Dnia środa, 22 lutego 2006 23:57, Chris Robertson napisał:
[cut]
>
> The answer to that question is dependant on a whole host of variables, such
> as ACLs used, whether it's a proxy or an accelerator, the types of clients
> accessing it (client latency has a dramatic effect on CPU usage), types of
> content retrieved, how your cache_dirs are defined, etc.
>
> Various things that can reduce Squid performance:
>
> * regex based ACLs
acl badURL url_regex -i .wmf$
#^ remove wmf after security leaks on ms wmf file format
acl mGG url_regex ^http://adserver.gadu[\-]?gadu.pl/.*$
redirector_access deny !mGG
redirector_bypass on
redirect_program /home/gg_rewrite
#^redirector ro replece banner in popular polish comunicator
acl QUERY urlpath_regex cgi-bin \?
#typical patterns
refresh_pattern -i (.*jpg$|.*gif$|.*png$) 0 50% 28800
refresh_pattern -i (.*html$|.*htm|.*shtml|.*php) 0 20% 1440
refresh_pattern . 0 20% 4320
> * High latency clients
What do you mean "high latecy clients"?
> * blocking cache_dir configuration (e.g. using "ufs" instead of "aufs" or
> "diskd")
cache_dir aufs /var/cache/squid/dysk1 30000 32 256
cache_dir aufs /var/cache/squid/dysk2 30000 32 256
2x wd raptor 36GB
> * Anti-virus scanning
second processor have lot of free time, but first i must tune up squid to
~130-140 req/s
> * Slow authentication back ends
I don't have authentication backends, ACL from IP (acces filtered by netfilter
too)
> If none of these issues covers your problem, you might look into
> "experimental" solutions such as the epoll patch
> (http://devel.squid-cache.org/projects.html#epoll).
I recompiled withoud several options and with patch
http://devel.squid-cache.org/cgi-bin/diff2/epoll-2_5.patch?s2_5
aragorn squid # squid -v
Squid Cache: Version 2.5.STABLE12
configure options: --prefix=/usr --bindir=/usr/bin --exec-prefix=/usr
--sbindir=/usr/sbin --localstatedir=/var --mandir=/usr/share/man
--sysconfdir=/etc/squid --libexecdir=/usr/lib/squid
--enable-auth=basic,digest,ntlm --enable-removal-policies=lru,heap
--enable-linux-netfilter --enable-truncate --with-pthreads --enable-epool
--disable-follow-x-forwarded-for --host=x86_64-pc-linux-gnu --disable-snmp
--disable-ssl --enable-underscores --enable-storeio='diskd,coss,aufs,null'
--enable-async-io
fragmenst of squid.conf:
-- cut --
http_port [ip:port]
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 512 MB
maximum_object_size 16384 KB
maximum_object_size_in_memory 16 KB
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir aufs /var/cache/squid/dysk1 30000 32 256
cache_dir aufs /var/cache/squid/dysk2 30000 32 256
cache_access_log /var/log/squid/access.log
cache_store_log none
mime_table /etc/squid/mime.conf
redirect_children 15
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
request_header_max_size 20 KB
refresh_pattern -i (.*jpg$|.*gif$|.*png$) 0 50% 28800
refresh_pattern -i (.*html$|.*htm|.*shtml|.*php) 0 20% 1440
refresh_pattern . 0 20% 4320
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl administracja src 82.160.43.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
cache_mgr admin
http_access allow manager localhost
http_access allow manager administracja
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl badURL url_regex -i .wmf$
acl mGG url_regex ^http://adserver.gadu[\-]?gadu.pl/.*$
redirector_access deny !mGG
redirector_bypass on
redirect_program /home/gg_rewrite
acl spywaredomains dstdomain src "/etc/squid/spywaredomains.txt"
acl our_networks src 82.160.43.0/24 82.160.129.0/24
http_access deny badURL
http_access deny spywaredomains
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr admin@abp.pl
visible_hostname w3cache.abp.pl
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
dns_testnames onet.pl wp.pl microsoft.com abp.pl
logfile_rotate 10
append_domain .abp.pl
forwarded_for off
log_icp_queries off
cachemgr_passwd [cut] all
buffered_logs on
coredump_dir /var/cache/squid
store_dir_select_algorithm least-load
-- cut --
Thanks for advice.
-- Tomasz KolajReceived on Wed Feb 22 2006 - 16:24:30 MST
This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST