[squid-users] Cache Peers and traffic handling

koshik moshik koshikmoshik at gmail.com
Sat Apr 10 21:03:38 UTC 2021


Hello,


I am trying to run a Squid proxy Server witth about 5000 cache peers. I am
running a dedicated server with 6 cores and 32GB RAM on Ubuntu 16.


Could you tell me what else is needed / not needed in my squid.config? I am
encountering a high CPU usage and would like to create a very efficient
proxy server.


Down below you can find my squid.config(I deleted the other cache_peer
lines):

-----------

http_port 3128

dns_v4_first on

acl SSL_ports port 1-65535

acl Safe_ports port 1-65535

acl CONNECT method CONNECT

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/.htpasswd

auth_param basic children 5

auth_param basic realm Squid Basic Authentication

auth_param basic credentialsttl 5 hours

acl password proxy_auth REQUIRED

http_access allow password

#http_access deny all

cache allow all

never_direct allow all

ident_access deny all





cache_mem 1 GB

maximum_object_size_in_memory 16 MB





# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid


#Rules to anonymize http headers

forwarded_for off

request_header_access Allow allow all

request_header_access Authorization allow all

request_header_access WWW-Authenticate allow all

request_header_access Proxy-Authorization allow all

request_header_access Proxy-Authenticate allow all

request_header_access Cache-Control allow all

request_header_access Content-Encoding allow all

request_header_access Content-Length allow all

request_header_access Content-Type allow all

request_header_access Date allow all

request_header_access Expires allow all

request_header_access Host allow all

request_header_access If-Modified-Since allow all

request_header_access Last-Modified allow all

request_header_access Location allow all

request_header_access Pragma allow all

request_header_access Accept allow all

request_header_access Accept-Charset allow all

request_header_access Accept-Encoding allow all

request_header_access Accept-Language allow all

request_header_access Content-Language allow all

request_header_access Mime-Version allow all

request_header_access Retry-After allow all

request_header_access Title allow all

request_header_access Connection allow all

request_header_access Proxy-Connection allow all

request_header_access User-Agent allow all

request_header_access Cookie allow all

request_header_access All deny all





#

# Add any of your own refresh_pattern entries above these.

#

#refresh_pattern ^ftp:           1440    20%     10080

#refresh_pattern ^gopher:        1440    0%      1440

#refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

#refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880

#refresh_pattern .               0       20%     4320


################################

acl me proxy_auth ye-1

cache_peer my.proxy.com parent 31280 login=user1:password1 no-query name=a1

cache_peer_access a1 allow me

cache_peer_access a1 deny all
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210410/8393358f/attachment.htm>


More information about the squid-users mailing list