[squid-users] Squid is very slow after moving to production environment

Roberto Carna robertocarna36 at gmail.com
Mon Apr 9 19:53:26 UTC 2018 

Dear Periko, so here is what you ask to me:

CPU x 8
RAM x 12 GB
HD x 50 GB

And this is /etc/squid/squid.conf file:

acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT
coredump_dir /var/spool/squid
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320
http_port localhost:3128
cache_mem 4096 MB
maximum_object_size_in_memory 4096 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy lru
maximum_object_size 10 MB
cache_dir aufs /var/spool/squid 25000 16 256
cache_swap_low 90
cache_swap_high 95
access_log /var/log/squid/access.log squid
access_log syslog:local7.info
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
store_dir_select_algorithm least-load
positive_dns_ttl 8 hours
negative_dns_ttl 30 seconds
ipcache_size 4096
ipcache_low 90
ipcache_high 95
ftp_passive on
ftp_epsv off
fqdncache_size 4096
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
visible_hostname proxy.company.com.ar
via off
hosts_file /etc/hosts
ignore_unknown_nameservers on
request_header_max_size 64 KB
icp_port 0
htcp_port 0
icp_access deny all
htcp_access deny all
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl netadmin src 10.8.6.3/32
http_access allow manager localhost
http_access allow manager netadmin
http_access deny manager
auth_param basic program /usr/lib/squid/squid_ldap_auth -b
"dc=company,dc=com,dc=ar" -f "uid=%s" -h ldap.company.com.ar -v 3
auth_param basic children 5
auth_param basic realm COMPANY
auth_param basic credentialsttl 4 hours
auth_param basic casesensitive on
acl LDAP proxy_auth REQUIRED
http_access allow LDAP
http_access deny all
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl CONNECT method CONNECT
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localhost
acl QUERY urlpath_regex cgi-bin \? \.css \.asp \.aspx
cache deny QUERY
acl gedo dstdomain .gde.gob.ar
always_direct allow gedo
acl GOB url_regex .com.ar
http_access allow GOB
acl NOFLASH urlpath_regex .+\.swf$
http_access deny NOFLASH
http_access deny all

I've just changed the new proxy to test environment and it works very
well again....I get lost.

Thanks a lot !!!

2018-04-09 16:04 GMT-03:00 Periko Support <pheriko.support at gmail.com>:
> Hi, show the config file please and specs of the machine.
>
> On Mon, Apr 9, 2018 at 12:00 PM, Roberto Carna <robertocarna36 at gmail.com> wrote:
>> Dear, I have implemented a server with Dansguardian 10.2.1.1 and Squid 3.5.23-5.
>>
>> I've tested it with 5 users for along 2 months and always it worked OK.
>>
>> But today when a moved it to production environment, it worked but
>> very very slow. I've just changed hostname and IP, in order to match
>> with the old proxy server and flush de ARP table of the firewall
>> (because ths server has the same IP but different MAC Address)....and
>> no more. And let me say that in production environment, there are
>> 30-40 users at all, it's not a big number of users at all.
>>
>> Where can I start to see in order to analyze the problem? Any idea to help me?
>>
>> Thanking in advance, regards !!!
>>
>> Robert
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list