[squid-users] Squid SSL db on ramdisk

Yuri yvoinov at gmail.com
Sat Feb 10 17:03:50 UTC 2018


One more question.

What is correct syntax for -M option? I'm just in doubt. Helper eats -M
5MB, but not -M 1024MB, however eats -M 1 GB.

root @ lemanruss /patch/tmp #
/usr/local/squid/libexec/security_file_certgen -s /ramdisk1/ssl_db -M 2GB
/usr/local/squid/libexec/security_file_certgen: Error when parsing -M
options value
root @ lemanruss /patch/tmp #
/usr/local/squid/libexec/security_file_certgen -s /ramdisk1/ssl_db -M 2 GB
^C
root @ lemanruss /patch/tmp #
/usr/local/squid/libexec/security_file_certgen -s /ramdisk1/ssl_db -M 2GB
/usr/local/squid/libexec/security_file_certgen: Error when parsing -M
options value
root @ lemanruss /patch/tmp #
/usr/local/squid/libexec/security_file_certgen -s /ramdisk1/ssl_db -M 5MB
^C
root @ lemanruss /patch/tmp #
/usr/local/squid/libexec/security_file_certgen -s /ramdisk1/ssl_db -M 5GB
/usr/local/squid/libexec/security_file_certgen: Error when parsing -M
options value
root @ lemanruss /patch/tmp #
/usr/local/squid/libexec/security_file_certgen -s /ramdisk1/ssl_db -M 5 MB
^C
root @ lemanruss /patch/tmp #
/usr/local/squid/libexec/security_file_certgen -s /ramdisk1/ssl_db -M 1024MB
/usr/local/squid/libexec/security_file_certgen: Error when parsing -M
options value
root @ lemanruss /patch/tmp #
/usr/local/squid/libexec/security_file_certgen -s /ramdisk1/ssl_db -M
1024 MB
^C

How to correctly specify -M with 2 Gb size?


10.02.2018 22:39, Yuri пишет:
>
> 10.02.2018 22:36, Alex Rousskov пишет:
>> On 02/10/2018 09:23 AM, Yuri wrote:
>>
>>> I can set -M in according FS size, using for store SSL DB, correct?
>> Yes, -M limits the sum of sizes of all (serialized) certificates stored
>> in the helper database. The helper tries to account for the filesystem
>> block size, but I doubt its calculations are very precise.
> Tks for clarifying :)
> Got it. Will correct my configs :-)
>>
>>> dynamic_cert_mem_cache_size is http(s)_port option?
>> Yes, it is. If the needed dynamically-generated certificate is found in
>> the dynamic certificate memory cache, then Squid does not ask the helper
>> to generate that certificate. This in-Squid RAM cache stores raw (not
>> serialized) certificates. As you know, Squid does not compute the size
>> of raw (not serialized) certificates correctly, resulting in bug #4005
>> issues: https://bugs.squid-cache.org/show_bug.cgi?id=4005
> Aha, and in this case helper speed is critical and using helper storage
> on ramdisk will very useful....
>> Alex.

-- 
*****************************
* C++20 : Bug to the future *
*****************************


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180210/6a29dc7a/attachment-0001.sig>


More information about the squid-users mailing list