hi,
There are my system informations:
# uname -a
Linux <hostname> 2.6.18-53.el5 #1 SMP Wed Oct 10 16:34:02 EDT 2007 i686
i686 i386 GNU/Linux
Red Hat Enterprise 5.0
# cat /proc/cpuinfo
processor : 0
model name : Intel(R) Pentium(R) 4 CPU 2.80GHz
processor : 1
model name : Intel(R) Pentium(R) 4 CPU 2.80GHz
# top
Mem: 2067440k total, 691124k used, 1376316k free, 190704k buffers
# squid -v
Squid Cache: Version 2.6.STABLE6
configure options: '--build=i686-redhat-linux-gnu'
'--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--includedir=/usr/include' '--libdir=/usr/lib'
'--libexecdir=/usr/libexec' '--sharedstatedir=/usr/com'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--exec_prefix=/usr' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid'
'--localstatedir=/var' '--datadir=/usr/share' '--sysconfdir=/etc/squid'
'--enable-epoll' '--enable-snmp' '--enable-removal-policies=heap,lru'
'--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl'
'--with-openssl=/usr/kerberos' '--enable-delay-pools'
'--enable-linux-netfilter' '--with-pthreads'
'--enable-ntlm-auth-helpers=SMB,fakeauth'
'--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group'
'--enable-auth=basic,digest,ntlm'
'--enable-digest-auth-helpers=password' '--with-winbind-auth-challenge'
'--enable-useragent-log' '--enable-referer-log'
'--disable-dependency-tracking' '--enable-cachemgr-hostname=localhost'
'--enable-underscores'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL'
'--enable-cache-digests' '--enable-ident-lookups' '--with-large-files'
'--enable-follow-x-forwarded-for' '--enable-wccpv2' '--enable-fd-config'
'--with-maxfd=16384' 'CFLAGS=-fPIE -Os -g -pipe -fsigned-char'
'LDFLAGS=-pie' 'build_alias=i686-redhat-linux-gnu'
'host_alias=i686-redhat-linux-gnu' 'target_alias=i386-redhat-linux-gnu'
Squid was installed from a Red Hat RPM package.
---------- squid.conf ----------------------
https_port 10.0.0.1:443 vhost cert=/etc/squid/ssl.crt/server.crt
key=/etc/squid/ssl.key/server.key
acl uc dstdomain webapps.extranet.ext
cache_peer webapps.corporate.com parent 443 0 no-query originserver
name=uc front-end-https=auto no-digest ssl
sslcert=/etc/squid/ssl.crt/server.crt
sslkey=/etc/squid/ssl.key/server.key sslflags=DONT_VERIFY_PEER
cache_peer_access uc allow uc
no_cache deny uc
acl to-ldap dst X.X.X.X
auth_param basic program /usr/lib/squid/squid_ldap_auth -v 3 -b
"ou=archi,dc=valb,dc=val,dc=ecc,dc=fr" -D
"cn=ldap,cn=users,dc=valb,dc=val,dc=ecc,dc=fr" -w ldap -f
"(&(sAMAccountName=%s))" -h X.X.X.X -p 389
auth_param basic realm extranet.ext
auth_param basic children 5
auth_param basic credentialsttl 1 hour
acl corporate_users proxy_auth REQUIRED
dns_nameservers 127.0.0.1
via on #default on
forwarded_for off # default on
visible_hostname Reverse-proxy
coredump_dir /var/spool/squid
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
debug_options ALL,1 33,2
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
http_reply_access allow all
icp_access allow all
http_access allow manager localhost
http_access deny manager
http_access allow corporate_users
http_access allow uc
http_access allow to-ldap localhost
http_access deny all
--------------END----------------------
Sylvain
Haytham KHOUJA a écrit :
Hi,
Please post your entire squid.conf and compiling attributes along with
OS and Hardware
On Fri, Jul 18, 2008 at 5:38 PM, Sylvain Beaux <sylvain.beaux@xxxxxxxxx> wrote:
Hi,
I need some advises to design SQUID as a reverse proxy for many web
apps(~ 20 servers)
There will be 500 users using this system 24/7.
Each users will have 2 permanent connections using chunk encoding and
1 connection using HTTP keep alive mechanism.
Finally Squid will have to process 1000 simultaneous permanent
connections and 500 "control" connections.
An other point is that squid will have to rewrite the HTTP Location
header to support HTTP 302 redirection.
I made some tests with the Apache ab product on a 2.6 STABLE 6.
I tests 1000 simultaneous connections using keep alive. each
connections request 3 times the same url. I aims to test SQUID in a
heavy load and simulate 1000 permanent connections
This test, unfortunatly, was not really good: 2838 requests failed.
Concurrency Level: 1000
Time taken for tests: 44.672 seconds
Complete requests: 3000
Failed requests: 2838
I were 3 main errors during the test :
X-Squid-Error: ERR_SOCKET_FAILURE 24
X-Squid-Error: ERR_CONNECT_FAIL 71
X-Squid-Error: ERR_CANNOT_FORWARD 0
Is there a limitation on SQUID for simultaneous users like limited tcp
port range or something else ?
thanks
Sylvain
