[squid-users] Slow server ¿?
erdosain9
erdosain9 at gmail.com
Mon May 15 18:52:49 UTC 2017
Hi.
Can somebody tell why the squid server it's going slow???
top - 15:05:21 up 3:52, 1 user, load average: 0,93, 2,15, 10,85
Tasks: 186 total, 1 running, 185 sleeping, 0 stopped, 0 zombie
%Cpu(s): 1,7 us, 0,5 sy, 0,0 ni, 97,2 id, 0,7 wa, 0,0 hi, 0,0 si, 0,0
st
KiB Mem : 3882708 total, 110044 free, 1934236 used, 1838428 buff/cache
KiB Swap: 2097148 total, 2087324 free, 9824 used. 1646000 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2142 squid 20 0 1127580 0,977g 9244 S 3,7 26,4 65:15.76 squid
2171 squid 20 0 52788 3404 2292 S 0,7 0,1 10:54.76
negotiate_+
939 clamscan 20 0 1437976 553640 9036 S 0,3 14,3 2:03.58 clamd
1 root 20 0 41148 3156 2368 S 0,0 0,1 0:01.56 systemd
2 root 20 0 0 0 0 S 0,0 0,0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0,0 0,0 0:00.23
ksoftirqd/0
7 root rt 0 0 0 0 S 0,0 0,0 0:00.32
migration/0
8 root 20 0 0 0 0 S 0,0 0,0 0:00.00 rcu_bh
9 root 20 0 0 0 0 S 0,0 0,0 0:00.00 rcuob/0
10 root 20 0 0 0 0 S 0,0 0,0 0:00.00 rcuob/1
11 root 20 0 0 0 0 S 0,0 0,0 0:26.01
rcu_sched
12 root 20 0 0 0 0 S 0,0 0,0 0:12.05 rcuos/0
13 root 20 0 0 0 0 S 0,0 0,0 0:25.08 rcuos/1
14 root rt 0 0 0 0 S 0,0 0,0 0:00.05
watchdog/0
15 root rt 0 0 0 0 S 0,0 0,0 0:00.05
watchdog/1
16 root rt 0 0 0 0 S 0,0 0,0 0:00.00
migration/1
17 root 20 0 0 0 0 S 0,0 0,0 0:04.11
ksoftirqd/1
Config file
*-----------------------------------------------------------------------------------------**
####GRUPOS DE IP
acl sin_autenticacion src "/etc/squid/listas/sin_autenticacion.lst"
acl red6 src 192.168.6.0/24
###Kerberos Auth with ActiveDirectory###
auth_param negotiate program /lib64/squid/negotiate_kerberos_auth -s
HTTP/squid.xxxxxxx.lan at xxxxxxx.LAN
auth_param negotiate children 35 startup=0 idle=1
auth_param negotiate keep_alive off
external_acl_type i-full %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl
-g i-full at xxxxxxx.LAN
external_acl_type i-limitado %LOGIN
/usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-limitado at xxxxxxx.LAN
external_acl_type i-sinlimite %LOGIN
/usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-sinlimite at xxxxxxx.LAN
#GRUPOS
acl i-full external i-full
acl i-limitado external i-limitado
acl i-sinlimite external i-sinlimite
####Bloquea Publicidad ( http://pgl.yoyo.org/adservers/ )
acl ads dstdom_regex "/etc/squid/listas/ad_block.lst"
http_access deny ads
####Streaming
acl youtube url_regex -i \.flv$
acl youtube url_regex -i \.mp4$
acl youtube url_regex -i watch?
acl youtube url_regex -i youtube
acl facebook url_regex -i facebook
acl facebook url_regex -i fbcdn\.net\/v\/(.*\.mp4)\?
acl facebook url_regex -i fbcdn\.net\/v\/(.*\.jpg)\?
acl facebook url_regex -i akamaihd\.net\/v\/(.*\.mp4)\?
acl facebook url_regex -i akamaihd\.net\/v\/(.*\.jpg)\?
##Dominios denegados
acl dominios_denegados dstdomain "/etc/squid/listas/dominios_denegados.lst"
##Extensiones bloqueadas
acl multimedia urlpath_regex "/etc/squid/listas/multimedia.lst"
##Extensiones peligrosas
acl peligrosos urlpath_regex "/etc/squid/listas/peligrosos.lst"
#Puertos
acl SSL_ports port 443
acl SSL_ports port 8443
acl SSL_ports port 8080
acl SSL_ports port 20000
acl SSL_ports port 10000
acl SSL_ports port 2083
acl Safe_ports port 631 # httpCUPS
acl Safe_ports port 85
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 8443 # httpsalt
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8080 # edesur y otros
acl Safe_ports port 2199 # radio
acl CONNECT method CONNECT
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localhost
http_access allow i-sinlimite
http_access allow sin_autenticacion
http_access allow i-limitado #!dominios_denegados
http_access allow i-full #!dominios_denegados
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 192.168.1.215:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=5MB cert=/etc/squid/ssl_cert/myca.pem
key=/etc/squid/ssl_cert/myca.pem
acl step1 at_step SslBump1
acl excludeSSL ssl::server_name_regex "/etc/squid/listas/excluidosSSL.lst"
ssl_bump peek step1
ssl_bump splice excludeSSL
ssl_bump bump all
# Uncomment and adjust the following to add a disk cache directory.
cache_dir diskd /var/spool/squid 15000 16 256
cache_mem 256 MB
cache_swap_low 90
cache_swap_high 95
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#Your refresh_pattern
refresh_pattern -i \.jpg$ 30 0% 30 ignore-no-cache ignore-no-store
ignore-private
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
###ACTIVAR EN CASO DE "Connection reset by peer" EN MUCHOS HOST
via off
forwarded_for delete
###
#Pools para ancho de banda
delay_pools 5
#Ancho de Youtube
delay_class 1 2
delay_parameters 1 1000000/1000000 50000/512000
delay_access 1 allow i-limitado youtube !facebook
delay_access 1 deny all
#Ancho de Facebook
delay_class 2 2
delay_parameters 2 1000000/1000000 50000/512000
delay_access 2 allow i-limitado facebook !youtube
delay_access 2 deny all
#Ancho de banda YOUTUBE FULL
delay_class 3 1
delay_parameters 3 1000000/1000000
delay_access 3 allow i-full youtube !facebook
delay_access 3 deny all
#Ancho de banda LIMITADO
delay_class 4 3
delay_parameters 4 3000000/3000000 1000000/1000000 256000/512000
delay_access 4 allow i-limitado !youtube !facebook
delay_access 4 deny all
#Ancho de banda FULL
delay_class 5 3
delay_parameters 5 1500000/1500000 750000/750000 256000/512000
delay_access 5 allow i-full !youtube !facebook
delay_access 5 deny all
dns_nameservers 192.168.1.200 8.8.8.8
#dns_nameservers 8.8.8.8 8.8.4.4
visible_hostname squid.xxxxxxx.lan
# try connecting to first 25 ips of a domain name
forward_max_tries 25
# fix some ipv6 errors (recommended to comment out)
dns_v4_first on
# c-icap integration
# -------------------------------------
# Adaptation parameters
# -------------------------------------
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_avi_req reqmod_precache
icap://127.0.0.1:1344/squidclamav bypass=on
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache
icap://127.0.0.1:1344/squidclamav bypass=off
adaptation_access service_avi_resp allow all
# end integration
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Slow-server-tp4682400.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list