are non-caching a LOT of websites, some of which are
actually cachable.

We now recommend using 2.6STABLE17 with some new refresh_pattern set instead.

  refresh_pattern cgi-bin 0 0% 0
  refresh_pattern \? 0 0% 0
  refresh_pattern ^ftp: 1440 20% 10080
  refresh_pattern ^gopher: 1440 0% 1440
  refresh_pattern . 0 20% 4320


> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> cache_mem 64 MB
> maximum_object_size 40 MB

You will get at most 3 of these in the cache the way things are.
It will also skip most video and download content. To do bandwidth-saving
you should have gigs of disk available, and max object should be at least
720MB.

> access_log /var/log/squid/access.log squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl myNetwork src 10.10.1.0/255.255.255.0
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow myNetwork
> http_access deny all
> http_reply_access allow all
> icp_access allow all

Stand alone squid does not need ICP. Drop that.

> cache_effective_user squid
> cache_effective_group squid

These are better left to the OS. Slight misconfigurations here can really
screw your system security.

> delay_pools 1
> delay_class 1 1
> delay_parameters 1 -1/-1

These are useless. The delay_parameters effectivly say no pooling.

> coredump_dir /var/spool/squid
> visible_hostname localhost

This soulhd be a publicly accessible FQDN. It is the name squid connects
outbound with. If the machine is a server (likely) its hostname should be
a FQDN to communicate well with the Internet.


Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux