On Tue, 20 Mar 2001 12:38:18 +0300 (MSK)
"Michael V. Smirnoff" <[EMAIL PROTECTED]> wrote:
>
> ���� ������!
>
> ���� �� ������� ��� ���� ����� ��� ���������, ��
> ������� � ��� ��� ���. FreeBSD 4.2, oops 1.5.6,
> BerkeleyDB 2.2.7, 1Gb RAM.
2.7.7?
���������� BerkeleyDB 3.x.x ��� gigabase 2.21-2.26. ���������� oops
1.5.9-1.5.14.
> ��� �������� ����� 10req/s oops ������ � ������,
> � ����� ������� �� signal 11. ���� �� � �������, ���
> ��� ����������� � ��� ������� oops �� ��� root.
��� ��� ���������� ��� ����� �� NT ��� ���������� ���� BerkrleyDB
2.7.7-3.1.17. ���� ����������.
> ������������� ��� ������ polygraph.
>
> ���������� ��� �����: ���� ���������, ���� ����
> shell �� ���� ������. ����� ���-�� ������� ������
> ���������� threads � fbsd.
>
> P.S. � �� �������� Solaris, �� ��� ������������� i2o
> ��� �������� �� ��������. (��� ������ ��������� ��� ���� ��
> ������, ��� ��� ����������� ��������� ������ ��� ������ �
> ���� �� ���� :( )
>
> oops.cfg:
>
> ##
> # nameservers. Use your own, not our.
> ##
>
> nameserver a1.b1.c1.d1
> nameserver a2.b2.c2.d2
>
> ##
> # Ports and address to use for HTTP and ICP
> ##
>
> #bind ip_addr|hostname
> http_port 3128
> icp_port 3130
>
> ##
> ## Change euid to that user
> ##
> ## WARNING: if you use 'userid, then you 'reconfigure will not be able to
> ## open new sockets on reserved (< 1024) ports and will not be
> able
> ## to return to original userid.
> ##
> userid oops
>
> ##
> ## Change root directory. If don't know exactly what are you doing -
> ## leave commented.
> #chroot ???
>
> ##
> # Logfile - just debug output
> # When used in form 'filename [{N S}] [[un]buffered]'
> # will be rotated automatically (up to N files up to S bytes in size)
> ##
> #logfile /dev/tty
> logfile /var/log/proxy/oops.log { 3 1m } unbuffered
>
> ##
> # Accesslog - the same as for squid. Re rotating - see note for logfile
> ##
> #accesslog /dev/tty
> accesslog /var/log/proxy/access.log
>
> ##
> # Pidfile. for kill -1 `cat oops.pid` and for locking.
> ##
> pidfile /var/log/proxy/oops.pid
>
> ##
> # Statistics file - once per minute flush some statistics to this file
> ##
> statistics /var/log/proxy/oops_statfile
>
> ##
> # icons - where to find link.gif, dir.gif, binary.gif and so on (for
> # ftp lists). If omitted - name of running host will be used. But
> # using explicit names is better way.
> ##
>
> icons-host www.mydomain.ru
> icons-port 80
> icons-path icons
>
> ##
> # When total object volume in memory grow over this (this mean
> # that cachable data from network came faster then we can save on disk)
> # drop objects (without attempt to save on disk).
> ##
> mem_max 256m
>
> ##
> # Hint, how much cached objects keep in memory.
> # When total amount become larger then this limit - start
> # swaping cachable objects to disk
> ##
> lo_mark 128m
>
> ##
> # start random early drop when number of clients reach some level.
> # this can protect you against attacks and against situation when
> # oops cant handle too much connections. By default - 0 (or no limits).
> ##
> #start_red 0
>
> ##
> # refuse any connection when number of already connected clients reach some
> # level. By default - 0 (or no limits).
> ##
> #refuse_at 0
>
> ##
> # if document contain no Expires: then expire after (in days)
> # ftp-expire-value - expire time for ftp (in days)
> ##
> default-expire-value 7
> ftp-expire-value 7
>
> ##
> # Maximum expire time - doc will not keep in cache more then
> # this number of days (except if defaiult-expire-value used for this
> documeny)
> ##
> max-expire-value 30
>
> ##
> # in which proportion time passed since last document modification
> # will accounted in expire time. For example, if last-modified-factor=5
> # and there was passed 10 days since document modification, then
> expiration
> # will be setted to 2 days in future (but no nore then max-expire-value)
> ##
> last-modified-factor 5
>
> ##
> # If you want not cache replies without Last-Modified:
> # uncomment next line.
> ##
> #dont_cache_without_last_modified
>
> # run expire every ( in hours )
> ##
> default-expire-interval 1
>
> ##
> # icp_timeout - how long to wait icp reply from peer (in ms, e.g 1000 =
> 1sec)
> ##
> icp_timeout 1000
>
> ##
> # start disk cache cleanup when free space will be (in %%)
> # As on the very large storages 1% is large space (1% from 9G is
> # 90M), then on such storages you can set both disk-low-free and
> # disk-ok-free to 0. Oops will start cleanup if it have less then 256
> # free blocks(1M), and stop when it reach 512 bree blocks(2M).
> ##
> disk-low-free 3
>
> ##
> # stop disk cache cleanup when free space will be (in %%)
> ##
> disk-ok-free 5
>
> ##
> # Force_http11 - turn on http/1.1 for each request to document server
> # This option required if module 'vary' used.
> ##
> #force_http11
>
> ##
> # Always check document freshness, even it is not stale or expired
> # This force Oops behave like squid - first check cached doc, then send
> ##
> #always_check_freshness
>
> ##
> # If user-requestor aborted connection to proxy, but there was received
> more
> # then some percent ot the document - then continue.
> # default value - 75%
> ##
> force_completion 75
>
> ##
> # maximum size of the object we will cache
> ##
> maxresident 10m
>
> insert_x_forwarded_for yes
> insert_via yes
>
> ##
> # If host have several interfaces or aliases, use exactly
> # this name when connecting to server:
> ##
> #connect-from proxy.paco.net
>
> ##
> # ACLs - currently: urlregex, urlpath, usercharset
> # port, dstdom, dstdom_regex, src_ip, time
> # each acl can be loaded from file.
> ##
> #acl CACHEABLECGI urlregex
>http://www\.topping\.com\.ua/cgi-bin/pingstat\.cgi\?072199131826
> #acl WWWPACO urlregex www\.paco\.net
> #acl NO_RLH urlregex zipper
> #acl REWRITEPORTS urlregex (www.job.ru|www.sale.ru)
> #acl REWRITEHOSTS urlregex (www.asm.ru|zipper\.paco)
> #acl WINUSER usercharset windows-1251
> #acl DOSUSER usercharset ibm866
> #acl UNIXUSER usercharset koi8-r
> #acl RUS dstdom ru su
> #acl UKR dstdom ua
> #acl BADPORTS port [0:79],110,138,139,513,[6000:6010]
> #acl BADDOMAIN dstdom baddomain1.com baddomain2.com
> #acl BADDOMREGEX dstdom_regex baddomain\.((com)|(org))
> #acl LOCAL_NETWORKS src_ip
>include:/usr/local/oops/acl_local_networks
> #acl BADNETWORKS src_ip 192.168.10/24
> #acl WORKTIME time Mon,Tue:Fri 0900:1800
> #acl HTMLS content_type text/html
> #acl USERS username joe
> acl ADMINS src_ip 127.0.0.1
> acl PURGE method PURGE
> acl OURNETWORKS src_ip a1.b1.0/24
>
> ##
> # acl_deny [!]ACL [!]ACL ...
> # deny access for combined acl
> ##
> acl_deny PURGE !ADMINS
>
> ##
> # Never cache objects with URL, containing...
> ##
> stop_cache ?
> stop_cache cgi-bin
>
> ##
> # stop_cache_acl [!]ACL [!]ACL ...
> # Stop cache using ACL
> ##
> #stop_cache_acl WWWPACO
>
> ##
> # refresh_pattern ACLNAME min percent max
> # 'min' and 'max' are limits between Expite time will be assigned
> # Iff document have no expire: header and have Last-Modified: header
> # we will use 'percent' to estimate how far in the future document
> will
> # be expired.
> ##
> #refresh_pattern CACHEABLECGI 20 50% 200
> #refresh_pattern WWWPACO 0 0% 0
>
> ##
> # bind_acl {hostname|ip} [!]ACL [!]ACL ...
> # bind to given address when connecting to server
> # if request match ACLNAME
> ##
> #bind_acl outname1 RUS
> #bind_acl outname2 UKR
>
> ##
> # Always check document freshness, but now on acl basis.
> # You can have several such lines.
> ## This example will force to check freshness only for html documents.
> #always_check_freshness_acl HTMLS
>
> ##
> # line 'parent ....' will force all connections (except to destinations
> # in local-domain or local-networks) go through parent host
> ##
> #parent proxy.paco.net 3128
>
> ##
> # parent_auth login:password
> # if your parent require login/password from your proxy
> ##
> #parent_auth login:password
>
> # ICP peer's
> #peer proxy.paco.net 3128 3130 {
> ## ^^^ peer name ^http port ^icp port
> ## icp port can be 0, in which case we assume this is non-icp
> ## proxy. We assume that non-icp peer act like parent which
> ## answer MISS all th etime. If this peer refused connection
> ## then it goes down for 60 seconds - it doesn't take part in
> ## any peer-related decisions.
> # sibling ;
> ## if this peer require login/password from your proxy
> # my_auth my_login:my_password;
> ## we will send requests for these domains
> # allow dstdomain * ;
> ## we will NOT send requests for these domains
> # deny dstdomain * ;
> ## we will send only requests matched to this acl
> # peer_access [!]ACL1 [!]ACL2
> ## if (and only if) peer is not icp-capable, then , in case of fail we
> ## leave failed peer alone for the down_timeout interval (in seconds).
> ## Then we will try again
> # down_timeout 60 ;
> #}
>
> #peer proxy.gu.net 80 3130 {
> # parent ;
> # allow dstdomain * ;
> # deny dstdomain paco.net odessa.ua ;
> #}
>
> ##
> # Never use "parent" when connecting to server in these domains
> ##
> #local-domain odessa.ua od.ua
> #local-domain odessa.net paco.net netsy.net netsy.com te.net.ua
>
> local-networks 194.226.0.0/20
>
> #
> # Groups
> #
>
> group mynet {
> networks_acl OURNETWORKS ;
> badports [0:79],110,138,139,513,[6000:6010] ;
> miss allow;
> icp {
> allow dstdomain * ;
> }
> http {
> allow dstdomain * ;
> }
> }
>
> group world {
> networks 0/0;
> badports [0:79],110,138,139,513,[6000:6010];
> http {
> deny dstdomain * ;
> }
> icp {
> deny dstdomain * ;
> }
> }
>
> ##
> # Storage section
> # Change this for your own situation. Oops can work without
> # storages (using only in-memory cache).
> ##
>
> ##
> # Storage description (can be several)
> # path - filename of storage. can be raw device (be carefull!)
> # size - size (of storage file). Can be smthng like 100k or 200m or 4g
> # Size used only durig format process (oops -z).
> ##
>
> storage {
> path /var/proxy/c1/storage1 ;
> # Size of the storage. Can be in bytes or 'auto'. Auto is
> # usefull for pre-created storages or disk slices.
> # NOTE: 'size auto' won't work for Linux on disk slices.
> # To use large ( > 2G ) files run configure with --enable-large-files
>
> size 2G ;
>
> # You have to use 'offset' in the case your raw device (or slice)
> # require that. For example if you use entire disk as storage
> # under AIX and Soalris/Sparc - you have to skip first block
> # which contain disk label (that is storage will start from
> # next 512 sector.
> # offset 512;
> }
>
> storage {
> path /var/proxy/c1/storage2 ;
> size 2G ;
> }
>
> storage {
> path /var/proxy/c1/storage3 ;
> size 2G ;
> }
>
> storage {
> path /var/proxy/c1/storage4 ;
> size 2G ;
> }
>
> storage {
> path /var/proxy/c1/storage5;
> size 2G ;
> }
>
> storage {
> path /var/proxy/c1/storage6;
> size 2G ;
> }
>
> storage {
> path /var/proxy/c1/storage7;
> size 2G ;
> }
>
>
> module lang {
>
> default_charset koi8-r
>
> # Recode tables and other charset stuff
> CharsetRecodeTable windows-1251 /usr/local/oops/tables/koi-win.tab
> CharsetRecodeTable ISO-8859-5 /usr/local/oops/tables/koi-iso.tab
> CharsetRecodeTable ibm866 /usr/local/oops/tables/koi-alt.tab
> CharsetAgent windows-1251 AIR_Mosaic IWENG/1 MSIE WinMosaic
> (Windows (Wi
> nNT;
> CharsetAgent windows-1251 (Win16; (Win95; (Win98; (16-bit)
> Opera/3.0
> CharsetAgent ibm866 DosLynx Lynx2/OS/2
> }
>
> module err {
> # error reporting module
>
> # template
> template /usr/local/oops/err_template.html
>
> # Language to use when generate Error messages
> lang ru
> }
>
> module passwd_file {
> # password proxy-authentication module
> #
> # default realm, scheme and passwd file
> # the only thing you really want to change is 'file' and 'template'
> # you don't have to reconfigure oops if you only
> # change content passwd file or template: oops authomatically
> # reload file
>
> realm oops
> scheme Basic
> file /usr/local/oops/passwd
> template /usr/local/oops/auth_template.html
> }
>
> module passwd_pgsql {
> # proxy authentication using postgresql
> # "Ivan B. Yelnikov" <[EMAIL PROTECTED]>
> #
> # host - host where database live,
> # user,password - login and password for database access
> # database - database name
> # select - file with request body
> # template - file with html doc which user will receive
> # during authentication
> scheme Basic
> realm oops
> host <host address/name>
> user <database_user>
> password <user_password>
> database <database_name>
> select /usr/local/oops/select.sql
> template /usr/local/oops/auth_template.html
> }
>
> module passwd_mysql {
> # proxy authentication usin mysql
> # "Ivan B. Yelnikov" <[EMAIL PROTECTED]>
> #
> # look passwd_pgsql description
> #
> scheme Basic
> realm oops
> host <host address/name>
> user <database_user>
> password <user_password>
> database <database_name>
> select /usr/local/oops/select.sql
> template /usr/local/oops/auth_template.html
> }
>
> module redir {
> # file - regex rules.
> # each line consist of one or two fields (separated with white
> space)
> # 1. regular expression
> # 2. redirect-location
> # if requested (by client) url match regex then
> # if we have redirect-url then we send '302 Moved Temporary' to
> # redirect-location
> # if we have no redirect-location (i.e. we have no 2-nd field)
> # then we send template.html (%R will be substituted by rule)
> # or some default message if we have no template.
> # you don't have to reconfigure oops each time
> # you edit rules or template, they will be reloaded authomatically
>
> file /usr/local/oops/redir_rules
> template /usr/local/oops/redir_template.html
> ## mode control will redir rewrite url or send Location: header
> ## with new location. Values are 'rewrite' or 'bounce'
> # mode rewrite
>
> # This module can process requests which come on http_port
> # and/or on different port. For example, you wish oops
> # bind on two ports - 3128 and 3129, and all requests which come on
> # port 3129 must pass through filters, and requests which come on
> port
> # 3128 (common http_port) - not. Then you have to uncomment next
> line
> # myport 3129
> # which means exactly: bind oops to additional port 3129 and
> process
> # requests which come on this port.
> # myport can be in the next form:
> # myport [{hostname|ip_addr}:]port
> }
>
> module oopsctl {
> # path to oopsctl unix socket
> socket_path /var/log/proxy/oopsctl
> # time to auto-refresh page (seconds)
> html_refresh 300
> }
>
> ##
> ## This module hadnle 'Vary' header - it was written to better support
> ## Russian Apache
> ##
> module vary {
> user-agent by_charset
> accept-charset ignore
> }
>
> ##
> ## WWW -accelerator. To use - add word accel to
> ## redir_mods line for
> ## the group 'world' description
> ## You will find more description of this module in supplied accel_maps
> file
> ##
> #module accel {
> # myport can have next form:
> # myport [{hostname|ip_addr}:]port ...
> # myport 80
> ##
> # allow access to proxy through accel module.
> # Deny will stop proxy through accel completely, regardless
> # of any other access rules
> ##
> # proxy_requests deny
> #
> ##
> # File with maps and other config directives
> # Checked once per minute. No need to restart oops if maps changed
> ##
> # file /usr/local/oops/accel_maps
> #}
>
> ##
> ## Transparent proxy. To use - add word 'transparent' into
> ## redir_mods line for your group.
> ## in the your local (or any other) group description
> ##
> #module transparent {
> # myport can have next form:
> # myport [{hostname|ip_addr}:]port ...
> # myport 3128
> #}
>
> ##
> ## %h - remote ip address
> ## %A - local ip address
> ## %d - ip address of source (peer or document server)
> ## %l - remote logname from identd (not suported now)
> ## %U - remote user (from 'Authorization' header)
> ## %u - remote user (from proxy-auth)
> ## %{format}t - time with optional {format} (for strftime)
> ## %t - time with standard format %d/%b/%Y:%T %Z
> ## %r - request line
> ## %s - status code
> ## %b - bytes received
> ## %{header}i - value of header in request
> ## %m - HIT/MISS
> ## %k - hierarchy (DIRECT/NONE/...)
> ##
> ## directive buffered can be followed by size of the buffer,
> ## like 'buffered 32000'
> ##
> #module customlog {
> # path /var/log/proxy/access_custom1
> # format "%h %l %u %t \"%r\" %>s %b"
> # squid httpd mode log emulation
> # format "%h %u %l %t \"%r\" %s %b %m:%k"
> # buffered
> # path /var/log/proxy/access_custom2
> # format "%h->%A %l %u [%t] \"%r\" %s %b \"%{User-Agent}i\""
> #}
>
> module berkeley_db {
> ##
> # dbhome - directory where all DB indexes reside. Use full path
> # this directory must exist.
> # dbname - filename for index file. Use just filename (no full path)
> ##
>
> dbhome /usr/local/oops/DB
> dbname dburl
>
> ##
> # This parameter specifies internal cache size of BerkeleyDB.
> # Increase this parameter for best performance (if you have a lot of
> memory).
> # For example: db_cache_mem 64m
> # Default and minimum value: 4m
> #
> # This memory pool is not part of memory pool, specified by mem_max
> parameter.
> # WARNING: the amount of RAM used by oops will be increased by the
> value of
> # this parameter.
> ##
> #db_cache_mem 4m
>
> }
>
> #module gigabase_db {
> # This module enable GigaBASE as database engine.
> # You can use berkeley_db or gigabase_db, not both.
> # Also, important notice - indexes created with different modules
> # are not compatible.
> # ##
> # # dbhome - directory where all DB indexes reside. Use full path
> # # this directory must exist.
> # # dbname - filename for index file. Use just filename (no full path)
> # ##
> #
> # dbhome /usr/local/oops/DB
> # dbname gdburl
> #
> # ##
> # # This parameter specifies internal cache size of BerkeleyDB.
> # # Increase this parameter for best performance (if you have a lot of
> memory).
> # # For example: db_cache_mem 64m
> # # Default and minimum value: 4m
> # #
> # # This memory pool is not part of memory pool, specified by mem_max
> parameter.
> # # WARNING: the amount of RAM used by oops will be increased by the
> value of
> # # this parameter.
> # ##
> # #db_cache_mem 4m
> #
> #}
> __________________________________________
> Sincerely Yours, mailto:[EMAIL PROTECTED]
> Michael V. Smirnoff tel. +7-095-532-0581
>
> CCNA-R/S,CCDA
> MIEEnet Network Operations Center
>
> =====================================================================
> If you would like to unsubscribe from this list send message to
> [EMAIL PROTECTED] with "unsubscribe oops" in message body.
> Archive is accessible on http://www.paco.net/oops/
--
Andy Igoshin <[EMAIL PROTECTED]> Voronezh State University
Phone: +7 (0732) 522406 Network Operation Center
Fax: +7 (0732) 789820 Voronezh, Russia
=====================================================================
If you would like to unsubscribe from this list send message to
[EMAIL PROTECTED] with "unsubscribe oops" in message body.
Archive is accessible on http://www.paco.net/oops/
