LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 10-23-2004, 12:09 PM   #1
ikhanr
LQ Newbie
 
Registered: Oct 2004
Location: Karachi
Posts: 13

Rep: Reputation: 0
Squid Configuration Problem


Hi,

I am a new user to Linux World. I work as a Systems Administrator in a school. We have an almost pure Windows Environment. We have only one Linux machine out of 150. This is our proxy server that I have recently installed after trying Microsoft ISA server evaluation.

We don't have a good Internet connection (256K ISDN shared) so I need a good cache server to compensate my internet connection. I have installed RH9 on the machine and configured squid to best of my knowledge. I am still not satisfied with the speed that I am getting. I know it can still be fine tuned, but I don't know which options to play with to fine tune it.

Does anybody have a good working version of squid.conf file? Or can I post my squid.conf file so any guru can alter it and post it back?

I will really appreciate your help.

Thanks!
 
Old 10-23-2004, 03:40 PM   #2
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Rep: Reputation: 46
Post your conf file. There are a few settings that can help a lot. Keep in mind that it takes a while, depending on traffic load, for a squid proxy to build up a good cache of frequently seen pages. It will speed up to some degree after a bit of use. Additionally the hardware specs of the proxy machine weigh heavily on proxy performance.
 
Old 10-24-2004, 05:51 AM   #3
ikhanr
LQ Newbie
 
Registered: Oct 2004
Location: Karachi
Posts: 13

Original Poster
Rep: Reputation: 0
Hey thanks!!!

I will post my squid.conf on Monday when I reach office. Here are my computer's specs:

Intel Pentium IV 1.8 Ghz
512MB SD Ram
40GB Seagate 7200 RPM HDD
Intel D845 Chipset

Thanks
 
Old 10-24-2004, 01:39 PM   #4
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Rep: Reputation: 46
Your hardware specs are well enough to easily proxy for 150 users. One of my proxies at work runs on a PIIII-550 with 512MB, and it works fine. The high-low water marks for cache replacement usually need to be tightened if you use a large cache. I set mine to 75/78 respectively. Additionally, make sure you shut off any unnecessary services to save resources.
 
Old 11-09-2004, 04:53 AM   #5
ikhanr
LQ Newbie
 
Registered: Oct 2004
Location: Karachi
Posts: 13

Original Poster
Rep: Reputation: 0
How do I post an attachment? For instance if I want to post my squid.conf file for you guys to have a look at and fix. How do I do it?

Please help!
 
Old 11-09-2004, 09:09 PM   #6
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Rep: Reputation: 46
We don't do attachments here. You can host it elsewhere and link to it, or simply copy and paste it into a post. For space considerations you should remove the comments from it before posting it. It helps show your settings more clearly and reduces the burden on the LQ server.
 
Old 11-09-2004, 10:41 PM   #7
ikhanr
LQ Newbie
 
Registered: Oct 2004
Location: Karachi
Posts: 13

Original Poster
Rep: Reputation: 0
Thanks. Here's my squid.conf. I have removed every piece of comment, but haven't removed any of the tags even if they are not used.
Note: I have noted that on clients it takes a while to resolve a website's name. I have Windows 2000 server acting as a cache only DNS server.


# TAG: http_port
http_port 8080

# TAG: https_port
# none

# TAG: ssl_unclean_shutdown
# ssl_unclean_shutdown off

icp_port 0

# htcp_port 4827

# TAG: mcast_groups
# none

# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255

# TAG: cache_peer
#Default:
# none

# TAG: cache_peer_domain
# none

# TAG: neighbor_type_domain
# none

# TAG: icp_query_timeout (msec)
# icp_query_timeout 0

# TAG: maximum_icp_query_timeout (msec)
# maximum_icp_query_timeout 2000

# TAG: mcast_icp_query_timeout (msec)
# mcast_icp_query_timeout 2000

# TAG: dead_peer_timeout (seconds)
# dead_peer_timeout 10 seconds

# TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?

# TAG: no_cache
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY


# TAG: cache_mem (bytes)
cache_mem 128 MB

# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
cache_swap_low 90
cache_swap_high 95

# TAG: maximum_object_size (bytes)
maximum_object_size 4096 KB

# TAG: minimum_object_size (bytes)
# minimum_object_size 0 KB

# TAG: maximum_object_size_in_memory (bytes)
maximum_object_size_in_memory 8 KB

# TAG: ipcache_size (number of entries)
# TAG: ipcache_low (percent)
# TAG: ipcache_high (percent)
# ipcache_size 1024
# ipcache_low 90
# ipcache_high 95

# TAG: fqdncache_size (number of entries)
# fqdncache_size 1024

# TAG: cache_replacement_policy
cache_replacement_policy lru

# TAG: memory_replacement_policy
memory_replacement_policy lru


# TAG: cache_dir
cache_dir ufs /var/spool/squid 5000 16 256

# TAG: cache_access_log
cache_access_log none

# TAG: cache_log
cache_log /var/log/squid/cache.log

# TAG: cache_store_log
cache_store_log none

# TAG: cache_swap_log
# none

# TAG: emulate_httpd_log on|off
# emulate_httpd_log off

# log_ip_on_direct on

# TAG: mime_table
# mime_table /etc/squid/mime.conf

# TAG: log_mime_hdrs on|off
# log_mime_hdrs off

# TAG: useragent_log
# none

# TAG: referer_log
# none

# TAG: pid_filename
pid_filename /var/run/squid.pid

# TAG: debug_options
# debug_options ALL,1

# TAG: log_fqdn on|off
# log_fqdn off

# TAG: client_netmask
# client_netmask 255.255.255.255

# TAG: ftp_user
# ftp_user Squid@

# TAG: ftp_list_width
# ftp_list_width 32

# TAG: ftp_passive
# ftp_passive on

# TAG: ftp_sanitycheck
# ftp_sanitycheck on

# TAG: cache_dns_program
# cache_dns_program /usr/lib/squid/

# TAG: dns_children
# dns_children 5

# TAG: dns_retransmit_interval
# dns_retransmit_interval 5 seconds

# TAG: dns_timeout
# dns_timeout 5 minutes

# TAG: dns_defnames on|off
# dns_defnames off

# TAG: dns_nameservers
# none

# TAG: hosts_file
# hosts_file /etc/hosts

# TAG: diskd_program
# diskd_program /usr/lib/squid/diskd

# TAG: unlinkd_program
# unlinkd_program /usr/lib/squid/unlinkd

# TAG: pinger_program
# pinger_program /usr/lib/squid/

# TAG: redirect_program
# none

# TAG: redirect_children
# redirect_children 5

# TAG: redirect_rewrites_host_header
# redirect_rewrites_host_header on

# TAG: redirector_access
# none

# TAG: auth_param
#Recommended minimum configuration:
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param basic program <uncomment and complete this line>
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

# TAG: authenticate_cache_garbage_interval
# authenticate_cache_garbage_interval 1 hour

# TAG: authenticate_ttl
# authenticate_ttl 1 hour

# TAG: authenticate_ip_ttl
# authenticate_ip_ttl 0 seconds

# TAG: external_acl_type
# none

# TAG: wais_relay_host
# TAG: wais_relay_port
# wais_relay_port 0

# TAG: request_header_max_size (KB)
# request_header_max_size 10 KB

# TAG: request_body_max_size (KB)
# request_body_max_size 0 KB

# TAG: refresh_pattern
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

# TAG: quick_abort_min (KB)
# TAG: quick_abort_max (KB)
# TAG: quick_abort_pct (percent)
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95

# TAG: negative_ttl time-units
# negative_ttl 5 minutes

# TAG: positive_dns_ttl time-units
# positive_dns_ttl 6 hours

# TAG: negative_dns_ttl time-units
# negative_dns_ttl 5 minutes

# TAG: range_offset_limit (bytes)
# range_offset_limit 0 KB

# TAG: connect_timeout time-units
# connect_timeout 2 minutes

# TAG: peer_connect_timeout time-units
# peer_connect_timeout 30 seconds

# TAG: read_timeout time-units
# read_timeout 15 minutes

# TAG: request_timeout
# request_timeout 5 minutes

# TAG: persistent_request_timeout
# persistent_request_timeout 1 minute

# TAG: client_lifetime time-units
# client_lifetime 1 day

# TAG: half_closed_clients
# half_closed_clients on

# TAG: pconn_timeout
# pconn_timeout 120 seconds

# TAG: ident_timeout
# ident_timeout 10 seconds

# TAG: shutdown_lifetime time-units
# shutdown_lifetime 30 seconds

# TAG: acl
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# TAG: http_access
#Recommended minimum configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
acl our_network src 192.168.0.0/24
http_access allow our_network

http_access allow localhost
http_access deny all

# TAG: http_reply_access
# http_reply_access allow all
http_reply_access allow all

# TAG: icp_access
# icp_access deny all
icp_access allow all

# TAG: miss_access
# miss_access allow all

# TAG: cache_peer_access
# none

# TAG: ident_lookup_access
# ident_lookup_access deny all

# TAG: tcp_outgoing_tos
# none

# TAG: tcp_outgoing_address
# none

# TAG: reply_body_max_size bytes allow|deny acl acl...
# reply_body_max_size 0 allow all

# TAG: cache_mgr
cache_mgr imran@kas.edu.pk

# TAG: cache_effective_user
cache_effective_user squid
cache_effective_group squid

# TAG: visible_hostname
# none

# TAG: unique_hostname
# none

# TAG: hostname_aliases
# none

# TAG: announce_period
# announce_period 0

# TAG: announce_host
# TAG: announce_file
# TAG: announce_port
# announce_host tracker.ircache.net
# announce_port 3131

# TAG: httpd_accel_host
# TAG: httpd_accel_port
# httpd_accel_port 80

# TAG: httpd_accel_single_host on|off
# httpd_accel_single_host off

# TAG: httpd_accel_with_proxy on|off
# httpd_accel_with_proxy off

# TAG: httpd_accel_uses_host_header on|off
# httpd_accel_uses_host_header off

# TAG: dns_testnames
# dns_testnames netscape.com internic.net nlanr.net microsoft.com

# TAG: logfile_rotate
# logfile_rotate 0

# TAG: append_domain
# none

# TAG: tcp_recv_bufsize (bytes)
# tcp_recv_bufsize 0 bytes

# TAG: err_html_text
# none

# TAG: deny_info
# none

# TAG: memory_pools on|off
# memory_pools on

# TAG: memory_pools_limit (bytes)
# none

# TAG: forwarded_for on|off
# forwarded_for on

# TAG: log_icp_queries on|off
log_icp_queries off

# TAG: icp_hit_stale on|off
# icp_hit_stale off

# TAG: minimum_direct_hops
# minimum_direct_hops 4

# TAG: minimum_direct_rtt
# minimum_direct_rtt 400

# TAG: cachemgr_passwd
# none

# TAG: store_avg_object_size (kbytes)
# store_avg_object_size 13 KB

# TAG: store_objects_per_bucket
# store_objects_per_bucket 20

# TAG: client_db on|off
# client_db on

# TAG: netdb_low
# TAG: netdb_high
# netdb_low 900
# netdb_high 1000

# TAG: netdb_ping_period
# netdb_ping_period 5 minutes

# TAG: query_icmp on|off
# query_icmp off

# TAG: test_reachability on|off
# test_reachability off

# TAG: buffered_logs on|off
buffered_logs on

# TAG: reload_into_ims on|off
# reload_into_ims off

# TAG: always_direct
# none

# TAG: never_direct
# none

# TAG: header_access
# none

# TAG: header_replace
# none

# TAG: icon_directory
# icon_directory /usr/share/squid/icons

# TAG: error_directory
# error_directory /usr/share/squid/errors

# TAG: minimum_retry_timeout (seconds)
# minimum_retry_timeout 5 seconds

# TAG: maximum_single_addr_tries
# maximum_single_addr_tries 3

# TAG: snmp_port
# snmp_port 0

# TAG: snmp_access
# snmp_access deny all

# TAG: snmp_incoming_address
# snmp_incoming_address 0.0.0.0
# snmp_outgoing_address 255.255.255.255

# TAG: as_whois_server
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net

# TAG: wccp_router
# wccp_router 0.0.0.0

# TAG: wccp_version
# wccp_version 4

# TAG: wccp_incoming_address
# wccp_incoming_address 0.0.0.0
# wccp_outgoing_address 255.255.255.255

# TAG: delay_pools
# delay_pools 0

# TAG: delay_class
# none

# TAG: delay_access
# none

# TAG: delay_parameters
# none

# TAG: delay_initial_bucket_level (percent, 0-100)
# delay_initial_bucket_level 50

# TAG: incoming_icp_average
# TAG: incoming_http_average
# TAG: incoming_dns_average
# TAG: min_icp_poll_cnt
# TAG: min_dns_poll_cnt
# TAG: min_http_poll_cnt
# incoming_icp_average 6
# incoming_http_average 4
# incoming_dns_average 4
# min_icp_poll_cnt 8
# min_dns_poll_cnt 8
# min_http_poll_cnt 8

# TAG: max_open_disk_fds
# max_open_disk_fds 0

# TAG: offline_mode
# offline_mode off

# TAG: uri_whitespace
# uri_whitespace strip

# TAG: broken_posts
# none

# TAG: mcast_miss_addr
# mcast_miss_addr 255.255.255.255

# TAG: mcast_miss_ttl
# mcast_miss_ttl 16

# TAG: mcast_miss_port
# mcast_miss_port 3135

# TAG: mcast_miss_encode_key
# mcast_miss_encode_key XXXXXXXXXXXXXXXX

# TAG: nonhierarchical_direct
# nonhierarchical_direct on

# TAG: prefer_direct
# prefer_direct off

# TAG: strip_query_terms
# strip_query_terms on

# TAG: coredump_dir
# redirector_bypass off

# TAG: ignore_unknown_nameservers
# ignore_unknown_nameservers on

# TAG: digest_generation
# digest_generation on

# TAG: digest_bits_per_entry
# digest_bits_per_entry 5

# TAG: digest_rebuild_period (seconds)
# digest_rebuild_period 1 hour

# TAG: digest_rewrite_period (seconds)
# digest_rewrite_period 1 hour

# TAG: digest_swapout_chunk_size (bytes)
# digest_swapout_chunk_size 4096 bytes

# TAG: digest_rebuild_chunk_percentage (percent, 0-100)
# digest_rebuild_chunk_percentage 10

# TAG: chroot
# none

# TAG: client_persistent_connections
# TAG: server_persistent_connections
# client_persistent_connections on
# server_persistent_connections on

# TAG: pipeline_prefetch
# pipeline_prefetch off

# TAG: extension_methods
# none

# TAG: request_entities
# request_entities off

# TAG: high_response_time_warning (msec)
# high_response_time_warning 0

# TAG: high_page_fault_warning
# high_page_fault_warning 0

# TAG: high_memory_warning
# high_memory_warning 0

# TAG: store_dir_select_algorithm
# store_dir_select_algorithm least-load

# TAG: forward_log
# none

# TAG: ie_refresh on|off
# ie_refresh off

# TAG: vary_ignore_expire on|off
# vary_ignore_expire off

# TAG: sleep_after_fork (microseconds)
# sleep_after_fork 0
 
Old 11-10-2004, 12:40 PM   #8
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Ubuntu, Debian, SuSE, UnSlung, Android
Posts: 1,819

Rep: Reputation: 46
One thing I forgot to mention is the Squid 3.0 beta that has been released. They changed the cache replacement policies, as well as a few other things that seem to show quite a performance improvement. I would tighten the cache replacement watermarks above from 90/95 to 74/76. They recommend reducing the range on larger caches.
 
Old 11-18-2004, 11:56 PM   #9
ikhanr
LQ Newbie
 
Registered: Oct 2004
Location: Karachi
Posts: 13

Original Poster
Rep: Reputation: 0
Well, I am having a slow response from Squid. One thing that I have noticed is that when I goto my cache folder, I see a lot of folders with some numbers and there are subfolders under these but these all subfolders are empty showing 0 objects. Does it mean that my Squid is not caching anything at all?

Please help!!!

Could you please provide me the link from where I can download Squid 3? and also the instruction on how to install and configure it cuz I have never been able to install any additional software on LInux.

Thanks Guys!!!
 
Old 03-22-2005, 08:59 PM   #10
linuxleach
LQ Newbie
 
Registered: Mar 2005
Posts: 1

Rep: Reputation: 0
Hi All
i hvae seen a small problem in your configuration you had not added dns_nameservers thats why its takes a lot time to resolv the websites just do one thing. start the named service in your linux and keep this tag in the configuration
dns_nameservers 127.0.0.1 10.21.0.2(replace 10.21.0.2 with your windows cache only dns server ip) i think it works and implement diskd future for cache_dir
 
Old 04-12-2005, 02:28 AM   #11
rcperez99
LQ Newbie
 
Registered: Apr 2005
Location: manila
Posts: 1

Rep: Reputation: 0
how does a squid.conf look like? without those remarks... can i see it? can you paste it here? thanks!

rcperez99@yahoo.com
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
squid configuration tuXfree Linux - Newbie 2 08-23-2005 04:27 PM
squid configuration karan101 Linux - Networking 7 02-01-2005 04:49 AM
best squid configuration shanino Linux - Networking 11 08-21-2004 03:55 AM
Squid configuration ematogo Linux - Networking 8 12-31-2002 01:22 PM
Squid Configuration accelicim_ho Linux - Software 2 03-26-2002 06:42 AM


All times are GMT -5. The time now is 05:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration