[squid-users] How to configure Squid can improve the performance ?
赵 俊
jun357572957zhao at hotmail.com
Wed Apr 11 01:48:07 UTC 2018
Thanks for reading my Email.
I have two questions:
My first question is how many maximum concurrent connection and the maximum new connection of squid are.
The second question is how to configure Squid can improve the maximum concurrent connection,maximum new connection and the performance .
I used 3.5.27 version.
My squid.conf is:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
acl NCACHE method GET
store_miss deny all
via off
# Squid normally listens to port 3128
http_port 3128
https_port 192.168.XX.XXX:3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem key=/usr/local/squid/ssl_cert/myCA.pem options=NO_SSLv3,NO_SSLv2
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1
ssl_bump stare ssl_step2
ssl_bump bump ssl_step3
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/lib/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1
#Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /usr/local/squid/var/cache/squid 4096 16 256
minimum_object_size 0 KB
maximum_object_size 4096 KB
maximum_object_size_in_memory 4096 KB
ipcache_size 1024 MB
ipcache_low 90
ipcache_high 95
fqdncache_size 1024 MB
cache_mem 2048 MB
cache_swap_low 90
cache_swap_high 95
# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/var/cache/squid
#icap
icap_enable on
icap_preview_enable on
icap_preview_size 1024
icap_send_client_ip on
adaptation_meta X-Client-Port "%>p"
icap_206_enable on
icap_persistent_connections off
icap_service service_req reqmod_precache 0 icap://192.168.XX.XXX:1344/echo
icap_service service_res respmod_precache 1 icap://192.168.XX.XXX:1344/echo
adaptation_access service_res allow all
adaptation_access service_req allow all
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180411/de3eb21e/attachment.html>
More information about the squid-users
mailing list