[squid-users] Squid is very slow after moving to production environment

[Matus UHLAR - fantomas]

On 09.04.18 16:53, Roberto Carna wrote:
>Dear Periko, so here is what you ask to me:
>
>CPU x 8
>RAM x 12 GB
>HD x 50 GB
>
>And this is /etc/squid/squid.conf file:

>cache_mem 4096 MB

what is squid's real memory usage?
It can be much much more than 4G, 4G is only cache, but squid also uses
buffers and indexes.

>memory_replacement_policy lru

I would use heap gdsfhere for betterhit ratio, but this should not be a
problem

>cache_dir aufs /var/spool/squid 25000 16 256

What's squid CPU usage?
here can be a problem. aufs cache_dir can be only used by one process.
Maybe you should try rock store for cache_Dir

>fqdncache_size 4096

I don't see any reason to specify this. too low fqdn cache can result into
repeated DNS fetches.

>acl manager proto cache_object

doesn't squid complain here? the "manager" acl is predefined since 3.4 iirc.
Are you sure squid uses this config file?

>auth_param basic program /usr/lib/squid/squid_ldap_auth -b
>"dc=company,dc=com,dc=ar" -f "uid=%s" -h ldap.company.com.ar -v 3
>auth_param basic children 5

aren't there too few children? it can result into waiting for authentication
result before client is allowed.
what does squid log say?

>acl QUERY urlpath_regex cgi-bin \? \.css \.asp \.aspx
>cache deny QUERY

this is useless for a long time. urlpath_regex causes squid eat much of CPU.
disable this.

>acl gedo dstdomain .gde.gob.ar
>always_direct allow gedo

you have no cache peers defined. This is therefore useless.

>I've just changed the new proxy to test environment and it works very
>well again....I get lost.

see the limits above. Some of them may be low for a production system.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #99999: Out of error messages.