BTW, on the below post, I just wanted to let everyone know that it is not a bandwidth issue that I can tell. We are using about 5-10Mbps of our 20Mbps line. Scott On Fri, Feb 14, 2014 at 9:03 AM, Scott Mayo <scotgmayo@xxxxxxxxx> wrote: > Finally got my new server with a newer version of squid on it up and > going. I am still having a few slowness issues. Trying to decide > exactly what it is. I'll know a bit more as the day goes along. > Right now I have disabled the icap service to take it out of the way. > Here are a few statistics and my squid.conf if someone has a > suggestion. > > Squid server is: > i3-2100 @ 3.10GHz with 4 cores > 8GB Ram > 160GB HDD > Centos 6.5 > Squid 3.1 > Private NIC is a 1Gb NIC > Public NIC is a 100Mb NIC > Internet connection is 20Mbps > > I probably have a total of 150 users on at once maybe. > > Sometimes I get a "Unable to connect to Proxy" when students all get > to class and start logging on. If they hit refresh a time or two, > then they will be prompted for authentication. Sometimes it is quite > slow to pull up a website (5-30 seconds). > > I have watched 'top' and basically all CPUs are usuallly around 0.3 to > 0.7 percent. I have seen them get up to 2.0 to 5.0 percent, but > nothign extremely bad. I usually have around 5Gb-5.5Gb of memory free > and I don't ever see any swap used. Load averages are around 0.0.2, > 0.0.1, 0.0.0 > > Below is my squid.conf if anyone has any suggestions of someting that > may be slowing things down. At this point I am a bit lost since I > have the icap turned off. Those files that have domains in them are > not too big. Probably nothing more than 50 domains in any one file > and maybe a total of a couple hundred. > > Thanks. > > icap_enable off > icap_preview_enable on > icap_preview_size 4096 > icap_persistent_connections on > icap_send_client_ip on > icap_send_client_username on > icap_client_username_header X-Client-Username > icap_service qlproxy1 reqmod_precache bypass=0 icap://127.0.0.1:1344/reqmod > icap_service qlproxy2 respmod_precache bypass=0 icap://127.0.0.1:1344/respmod > > #use for LDAP authentication > auth_param basic program /usr/lib64/squid/squid_ldap_auth -b > "dc=school,dc=org" -f "uid=%s" -h 192.168.0.250 > external_acl_type teachers %LOGIN /usr/lib64/squid/squid_ldap_group -b > "dc=school,dc=org" -f "(&(cn=%g)(MemberUid=%u))" -h 192.168.0.250 > auth_param basic children 40 startup=5 idle=10 concurrency=150 > auth_param basic credentialsttl 9 hours > acl ldap_username proxy_auth REQUIRED > > visible_hostname filter > cache_mem 256 MB > > acl manager proto cache_object > acl localhost src 127.0.0.1/32 ::1 > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 > > acl qlproxy_icap_edomains dstdomain > "/etc/opt/quintolabs/qlproxy/squid/icap_exclusions_domains.conf" > acl qlproxy_icap_etypes rep_mime_type > "/etc/opt/quintolabs/qlproxy/squid/icap_exclusions_contenttypes.conf" > acl bps_exceptions dstdomain "/filter/urls/ok/domains" > acl teacher_group external teachers teacher > acl teacher_exception_list dstdomain "/filter/urls/teacher/exceptionsitelist" > acl no_cache_sites dstdomain "/filter/urls/no_cache_sites" > acl safe_url_sites dstdomain "/filter/urls/safe_url_sites" > acl walsworth_sites dstdomain "/filter/urls/walsworth_sites" > acl bpsblocked dstdomain "/filter/urls/blocked/domains" > acl banned_users proxy_auth baduser > acl windows_update dstdomain .windowsupdate.com .microsoft.com > > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > acl localnet src fc00::/7 # RFC 4193 local private network range > acl localnet src fe80::/10 # RFC 4291 link-local (directly > plugged) machines > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > adaptation_access qlproxy2 deny bps_exceptions > adaptation_access qlproxy1 deny bps_exceptions > adaptation_access qlproxy1 deny safe_url_sites > adaptation_access qlproxy2 deny safe_url_sites > adaptation_access qlproxy1 deny walsworth_sites > adaptation_access qlproxy2 deny walsworth_sites > adaptation_access qlproxy1 deny teacher_exception_list teacher_group > adaptation_access qlproxy2 deny teacher_exception_list teacher_group > adaptation_access qlproxy1 deny qlproxy_icap_edomains > adaptation_access qlproxy2 deny qlproxy_icap_edomains > adaptation_access qlproxy2 deny qlproxy_icap_etypes > adaptation_access qlproxy1 allow all > adaptation_access qlproxy2 allow all > > http_access allow manager localhost > http_access deny manager > > cache deny no_cache_sites > cache deny walsworth_sites > > http_access deny !Safe_ports > > http_access deny CONNECT !SSL_ports > > http_access allow bps_exceptions > http_access allow windows_update > http_access deny bpsblocked !teacher_group > http_access deny banned_users > http_access allow localnet > http_access allow ldap_username > http_access allow localhost > > http_access deny all > > http_port 8080 > > hierarchy_stoplist cgi-bin ? > > cache_dir ufs /var/spool/squid 10000 16 256 > > coredump_dir /var/spool/squid > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > > > -- > Scott Mayo
