> Squid starts as root and then becomes another user. > It shouldn't pose a security risk - the amount of code running as root > is very, very minimal. > > > > adrian > > On Wed, Feb 06, 2008, kk CHN wrote: >> Hi People ; >> >> Thanks for your reply , thanks to Adrain Chadds tips . >> I edited the init script & changed the squid user to root , now its >> working for port 80 , >> >> I would like to clarify the following Three questions >> >> Question 1 ) Is there any security issues for running squid as root >> ? >> >> >> >> I am setting up my squid as http accelerator , so squid will handle >> the request first , then handed over it to Apache (which is now Listen >> on 81) then from Apache to my zope(which is on port :8080) >> >> >> so what I added in squid is >> >> http_prot 80 accel vhost >> >> cache_peer 127.0.0.1 parent 81 0 originserver default >> http_access allow from all >> ############## >> >> my apache Listen on 81 >> and the vhost entry for my site is like this >> >> NameVirtualHost *:81 >> <VirtualHost *:81> >> RewriteEngine On >> RewriteRule ^/(.*) >> http://127.0.0.1:8080/VirtualHostBase/http/demo.mysite.net:81/mysite/VirtualHostRoot/$1 >> [L,P] >> ErrorLog /var/log/apache/demo.mysite.net/error_log >> CustomLog /var/log/apache/demo.mysite.net/access.log combined >> </VirtualHost> >> >> >> Previously This site was too slow when I use apache infront of zope >> , so all request is coming to apche then apache Rewrite rule will hand >> over the request to zope:8080 >> >> Now in the new setup squid is infront , >> >> question 2 ) how can I check to make sure the squid is handling all >> the request first , and so its performance as an http accelerator ? Make sure the domain DNS points at squid machines IP. As a backup you can check the apache logs to see if any requests are coming from other places than squid. >> >> question 3) I have a number of VirtualHost (name based) entries in my >> apache , so running the sqid in front on port :80 , did accelerate >> the speed of my vhost sites ? Yes, all the ones squid is configured to accept. With one provision. The files coming from apache have Cache_Control or Expires headers properly. Without them squid gives less gain than when present. >> >> Looking for your valuable comments on this setup , >> >> I am looking for the pros/cons of this setup squid-->apache--> >> applications >> >> Thanks in advance for your valuable feedback as early as possible >> KK Thats what we use here. With a small mix of site bypassing Apache entirely and going straight squid->application where its a domain-level application. We've had no problems with the acceleration bit since starting. Amos Treehouse Networks Ltd. www.treenet.co.nz
