[squid-users] Cache Peers and traffic handling
koshik moshik
koshikmoshik at gmail.com
Sat Apr 10 21:03:38 UTC 2021
Hello,
I am trying to run a Squid proxy Server witth about 5000 cache peers. I am
running a dedicated server with 6 cores and 32GB RAM on Ubuntu 16.
Could you tell me what else is needed / not needed in my squid.config? I am
encountering a high CPU usage and would like to create a very efficient
proxy server.
Down below you can find my squid.config(I deleted the other cache_peer
lines):
-----------
http_port 3128
dns_v4_first on
acl SSL_ports port 1-65535
acl Safe_ports port 1-65535
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/.htpasswd
auth_param basic children 5
auth_param basic realm Squid Basic Authentication
auth_param basic credentialsttl 5 hours
acl password proxy_auth REQUIRED
http_access allow password
#http_access deny all
cache allow all
never_direct allow all
ident_access deny all
cache_mem 1 GB
maximum_object_size_in_memory 16 MB
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#Rules to anonymize http headers
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
#
# Add any of your own refresh_pattern entries above these.
#
#refresh_pattern ^ftp: 1440 20% 10080
#refresh_pattern ^gopher: 1440 0% 1440
#refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
#refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
#refresh_pattern . 0 20% 4320
################################
acl me proxy_auth ye-1
cache_peer my.proxy.com parent 31280 login=user1:password1 no-query name=a1
cache_peer_access a1 allow me
cache_peer_access a1 deny all
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210410/8393358f/attachment.htm>
More information about the squid-users
mailing list