[squid-users] (no subject)
chiasa.men
chiasa.men at web.de
Fri May 12 14:50:36 UTC 2017
Am Freitag, 12. Mai 2017, 14:16:45 CEST schrieb Amos Jeffries:
> On 12/05/17 22:31, chiasa.men wrote:
> > Am Sonntag, 23. April 2017, 17:57:52 CEST schrieb Amos Jeffries:
> >> On 23/04/17 23:25, chiasa.men at web.de wrote:
> >>> Hello
> >>>
> >>> my squid.conf looks like that:
> >>>
> >>> https_port 3128 accel cert=/cert.pem key=/cert.key
> >>>
> >>> defaultsite=ww1.example.com vhost
> >>>
> >>> acl server20_domains dstdomain ww1.example.com ww2.example.com
> >>>
> >>> http_access allow server20_domains
> >>>
> >>> cache_peer server20 parent 443 0 no-query originserver name=server20
> >>>
> >>> login=PASSTHRU ssl sslversion=6
> >>>
> >>> cache_peer_access server20 allow server20_domains
> >>>
> >>> cache_peer_access server20 deny all
> >>>
> >>> The idea was to send ww1 and ww2 to server20 which is hosting an apache
> >>>
> >>> webservice for both sites.
> >>
> >> That looks fine.
> >>
> >>> You can see that approximately after 5s the timeout happens. Is it a
> >>> message
> >>>
> >>> to worry about? (it is just "info" labled) Why does it occur?
> >>
> >> Unknown. This is an Apache problem. The Squid portion of things appears
> >> to be working if I'm reading that weird access.log correctly.
> >>
> >> Amos
> >
> > Acutally it's not. The problem seemed to be the
> > server_persistent_connections setting in squid.conf.
> > By default set to on it tries to keep the cache_peer connection. Apache on
> > the other site hit the KeepAliveTimeout which was set to 5 seconds by
> > default. server_persistent_connections off in squid.conf
>
> So Squid is told (by Apache) that the connection is to be kept open /
> persistent and then Apache closes it very quickly afterward. That is an
> explicit configured problem, but still Apache endpoint is the cause of
> the issues you are having here.
>
> It is not a bug or error for either software, since that is one of the
> behaviours explicitly allowed by HTTP. But for you its being a problem.
You are absolutely right.
>
> > It set server_persistent_connections to off and the problem disappeared.
> > Is there any downside of this setting?
>
> 1) Every single HTTP request sent to any upstream server has to go
> through a full TCP connection handshake process, then a TCP shutdown
> process afterwards.
>
> 2) TCP socket cannot be used for a second connection until the kernel
> has confirmed both endpoints are not going to send anything on it. Which
> may be up to 15min.
>
> Between them these can cause a 50ms extra latency on every request, with
> a limit of just over 70 requests per second through the proxy to any
> given server - compared to the several tens of thousands Squid can
> normally handle and under 1ms latency that is quite bad.
>
>
> The efficient solution is to have long persistence on the connections
> between your CDN frontend (Squid) and the backend origins (Apache). You
> can make the timeout much shorter on the Squid client connections.
I see. So I'll tell apache to set the KeepAliveTimeout to squids default
persistent_request_timeout of 2 minutes :)
That sounds reasonable.
Thank you for the explanation.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list