Hi,
I am running squid version 4.6 and have set the file descriptors limit to 5000
I get an average of 1 lakh hits daily and in a day or 2 , I start getting these messages :
Sun Aug 18 15:00:29 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:29 2019 daemon.notice squid[4906]: 172.217.160.206:443
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: 52.114.158.52:443
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:36 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:36 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:37 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:37 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:41 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:41 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:42 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:42 2019 daemon.notice squid[4906]: 172.217.166.165:443
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:48 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:48 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:29 2019 daemon.notice squid[4906]: 172.217.160.206:443
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: 52.114.158.52:443
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:36 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:36 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:37 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:37 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:41 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:41 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:42 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:42 2019 daemon.notice squid[4906]: 172.217.166.165:443
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:48 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:48 2019 daemon.notice squid[4906]: 52.37.239.109:443
------------------------------------------------------------------------------------------------
Squid Config :
https_port 3131 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \
generate-host-certificates=off dynamic_cert_mem_cache_size=2MB
## For Captive Portal
http_port 3132 intercept
https_port 3133 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \
generate-host-certificates=off dynamic_cert_mem_cache_size=1MB
#sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
#sslcrtd_children 5
# TLS/SSL bumping definitions
acl tls_s1_connect at_step SslBump1
acl tls_s2_client_hello at_step SslBump2
acl tls_s3_server_hello at_step SslBump3
# TLS/SSL bumping steps
ssl_bump peek tls_s1_connect all # peek at TLS/SSL connect data
ssl_bump splice all # splice: no active bumping
on_unsupported_protocol tunnel all
pinger_enable off
digest_generation off
netdb_filename none
ipcache_size 128
fqdncache_size 128
via off
forwarded_for transparent
httpd_suppress_version_string on
cache deny all
cache_mem 0 MB
memory_pools off
shutdown_lifetime 0 seconds
#logfile_daemon /dev/null
access_log none
#acl good_url dstdomain .yahoo.com
http_access allow all
url_rewrite_program /tmp/squid/urlcat_server_start.sh
#url_rewrite_bypass on
url_rewrite_children 1 startup=1 idle=1 concurrency=30 queue-size=10000 on-persistent-overload=ERR
#url_rewrite_access allow all
#url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
url_rewrite_extras "%>a %lp %ssl::>sni"
max_filedesc 5120
coredump_dir /tmp
-----------------------------------------------------------------------
1. Should i decrease the client_lifetime ? Or should i increase the File Descriptor limit ? or adjust the timeouts
2. Also, there is a steady increase of memory on the device.. Squid is currently installed on an Access Point which is a resource constrained device.. Is there any way to control it..
--
Thank You
Chirayu Patel
Truecom Telesoft
+91 8758484287
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users