[squid-users] Cache Peers and traffic handling

Eliezer Croitoru ngtech1ltd at gmail.com
Thu Apr 15 08:37:23 UTC 2021


I don’t know your use case that well but maybe another proxy can do that for you.
I wrote a haproxy routing config by username sometime ago:
https://gist.github.com/elico/405f0608e60910fc9ea119e22e1ffd07

It's very simple and worth a shot.
Let me know if it might be good for you.

All The Bests,
Eliezer


From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of koshik moshik
Sent: Sunday, April 11, 2021 12:04 AM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Cache Peers and traffic handling

Hello, 

I am trying to run a Squid proxy Server witth about 5000 cache peers. I am running a dedicated server with 6 cores and 32GB RAM on Ubuntu 16. 

Could you tell me what else is needed / not needed in my squid.config? I am encountering a high CPU usage and would like to create a very efficient proxy server. 

Down below you can find my squid.config(I deleted the other cache_peer lines):
-----------
http_port 3128
dns_v4_first on
acl SSL_ports port 1-65535
acl Safe_ports port 1-65535
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/.htpasswd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 5 hours
acl password proxy_auth REQUIRED
http_access allow password
#http_access deny all
cache allow all
never_direct allow all
ident_access deny all




cache_mem 1 GB
maximum_object_size_in_memory 16 MB




# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#Rules to anonymize http headers
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all




#
# Add any of your own refresh_pattern entries above these.
#
#refresh_pattern ^ftp:           1440    20%     10080
#refresh_pattern ^gopher:        1440    0%      1440
#refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
#refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
#refresh_pattern .               0       20%     4320

################################
acl me proxy_auth ye-1
cache_peer http://my.proxy.com/ parent 31280 login=user1:password1 no-query name=a1
cache_peer_access a1 allow me
cache_peer_access a1 deny all



More information about the squid-users mailing list