I cron those for memory, try it.
0 */1 * * * root /usr/sbin/sysctl -w vm.drop_caches=3 0 */1 * * * root /bin/sync && /bin/echo 3 | /usr/bin/tee /proc/sys/vm/drop_cache From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of minh hung d? hoang
Sent: Wednesday, February 7, 2018 9:35 AM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: 3.5.20 run out of my memory. Dear all, i use squid 3.5.20 on ubuntu14 in TPROXY mode. With basic config in squid.conf, but squid is run out of my server's memory. Here is my configure option :
'--prefix=/usr' '--includedir=/usr/include' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/usr/lib/squid' '--srcdir=.' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=24' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-gnuregex' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-http-violations' '--enable-ssl-crtd' '--enable-linux-netfilter' '--enable-ltdl-install' '--enable-ltdl-convenience' '--enable-x-accelerator-vary' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--disable-translation' '--disable-ipv6' '--disable-ident-lookups' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-aufs-threads=24' '--with-filedescriptors=65536' '--with-large-files' '--with-maxfd=65536' '--with-openssl' '--with-default-user=proxy' '--with-included-ltdl'
--------------------------------------
And i apply this patch before compile for disabling host forgery checks :
+diff -ur squid-3.5.20-orig/src/client_side_request.cc squid-3.5.20/src/client_side_request.cc
+--- squid-3.5.20-orig/src/client_side_request.cc 2016-07-01 13:37:50.000000000 +0200
++++ squid-3.5.20/src/client_side_request.cc 2017-03-10 16:48:08.920084072 +0100
+@@ -530,6 +530,10 @@
+ }
+ debugs(85, 3, HERE << "validate IP " << clientConn->local << " non-match from Host: IP " << ia->in_addrs[i]);
+ }
++ // disable fogery check. See https://code.nethesis.it/Nethesis/dev/issues/5088
++ http->request->flags.hostVerified = true;
++ http->doCallouts();
++ return;
+ }
+ debugs(85, 3, HERE << "FAIL: validate IP " << clientConn->local << " possible from Host:");
+ hostHeaderVerifyFailed("local IP", "any domain IP"); And here is my squid.conf ( i don't post my http_access for clearly view :()
###############################################################################
# Squid normally listens to port 3128
###############################################################################
https_port 3130 tproxy ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/e1f19c0494badc8dc14e8c4c56a8b97a.dyn
http_port 3129 tproxy
http_port 3128
###############################################################################
# squid ssl_bump option
###############################################################################
acl step1 at_step SslBump1
acl block ssl::server_name "/etc/squid/block_domain.txt"
ssl_bump peek step1
ssl_bump terminate block
ssl_bump splice all
sslproxy_options NO_SSLv2,NO_SSLv3,No_Compression
sslproxy_cipher ALL:!SSLv2:!SSLv3:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL:!eNULL
sslproxy_cert_error deny all
sslproxy_foreign_intermediate_certs /etc/squid/intermediate_ca.pem
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1
###############################################################################
## LOGFILE OPTIONS
###############################################################################
mime_table /etc/squid/mime.conf
pid_filename /var/run/squid.pid
include /etc/squid/logging.conf
###############################################################################
## OPTIONS FOR TROUBLESHOOTING
###############################################################################
coredump_dir /var/spool/squid
debug_options ALL,1
cache_effective_user squid
cache_effective_group squid
###############################################################################
## PERSISTENT CONNECTION HANDLING
###############################################################################
detect_broken_pconn off
client_persistent_connections off
server_persistent_connections on
###############################################################################
## ERROR PAGE OPTIONS
###############################################################################
error_directory /usr/share/squid/errors/en
error_log_languages off
###############################################################################
## DNS OPTIONS
###############################################################################
check_hostnames off
hosts_file /etc/hosts
connect_retries 2
ipcache_low 90
ipcache_size 5024 # Maximum number of DNS IP cache entries.
fqdncache_size 3024 # Maximum number of FQDN cache entries.
pipeline_prefetch 100
###############################################################################
## MISCELLANEOUS
###############################################################################
max_filedescriptors 65536
------------------------------------------------------------------------ The problem is my squid spent alot of memory. I have about 200 user, and my server is 4gb dram with 8gb swap dram but not enough !
total used free shared buffers cached
Mem: 3.8G 3.4G 503M 736K 181M 1.7G
-/+ buffers/cache: 1.5G 2.4G
Swap: 8.1G 9.3M 8.1G There is any issue with my squid ?? How can i fix it ? I have attach files for detail (squid.conf and squid-3.5.20-ssl-forgery.patch)
-- |
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
