[squid-users] (no subject)

chiasa.men chiasa.men at web.de
Fri May 12 14:50:36 UTC 2017


Am Freitag, 12. Mai 2017, 14:16:45 CEST schrieb Amos Jeffries:
> On 12/05/17 22:31, chiasa.men wrote:
> > Am Sonntag, 23. April 2017, 17:57:52 CEST schrieb Amos Jeffries:
> >> On 23/04/17 23:25, chiasa.men at web.de wrote:
> >>> Hello
> >>> 
> >>> my squid.conf looks like that:
> >>> 
> >>> https_port 3128 accel cert=/cert.pem key=/cert.key
> >>> 
> >>> defaultsite=ww1.example.com vhost
> >>> 
> >>> acl server20_domains dstdomain ww1.example.com ww2.example.com
> >>> 
> >>> http_access allow server20_domains
> >>> 
> >>> cache_peer server20 parent 443 0 no-query originserver name=server20
> >>> 
> >>> login=PASSTHRU ssl sslversion=6
> >>> 
> >>> cache_peer_access server20 allow server20_domains
> >>> 
> >>> cache_peer_access server20 deny all
> >>> 
> >>> The idea was to send ww1 and ww2 to server20 which is hosting an apache
> >>> 
> >>> webservice for both sites.
> >> 
> >> That looks fine.
> >> 
> >>> You can see that approximately after 5s the timeout happens. Is it a
> >>> message
> >>> 
> >>> to worry about? (it is just "info" labled) Why does it occur?
> >> 
> >> Unknown. This is an Apache problem. The Squid portion of things appears
> >> to be working if I'm reading that weird  access.log correctly.
> >> 
> >> Amos
> > 
> > Acutally it's not. The problem seemed to be the
> > server_persistent_connections setting in squid.conf.
> > By default set to on it tries to keep the cache_peer connection. Apache on
> > the other site hit the KeepAliveTimeout which was set to 5 seconds by
> > default. server_persistent_connections off in squid.conf
> 
> So Squid is told (by Apache) that the connection is to be kept open /
> persistent and then Apache closes it very quickly afterward. That is an
> explicit configured problem, but still Apache endpoint is the cause of
> the issues you are having here.
> 
> It is not a bug or error for either software, since that is one of the
> behaviours explicitly allowed by HTTP. But for you its being a problem.
You are absolutely right.
> 
> > It set server_persistent_connections to off and the problem disappeared.
> > Is there any downside of this setting?
> 
> 1) Every single HTTP request sent to any upstream server has to go
> through a full TCP connection handshake process, then a TCP shutdown
> process afterwards.
> 
> 2) TCP socket cannot be used for a second connection until the kernel
> has confirmed both endpoints are not going to send anything on it. Which
> may be up to 15min.
> 
> Between them these can cause a 50ms extra latency on every request, with
> a limit of just over 70 requests per second through the proxy to any
> given server - compared to the several tens of thousands Squid can
> normally handle and under 1ms latency that is quite bad.
> 
> 
> The efficient solution is to have long persistence on the connections
> between your CDN frontend (Squid) and the backend origins (Apache). You
> can make the timeout much shorter on the Squid client connections.
I see. So I'll tell apache to set the KeepAliveTimeout to squids default 
persistent_request_timeout of 2 minutes :)
That sounds reasonable.
Thank you for the explanation.
> 
> Amos
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users




More information about the squid-users mailing list