[squid-users] Your cache is running out of filedescriptors

Eliezer Croitoru eliezer at ngtech.co.il
Thu Aug 31 23:43:25 UTC 2017


Hey Vieri,

The hard and soft limit are designed to administratively allow a specific service or user have a "space" between the expected to the unexpected.
I assume it's meant also for other things like giving a specific user or service a basic(soft) limit and a higher limit that will not cripple the whole machine(hard..).
But I don't remember the exact idea behind it.

For a sysadmin it's only a matter of restrictions to not wear out the hardware or to prevent resources abuse.

As Amos suggested, since squid almost 100% requires root privileges then you can add to the openrc or system startup service\script the specific limit you want to apply in the scope of any start\restart of the service(squid).
You will need to use:
ulimit -Hn 65535

first and after this apply the lower limit:
ulimit -Hn 16384

just notice that depends on the hardware and the network you should monitor the server and the services to make sure squid will not be used to abuse your connection.

I hope the above will help you.

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il



-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Vieri
Sent: Thursday, August 31, 2017 10:27
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Your cache is running out of filedescriptors

I'd like to add a note to my previous message.

I set the following values, and I'll see what happens:

* hard nofile 65535
* soft nofile 16384


("hard" being a top limit a non-root process cannot exceed)

So I take it that Squid will start with a default of 16384, but will be able to increase up to 65535 if it needs to.


By the way, restarting squid from the same shell (ssh) does not apply the new values.
I had to re-log into the system.

There's probably a ulimit command line option to apply the values without logging out.

Anyway, the squid log confirms the new value.


Also, I guess it would be preferable to reboot the server if I wanted the same limits to apply to all running processes (or restart each and every service/daemon one by one).


I also set the following directives.
For local caching proxy:

client_lifetime 480 minutes


For reverse proxies:

client_lifetime 60 minutes


I left the other options alone: 
read_timeout, request_timeout, persistent_request_timeout and quick_abort

Vieri
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list