[squid-users] caching apt package lists/Raspbian
Mark James
tarotapprentice at yahoo.com
Sun Jul 21 04:20:47 UTC 2019
Doing an “apt update” on the squid machine got another TCP_MISS_ABORTED for ::1 and then subsequent IPv4 requests from other Pis get the TCP_REQUEST_UNMODIFIED.
Packages.xz was 13MB.
> On 21 Jul 2019, at 12:36 am, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
>> On 20/07/19 5:19 pm, TarotApprentice wrote:
>> Recently upgraded to Raspbian Buster and squid 4.6. Since then I am
> unable to cache the Packages.xz that apt uses. The various other Pis
> using this proxy all end up downloading the 30MB Packages.xz every time.
> Does anyone have any suggestions on how to get it to cache?
>>
>> Cheers MarkJ
>>
>
> According to both Redbot and my manual check the object is only 12MB,
> not 30MB. If you are getting 30MB somebody is interfering with that
> download.
>
>
> It should be caching by default. The redbot tool shows the site is
> providing all the required cache headers and working perfectly for
> revalidation. The REFRESH_UNMODIFIED log entries show that too.
>
> The TCP_MISS_ABORTED indicates that for that log entry there was nothing
> in cache (yet) for that URL, and the client aborted the transfer with
> only 2.6MB fetched.
>
>
>
> Can you try having just one Pi do its update and seeing if the .xz
> object is cached afterwards?
>
> Alternatively try the command:
> squidclient
> http://raspbian.raspberrypi.org/raspbian/dists/buster/main/binary-armhf/Packages.xz
>
> It the object is cacheable, but your environment tends to have the Pi's
> all fetching at the same time (eg before the first finishes), then you
> may find collapsed_forwarding feature of use. That helps with caching
> parallel fetches of objects.
>
> Amos
>
>
>> squid -v
>> Squid Cache: Version 4.6
>> Service Name: squid
>> Raspbian linux
>>
>>
>> access.log
>>
>> 1563597855.786 605 192.168.1.73 TCP_REFRESH_UNMODIFIED/200 15306 GET http://raspbian.raspberrypi.org/raspbian/dists/buster/InRelease - HIER_DIRECT/93.93.128.193 -
>>
>> 1563597855.811 620 192.168.1.73 TCP_REFRESH_UNMODIFIED/200 25429 GET http://archive.raspberrypi.org/debian/dists/buster/InRelease - HIER_DIRECT/93.93.128.133 -
>>
>> 1563597857.486 620 192.168.1.73 TCP_REFRESH_UNMODIFIED/200 205801 GET http://archive.raspberrypi.org/debian/dists/buster/main/binary-armhf/Packages.gz - HIER_DIRECT/93.93.128.133 application/x-gzip
>>
>> 1563597936.436 80026 192.168.1.73 TCP_MISS_ABORTED/200 2641974 GET http://raspbian.raspberrypi.org/raspbian/dists/buster/main/binary-armhf/Packages.xz - HIER_DIRECT/93.93.128.193 application/x-xz
>>
>>
>> config file
>>
> ...
>> acl hiddenwasp2 dstdomain http://103.206.123.13
>
> The above "http://" is not a valid domain name.
>
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access deny ads
>> http_access deny malware
>> http_access deny malware2
>> http_access deny hiddenwasp
>> http_access deny hiddenwasp2
>> http_access allow l500-020b manager
>> http_access deny manager
>
>
> 'dst' ACL is quite slow and resource intensive. You should put these
> manager rules above the "malware2" denial to protect against DoS better.
>
> ...
>> http_port 3128
>> cache_mem 448 MB
>> maximum_object_size 320 MB
>> memory_replacement_policy lru
>> cache_replacement_policy heap LFUDA
>> cache_dir aufs /var/spool/squid 18432 32 256
>> quick_abort_min -1 KB
>> client_request_buffer_max_size 128 KB
>
> ...
>
>> refresh_pattern (\.deb|\.udeb)$ 1440 80% 10080
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>> refresh_pattern . 0 20% 4320
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list