[squid-users] Cache Peers and traffic handling
Alex Rousskov
rousskov at measurement-factory.com
Thu Apr 15 17:23:51 UTC 2021
On 4/15/21 4:37 AM, Eliezer Croitoru wrote:
> I don’t know your use case that well but maybe another proxy can do that for you.
> I wrote a haproxy routing config by username sometime ago:
> https://gist.github.com/elico/405f0608e60910fc9ea119e22e1ffd07
Just to clarify: The above haproxy configuration is conceptually the
same as the problematic Squid configuration -- static lists of users,
ACLs, and cache peers. I do not know whether haproxy scales better than
Squid as far as handling 5000 cache peers are concerned.
Alex.
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of koshik moshik
> Sent: Sunday, April 11, 2021 12:04 AM
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] Cache Peers and traffic handling
>
> Hello,
>
> I am trying to run a Squid proxy Server witth about 5000 cache peers. I am running a dedicated server with 6 cores and 32GB RAM on Ubuntu 16.
>
> Could you tell me what else is needed / not needed in my squid.config? I am encountering a high CPU usage and would like to create a very efficient proxy server.
>
> Down below you can find my squid.config(I deleted the other cache_peer lines):
> -----------
> http_port 3128
> dns_v4_first on
> acl SSL_ports port 1-65535
> acl Safe_ports port 1-65535
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/.htpasswd
> auth_param basic children 5
> auth_param basic realm Squid Basic Authentication
> auth_param basic credentialsttl 5 hours
> acl password proxy_auth REQUIRED
> http_access allow password
> #http_access deny all
> cache allow all
> never_direct allow all
> ident_access deny all
>
>
>
>
> cache_mem 1 GB
> maximum_object_size_in_memory 16 MB
>
>
>
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/spool/squid
>
> #Rules to anonymize http headers
> forwarded_for off
> request_header_access Allow allow all
> request_header_access Authorization allow all
> request_header_access WWW-Authenticate allow all
> request_header_access Proxy-Authorization allow all
> request_header_access Proxy-Authenticate allow all
> request_header_access Cache-Control allow all
> request_header_access Content-Encoding allow all
> request_header_access Content-Length allow all
> request_header_access Content-Type allow all
> request_header_access Date allow all
> request_header_access Expires allow all
> request_header_access Host allow all
> request_header_access If-Modified-Since allow all
> request_header_access Last-Modified allow all
> request_header_access Location allow all
> request_header_access Pragma allow all
> request_header_access Accept allow all
> request_header_access Accept-Charset allow all
> request_header_access Accept-Encoding allow all
> request_header_access Accept-Language allow all
> request_header_access Content-Language allow all
> request_header_access Mime-Version allow all
> request_header_access Retry-After allow all
> request_header_access Title allow all
> request_header_access Connection allow all
> request_header_access Proxy-Connection allow all
> request_header_access User-Agent allow all
> request_header_access Cookie allow all
> request_header_access All deny all
>
>
>
>
> #
> # Add any of your own refresh_pattern entries above these.
> #
> #refresh_pattern ^ftp: 1440 20% 10080
> #refresh_pattern ^gopher: 1440 0% 1440
> #refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> #refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
> #refresh_pattern . 0 20% 4320
>
> ################################
> acl me proxy_auth ye-1
> cache_peer http://my.proxy.com/ parent 31280 login=user1:password1 no-query name=a1
> cache_peer_access a1 allow me
> cache_peer_access a1 deny all
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list