Search squid archive

Re: large config file issues?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 24/08/11 05:51, Daniel Alfonso wrote:

Hello, Squid noob here...



Squid version please?


I have about 250 or so different sites that I want to setup in SSL reverse proxy mode
I have a unique ip bound per site and the 250+ ips are responding on the interface
I am using the following template to build my config and running into parsing issues (lines may wrap in email)

"
http_port SQUIDSERVERIP:80 accel defaultsite=www.DOMAIN
https_port SQUIDSERVERIP:443 accel cert=/certs/DOMAIN.crt key=/certs/DOMAIN.key cafile=/certs/gd_bundle.crt defaultsite=www.DOMAIN
cache_peer ORIGINSERVERIP parent 80 0 no-query originserver name=SITENAMEaccel
acl SITENAMEacl dstdomain www.DOMAIN
acl SITENAMEacl dstdomain DOMAIN
cache_peer_access SITENAMEaccel allow SITENAMEacl
http_access allow SITENAMEacl
"

1 or 2 sites work ok, but at 1700+ lines full config does not work. I get random parse errors which leads me to believe I'm not building this config as efficiently as I could
Really? Inefficient config should only impact the performance. The only size limits in squid.conf are individual line lengths (256 bytes in some versions, a few KB in others). And total available RAM. - if you have long domain names, you will probably want to convert those key filenames to IP-indexed and compact them into a .PEM file for loading.
Take a good look (squid -k parse) at the lines its complaining about. And why. * Do you have any entries with duplicate values? With this template only ORIGINSERVERIP can be repeated in the whole database of clients. - you may need to alter your template into several pieces. Producing a separate list of unique values for each of cache_peer, https_port and acl records.
If you have a version 3.1+ or 2.7 you can use include directive to grok an entire directory of config snippets. 

ie:
 include /etc/squid/squid.conf.d/*
To improve speed I'd cut the http_access down to one line following the templates: 
  http_access allow allSites

And change the template acl lines to be:
"
 acl allSites dstdomain .DOMAIN
 acl SITENAMEacl dstdomain .DOMAIN
"


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.14
  Beta testers wanted for 3.2.0.10
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux