On Tue, 18 Dec 2007, Amos Jeffries wrote:
Hi List,
I've being testing and studying squid for almost two weeks now and I'm
getting no results. I already understood the problems related to http
headers where in most cases web servers administrators or programmers
are creating more and more dynamic data which is bad for caching. So,
I installed CentOS 5 along with 2.6.STABLE6 using yum install and set
only an ACL for my internal network. After that I set also
visible_hostname to localhost since quid was complaining about it.
Your DNS is broken silghtly. Any web-service mserver should have a FQDN
for its hostname. Many programs like squid use the hostname in their
connections outward, and many validate all connecting hosts before
accepting data traffic.
Now, as I a stated already I read a lot regarding to squid including
some tips in order to optimize sda access or increasing memory size
limit but shouldn't squid be working great out-of-the-box?! Oh, I
It does ... for a generic 1998-era server.
To work these days the configuration is very site-specific.
forgot my problem is that on mysar that I installed in order to see
the performance I only see 0% of TRAFFIC CACHE PERCENT when already
visited almost 300 websites. In some ocassions I see 10% or even
30/40% but for almost of 98% of websites I get 0%.
The would be ones including '?' in the URI methinks.
So my questions are:
- Should Squid be taking only in consideration for large environments
with hundreds or even thousands of people accessing web?!
- In these days a proxy like Squid for caching purposes is more a
"have to have" or a "must to have" when for almost every site proxy's
are skipped and the wan speed access are increasing every day now!?
Thanks!
By the way:
I intend use Squid for caching purposes only since I already have
Cisco based QOS and bandwidth management. My deploying site as only at
most 5 people accessing web simultaneous under a 8Mb dsl connection.
Well then as said earlier, you need more than 100MB of data cache, and
probably more than 64MB of RAM cache.
My current config is:
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
Right here you are non-caching a LOT of websites, some of which are
actually cachable.
We now recommend using 2.6STABLE17 with some new refresh_pattern set instead.
refresh_pattern cgi-bin 0 0% 0
refresh_pattern \? 0 0% 0
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
also add these refresh_pattern lines here and see if it helps...
refresh_pattern -i \.exe$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.zip$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.tar\.gz$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.tgz$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.mp3$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.ram$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.jpeg$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.gif$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.wav$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.avi$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.mpeg$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.mpg$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.pdf$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.ps$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.Z$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.doc$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.ppt$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.tiff$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.snd$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.jpe$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.midi$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.ico$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.mp3$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.bin$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.jpg$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.wmv$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.flv$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern -i \.swf$ 10080 90% 999999 reload-into-ims
ignore-no-cache override-expire ignore-private
refresh_pattern . 0 35% 6480
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 64 MB
maximum_object_size 40 MB
You will get at most 3 of these in the cache the way things are.
It will also skip most video and download content. To do bandwidth-saving
you should have gigs of disk available, and max object should be at least
720MB.
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl myNetwork src 10.10.1.0/255.255.255.0
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow myNetwork
http_access deny all
http_reply_access allow all
icp_access allow all
Stand alone squid does not need ICP. Drop that.
cache_effective_user squid
cache_effective_group squid
These are better left to the OS. Slight misconfigurations here can really
screw your system security.
delay_pools 1
delay_class 1 1
delay_parameters 1 -1/-1
These are useless. The delay_parameters effectivly say no pooling.
also
reload_into_ims on
Manoj
coredump_dir /var/spool/squid
visible_hostname localhost
This soulhd be a publicly accessible FQDN. It is the name squid connects
outbound with. If the machine is a server (likely) its hostname should be
a FQDN to communicate well with the Internet.
Amos
--
