hi ,
i have server delr720 .
i have centos 6.3 x86_64 bit , with kernel 3.7.5 compiled with "tproxy" support
i have ram 32 Giga .
i have 4 hardsiks as follow:
hardisk#1==>opertaing system 170 giga ssd hardsik with name sda
hardsik#2 , hardsik#3 , hardsik#4 , ===>had been as raid 0 with name sdb
ive woring wccp2 with cisco router with tproxy without ptoblems .
but the main problem is that there is slow in browsing and squid guard sometimes bypass the filtering !!!
==========================
the bw entering my server is about 150-170 M with about 1000 user .
=================================
here is some info :
[root@squid /]# free- m
-bash: free-: command not found
[root@squid /]# free -m
total used free shared buffers cached
Mem: 32451 2165 30286 0 72 1453
-/+ buffers/cache: 639 31812
Swap: 0 0 0
[root@squid /]# cat /etc/squid/squid.conf
#
#
# squid Config By "xx" "xx"
#
###################
acl all src all
acl manager proto cache_object
acl localnet src 192.168.1.0/24 x.x.x.x/16 x.x.x0/16
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 590 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#Default:\
visible_hostname squid
coredump_dir /var/spool/squid
################################squidguard###################
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
redirect_children 20
cache_effective_user squid
cache_effective_group squid
##############################
#
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow localnet
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# And finally deny all other access to this proxy
http_access deny all
#Allow ICP queries from everyone
icp_access allow all
hierarchy_stoplist cgi-bin ?
#####################
#acl net src x.x.x.x/20 1x.x.x.x22
#acl SSL_ports port 443
#3acl Safe_ports port 80 # http
#acl Safe_ports port 21 # ftp
#acl Safe_ports port 443 # https
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
#acl Safe_ports port 280 # http-mgmt
#acl Safe_ports port 488 # gss-http
#acl Safe_ports port 591 # filemaker
#acl Safe_ports port 777 # multiling http
#acl CONNECT method CONNECT
#acl NOCACHE dstdomain wafa.ps
#acl NOCACHE dstdomain jepharm.ps
#acl NOCACHE dstdomain mohe.ps
#acl NOCACHE dstdomain paldf.net
#acl NOCACHE dstdomain hoho.ps
#no_cache deny NOCACHE
access_log /var/log/squid/access.log
#http_access allow src
#http_access deny manager
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
#http_access allow localhost
#http_access allow net
#http_access deny all
max_filedesc 4096
cache_dir ufs /cache1 200000 32 256
#cache_dir null /ert
cache_mem 30 MB
access_log none
cache_store_log none
http_port 127.0.0.1:3128
http_port 3128
http_port 3129 tproxy
# --BEGIN-- videocache config for squid
########### Performance Related Config:
hierarchy_stoplist cgi-bin ?
forwarded_for off
half_closed_clients off
#persistent_request_timeout 2 minutes
#max_filedescriptors 65536
#max_open_disk_fds 65536
relaxed_header_parser on
reload_into_ims on
quick_abort_min 0 KB
quick_abort_max 0 KB
client_lifetime 15 minutes
read_timeout 5 minutes
request_timeout 1 minutes
ie_refresh on
vary_ignore_expire on
maximum_object_size_in_memory 64 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
ipcache_size 2048
ipcache_low 98
ipcache_high 99
memory_pools off
pipeline_prefetch on
httpd_suppress_version_string on
server_persistent_connections on
client_persistent_connections on
pconn_timeout 2 minutes
persistent_request_timeout 1 minute
########### Cache Config:
cache_swap_low 90
cache_swap_high 95
cache_replacement_policy heap LFUDA
#request_header_max_size 2048 KB
minimum_object_size 0
maximum_object_size 135128 kB
negative_ttl 0 seconds
negative_dns_ttl 1 second
#### saleh config
via off
visible_hostname squid
#memory_cache_shared off
########### WCCP2 Config:
wccp2_router x.x.x.x
#wccp2_router x.x.x.x
wccp_version 2
wccp2_forwarding_method 2
wccp2_return_method 2
#wccp2_assignment_method mask
wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80
wccp2_service dynamic 90
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80
# TUNING CACHE PROXY
# pictures & images
refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private
refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth
#sound, video multimedia
refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache
refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 50% 43200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-auth ignore-private
# files
refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 10080 90% 43200 ignore-no-cache ignore-auth
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 90% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 90% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 90% 43200 override-expire ignore-no-cache ignore-auth
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 90% 43200 override-expire ignore-no-cache ignore-auth
# refresh pattern for specific sites #
refresh_pattern ^
http://*.blogspot.com/.* 720 90% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://*.wordpress.*/.* 720 90% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache
refresh_pattern ^
http://*.kaskus.*/.* 720 90% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://www.kaskus.com/.* 720 100% 28800 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://*.detik.*/.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://*.detiknews.*/*.* 720 50% 2880 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://*.friendster.com/.* 720 90% 10080 override-expire override-lastmod ignore-no-cache ignore-auth
refresh_pattern ^
http://*.facebook.*/.* 720 90% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://apps.facebook.com/.* 720 90% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://*.fbcdn.*/.* 720 90% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://*.zynga.*/.* 720 90% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://profile.ak.fbcdn.net/.* 720 90% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://*.yahoo.com/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://*.google.*/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^
http://*.aljazeera.net/.* 720 80% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
==================
[root@squid /]# mount
/dev/sda1 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev/sdb on /cache1 type ext4 (rw,noatime,barrier=0,data=writeback,commit=100)
[root@squid /]# suqid -v
-bash: suqid: command not found
[root@squid /]# suqid -^C
[root@squid /]# squid -v
Squid Cache: Version 3.1.10
configure options: '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--target=i686-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-arp-acl' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth' '--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth' '--enable-digest-auth-helpers=password,ldap,eDirectory' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--with-large-files' '--enable-linux-netfilter' '--enable-referer-log' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log' '--enable-wccpv2' '--enable-esi' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' 'build_alias=i386-redhat-linux-gnu' 'host_alias=i386-redhat-linux-gnu' 'target_alias=i686-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -fpie' 'LDFLAGS=-pie' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -fpie' --with-squid=/builddir/build/BUILD/squid-3.1.10
[root@squid /]#
wish to help me in optimizing the suqid to my hardware .
regards