Re: [squid-users] Cache directories
Tony Spencer wrote: Hi all I have squid running but was wondering what happens when the cache dirs get full or reach the limit set in the squid.conf. Will squid clear out the oldest entries or do I have to clear them out myself? Thanks Tony read about cache_swap_low and cache_swap_high in squid.conf perhaps squid-cache.org kinda cool. secondly you don't have to worry about doing some sorta cleaning ;) regards
Re: [squid-users] Which the best OS for Squid?
Bonnici Daniel wrote: Hi, which is the best linux OS for security and to run squid?? cheers Daniel www.slackware.com coz it follows KISS (Keep It Simple Stupid) ;) regards Askar
Re: [squid-users] IPTABLES + SQUID + TRANSPARENT PROXY
Damián Mantelli (A.C.A.R.A) wrote: Thanks for your help, I will perform my iptables with that information, but I have a second cuestion, must I set additional modules into the Kernel? Or set something in /etc/sysctl.conf ? something like net.ipv4.ip_forward=1.. only needed if your cache server also working as gateway Thanks Damián. -Mensaje original- De: Ashish [mailto:[EMAIL PROTECTED] Enviado el: Miércoles, 17 de Agosto de 2005 03:45 a.m. Para: Damián Mantelli (A. C. A. R. A ) CC: squid-users@squid-cache.org Asunto: Re: [squid-users] IPTABLES + SQUID + TRANSPARENT PROXY Hi , The following u need to do for making squid as transparent proxy:- iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth1 -p tcp --dport 3128 iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --dport 80 iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp --sport 80 iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth1 -p tcp --sport 80 iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.1.100 -p tcp --dport 80 -j DNAT --to 192.168.1.100:3128 iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 192.168.1.100 -j SNAT --to 192.168.1.1 iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.1.100 -i eth1 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 3128 -j ACCEPT iptables -A FORWARD -d 192.168.1.0/24 -s 192.168.1.100 -i eth1 -o eth1 -m state --state ESTABLISHED,RELATED -p tcp --sport 3128 -j ACCEPT make the following changes in squid.conf:- httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on Thanks Ashish Malik
[squid-users] cache_peer question
hi list I want to configure a cache server which have three parents. Do a child have more then on parent ? :), what i'm doing atm is something like this. cache_peer parent-cache1 parent 3128 3130 no-query proxy-only cache_peer parent-cache2 parent 3128 3130 no-query proxy-only cache_peer parent-cache3 parent 3128 3130 no-query proxy-only However when i check on parent proxy i could see only parent-cache1 got the request not the others. So what exactly i want to choose parent in round robin fashion. secondly if the child cache request an object from parents it serve it without caching it local is no-query proxy-only is right for that purpose? any help in this regards will be greatly appreciated. regards
Re: [squid-users] cache_peer question
Kashif Ali Bukhari wrote: user carp and recompile squid using --enable-carp cache_peer parent-cache1 parent 3128 3130 no-query proxy-only carp-load-factor=.34 cache_peer parent-cache2 parent 3128 3130 no-query proxy-only carp-load-factor=.33 cache_peer parent-cache3 parent 3128 3130 no-query proxy-only carp-load-factor=.33 On 8/5/05, Askar [EMAIL PROTECTED] wrote: hi list I want to configure a cache server which have three parents. Do a child have more then on parent ? :), what i'm doing atm is something like this. cache_peer parent-cache1 parent 3128 3130 no-query proxy-only cache_peer parent-cache2 parent 3128 3130 no-query proxy-only cache_peer parent-cache3 parent 3128 3130 no-query proxy-only However when i check on parent proxy i could see only parent-cache1 got the request not the others. So what exactly i want to choose parent in round robin fashion. secondly if the child cache request an object from parents it serve it without caching it local is no-query proxy-only is right for that purpose? any help in this regards will be greatly appreciated. regards what about going wihtout carp ? like ... cache_peer parent-cache1 parent 3128 3130 round-robin no-query cache_peer parent-cache2 parent 3128 3130 round-robin no-query cache_peer parent-cache3 parent 3128 3130 round-robin no-query I thinks round-robin kinda cool in this case eh ? regards
[squid-users] cache_peer
Hi, Matus okay if I goes something like this. cache_peer proxy1.nextra.sk parent 3128 3130 proxy-only round-robin proxy-only says don't save a local copy right, but in my case *this* child cache/proxy machine is a fat ass itself with lot of processor power and RAM, are't be better to go without proxy-only? however yes the upper three caches are in the path which mean they are ideal parents. so what you say whether to go with proxy-only round-robin or without proxy-on regards askar
[squid-users] squid on openbsd
Hi, i'm just wondering anyone running production cache server on openbsd, before going for openbsd I just want to hear recommendations from you gurus. Does it perform cool on loaded servers # of users , better then linux 2.6.x ? Openbsd is the most secure OS, and I want to kick ass it for squid. regards Askar
Re: [squid-users] too many messages in cache.log
S.M.H. Hamidi wrote: Probably you have run squid with -k debug option which causes squid to generate full log messages. nah, I running with squid only --- Askar [EMAIL PROTECTED] wrote: hi, I duno why but one of our cache server's cache.log is full of messages like this 2005/06/01 10:40:25| WARNING: Forwarding loop detected for: GET /us.yimg.com/i/us/pim/el/check_1.gif HTTP/1.0 Accept: */* Referer: http://us.f306.mail.yahoo.com/ym/Compose?YY=11670 Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: us.i1.yimg.com Via: 1.1 mcache.beaconet.net:3128 (squid/2.5.STABLE9) X-Forwarded-For: xxx.xxx.xxx.xxx Cache-Control: max-age=1209600, only-if-cached perhaps for each request squid appending these entries in cache.log, any idea what's going on there and how to fix it. Thanks and regards Askar Ali __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
Re: [squid-users] too many messages in cache.log
Askar wrote: S.M.H. Hamidi wrote: Probably you have run squid with -k debug option which causes squid to generate full log messages. nah, I running with squid only --- Askar [EMAIL PROTECTED] wrote: hi, I duno why but one of our cache server's cache.log is full of messages like this 2005/06/01 10:40:25| WARNING: Forwarding loop detected for: GET /us.yimg.com/i/us/pim/el/check_1.gif HTTP/1.0 Accept: */* Referer: http://us.f306.mail.yahoo.com/ym/Compose?YY=11670 Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: us.i1.yimg.com Via: 1.1 mcache.beaconet.net:3128 (squid/2.5.STABLE9) X-Forwarded-For: xxx.xxx.xxx.xxx Cache-Control: max-age=1209600, only-if-cached perhaps for each request squid appending these entries in cache.log, any idea what's going on there and how to fix it. Thanks and regards Askar Ali __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail bingo, Problem solved for the archives, we were running two cache servers with the same visible_hostname. regards askar
Re: [squid-users] squid running on Linux vs. squid running on FreeBSD
Yaser Mahmood wrote: Hi all, Please briefly describe or provide me with some link, I want to know about the difference between squid running on Linux vs. squid running on FreeBSD. In terms of reliability stability performance Appreciate your help Regards, Yaser hi, For us squid running on linux fulfilling all the buzzward*s you mentioned above, therefore we don't care about BSDs. However IMHO obsd would be much better then fbsd. regards *
Re: [squid-users] tune up
Wennie V. Lagmay wrote: Since im using diskd and im going to change it to aufs do i need to recompile the squid? if so is there other way of enabling aufs without recompliling? also can I change my configuration from diskd to aufs directly? thanks, wennie - Original Message - From: Steven Wilton [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Monday, May 30, 2005 10:42 AM Subject: RE: [squid-users] tune up If you're referring to my postings about a month ago, I've been doing some further tests after getting some pointers from different people, and the results are different. We have a number of sets of proxies in different locations, each set being load-balanced using wccp and layer 3 switch. My results were different when comapring caches with lower loads (Avg 39 req/sec, peak 70 req/sec) than when I was comparing caches with higher loads (170 req/sec avg, peak 300req/sec). I was using the aufs cache_dir type, as I have found this to be significantly faster than diskd when running on linux. The different paramaters that I was comparing were the load average (with aufs, as disk i/o increases, there will be more threads waiting on disk i/o, which will push the load average up), the disk utilisation (% time each disk had active operations) and cpu utilisation. I found that under low loads, ext3 mounted with data=writeback (the same level of data protection as other journalled filesystems) gave the best numbers (ie lower CPU, lower disk utilisation and lower load average. I found that on our more loaded systems, reiserfs had lower disk utilisation and a lower load average, at a slight cost of CPU time. So, if the disk i/o is going to be a bottleneck (as it is in our case), reiserfs is probably a better choice. If CPU is the main bottleneck, then ext2/3 may be the best choice. It also looks like reiserfs may use more resources under low load, but scales better at the higher loads. This confirms the results of previous benchmarks that show reiserfs to provide the highest throughput for a squid proxy server (using the Web Polygraph program). Steven -Original Message- From: Wennie V. Lagmay [mailto:[EMAIL PROTECTED] Sent: Monday, May 30, 2005 12:49 PM To: Henrik Nordstrom Cc: Henrik Nordstrom; azeem ahmad; squid-users@squid-cache.org Subject: Re: [squid-users] tune up Another question, regarding file system, Im using reisersfs for my cache partition and I've read that ext3 is faster than reiserfs, If it so, is there a way or an option to make reiserfs as fast as ext3? what are the parameters to be used for fstab to make reiserfs fast? In your experience which is the best file system for squid? Thank you very much, wennie - Original Message - From: Henrik Nordstrom [EMAIL PROTECTED] To: Wennie V. Lagmay [EMAIL PROTECTED] Cc: Henrik Nordstrom [EMAIL PROTECTED]; azeem ahmad [EMAIL PROTECTED]; squid-users@squid-cache.org Sent: Saturday, May 28, 2005 6:41 PM Subject: Re: [squid-users] tune up On Sat, 28 May 2005, Wennie V. Lagmay wrote: Its only now that I knew this cache_dir issue, Im using FC2 64 bit and using diskd for my cache_dir. Is ther a way to migrate my cache_dir to aufs without harming my cache server. Yes. Modify squid.conf and restart your Squid. cache_dir aufs /cache1/spool/squid 25000 16 256 cache_dir aufs /cache2/spool/squid 25000 16 256 cache_dir aufs /cache3/spool/squid 25000 16 256 Regards Henrik -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.2.0 - Release Date: 5/27/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 267.2.0 - Release Date: 5/27/2005 I'm affraid you have to recompile squid if you didnt enable aufs eariler, you can check squid compilation option with squid -v , see if there --enable-storeio=aufs,coss,diskd,ufs Again if you don't see aufs support then don't hestitate to recompile squid. regards askar
Re: [squid-users] tune up
Wennie V. Lagmay wrote: Ok if im going to recompile it again, i just start squid and it should be working again right? yes second if i recompile it --enable-storeio=aufs do I need to enable --with-aufs-threads=1024 and is a 1024 value is ok? I don't have defined -with-aufs-threads=1024 options while compiling squid and its working just cool during recompilation, can I let squid running? aftrer I recompile it I sould only issue a command squid -z and suid start am I right? yep let squid serving clients, don't issue squid -z command no need to do so. Before giving make install command for safty cp your squid.conf file to another location if you want to reuse the same squid.conf and then issue make install and place the squid.conf in /usr/local/squid/etc, and change the cache_dir line only replace diskd with aufs. then shutdown the squid and restart it. what is the posiblity that my squid will not start? I'm sure it will start with no problem ;) Thanks, Wennie I'm affraid you have to recompile squid if you didnt enable aufs eariler, you can check squid compilation option with squid -v , see if there --enable-storeio=aufs,coss,diskd,ufs Again if you don't see aufs support then don't hestitate to recompile squid. regards askar
Re: [squid-users] tune up
Wennie V. Lagmay wrote: Thank you very much Askar, Now it's the only the option --with-aufs-threads=1024 is not clear, what is this option and is 1024 value is ok, anybody can you please enlighten me? wennie hi wennie, I thinks you dont need to do anything fancy for aufs, as i read in http://www.oreilly.com/catalog/squid/chapter/ch08.pdf according to the author squid will autmatically starts thread depends on number of cache_dir. Table 8-1. Default number of threads for up to six cache directories cache_dirs Threads 1 16 2 26 3 32 However for my 2 cache_dir I have ... $ps -ef | grep squid | wc -l 31 of squid processes. regards - Original Message - From: Askar [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Monday, May 30, 2005 3:39 PM Subject: Re: [squid-users] tune up Wennie V. Lagmay wrote: Ok if im going to recompile it again, i just start squid and it should be working again right? yes second if i recompile it --enable-storeio=aufs do I need to enable --with-aufs-threads=1024 and is a 1024 value is ok? I don't have defined -with-aufs-threads=1024 options while compiling squid and its working just cool during recompilation, can I let squid running? aftrer I recompile it I sould only issue a command squid -z and suid start am I right? yep let squid serving clients, don't issue squid -z command no need to do so. Before giving make install command for safty cp your squid.conf file to another location if you want to reuse the same squid.conf and then issue make install and place the squid.conf in /usr/local/squid/etc, and change the cache_dir line only replace diskd with aufs. then shutdown the squid and restart it. what is the posiblity that my squid will not start? I'm sure it will start with no problem ;) Thanks, Wennie I'm affraid you have to recompile squid if you didnt enable aufs eariler, you can check squid compilation option with squid -v , see if there --enable-storeio=aufs,coss,diskd,ufs Again if you don't see aufs support then don't hestitate to recompile squid. regards askar
Re: [squid-users] tune up
Wennie V. Lagmay wrote: Ok then if my cache-dir is 3 as: cache_dir aufs /cache1/spool/squid 25000 16 256 cache_dir aufs /cache2/spool/squid 25000 16 256 cache_dir aufs /cache3/spool/squid 25000 16 256 so if im going to recompile it it should be --enable-storeio=aufs --with-aufs-threads=32 am I correct? dude you don't have to specify --with-aufs-threads=32, squid will take care of this thanks you, wennie regards askar - Original Message - From: Askar [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Monday, May 30, 2005 3:59 PM Subject: Re: [squid-users] tune up Wennie V. Lagmay wrote: Thank you very much Askar, Now it's the only the option --with-aufs-threads=1024 is not clear, what is this option and is 1024 value is ok, anybody can you please enlighten me? wennie hi wennie, I thinks you dont need to do anything fancy for aufs, as i read in http://www.oreilly.com/catalog/squid/chapter/ch08.pdf according to the author squid will autmatically starts thread depends on number of cache_dir. Table 8-1. Default number of threads for up to six cache directories cache_dirs Threads 1 16 2 26 3 32 However for my 2 cache_dir I have ... $ps -ef | grep squid | wc -l 31 of squid processes. regards - Original Message - From: Askar [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Monday, May 30, 2005 3:39 PM Subject: Re: [squid-users] tune up Wennie V. Lagmay wrote: Ok if im going to recompile it again, i just start squid and it should be working again right? yes second if i recompile it --enable-storeio=aufs do I need to enable --with-aufs-threads=1024 and is a 1024 value is ok? I don't have defined -with-aufs-threads=1024 options while compiling squid and its working just cool during recompilation, can I let squid running? aftrer I recompile it I sould only issue a command squid -z and suid start am I right? yep let squid serving clients, don't issue squid -z command no need to do so. Before giving make install command for safty cp your squid.conf file to another location if you want to reuse the same squid.conf and then issue make install and place the squid.conf in /usr/local/squid/etc, and change the cache_dir line only replace diskd with aufs. then shutdown the squid and restart it. what is the posiblity that my squid will not start? I'm sure it will start with no problem ;) Thanks, Wennie I'm affraid you have to recompile squid if you didnt enable aufs eariler, you can check squid compilation option with squid -v , see if there --enable-storeio=aufs,coss,diskd,ufs Again if you don't see aufs support then don't hestitate to recompile squid. regards askar
Re: [squid-users] tune up
Henrik Nordstrom wrote: On Sat, 28 May 2005, Wennie V. Lagmay wrote: Its only now that I knew this cache_dir issue, Im using FC2 64 bit and using diskd for my cache_dir. Is ther a way to migrate my cache_dir to aufs without harming my cache server. Yes. Modify squid.conf and restart your Squid. cache_dir aufs /cache1/spool/squid 25000 16 256 cache_dir aufs /cache2/spool/squid 25000 16 256 cache_dir aufs /cache3/spool/squid 25000 16 256 Regards Henrik Hi Henrik Just migrated on of our production cache server to aufs but i'm kinda confuse watchen too many squid process running, I read about aufs , that it will start number of process thread for disk I/O http://www.oreilly.com/catalog/squid/chapter/ch08.pdf Atm there are $ps -ef | grep squid | wc -l 31 squid processes running is this normal ? regards Askar Ali
Re: [squid-users] tune up
Matus UHLAR - fantomas wrote: On 29.05 12:55, Askar wrote: Hi Henrik I am not Henrik, but... Just migrated on of our production cache server to aufs but i'm kinda confuse watchen too many squid process running, I read about aufs , that it will start number of process thread for disk I/O http://www.oreilly.com/catalog/squid/chapter/ch08.pdf Atm there are $ps -ef | grep squid | wc -l 31 squid processes running is this normal ? yes. aufs causes squid use threads, which looks like more processes on linux (and possibly other OSes). Nothing bad or ineffective. hello Matus, Thanks mate for you quick replies, cool now i'm thinking about migrating all of cache servrers that running on linux (kernel 2.6.11) to aufs :) Your additional suggestions and recommendation would be greatly appreciated in end. thanks and regards Askar Ali
Re: [squid-users] tune up
Matus UHLAR - fantomas wrote: On 29.05 12:55, Askar wrote: Hi Henrik I am not Henrik, but... Just migrated on of our production cache server to aufs but i'm kinda confuse watchen too many squid process running, I read about aufs , that it will start number of process thread for disk I/O http://www.oreilly.com/catalog/squid/chapter/ch08.pdf Atm there are $ps -ef | grep squid | wc -l 31 squid processes running is this normal ? yes. aufs causes squid use threads, which looks like more processes on linux (and possibly other OSes). Nothing bad or ineffective. But still I have some reservations,... here i'm quating from one of my mate which I just consulted. diskd is sysV IPC based and scales based on IPC message passing efficiency, aufs is threads based and scales based on pthread locking efficiency system scheduling overhad the overhead of both is ~ the same. and they have been profiled to within an inch of each other in linux, with no /clear/ winner regards Askar Ali
Re: [squid-users] tune up
Henrik Nordstrom wrote: On Sat, 28 May 2005, Wennie V. Lagmay wrote: Its only now that I knew this cache_dir issue, Im using FC2 64 bit and using diskd for my cache_dir. Is ther a way to migrate my cache_dir to aufs without harming my cache server. Yes. Modify squid.conf and restart your Squid. cache_dir aufs /cache1/spool/squid 25000 16 256 cache_dir aufs /cache2/spool/squid 25000 16 256 cache_dir aufs /cache3/spool/squid 25000 16 256 Regards Henrik what you ppl say diskd is not recommended on linux ? i'm also running squid on linux kernel 2.6.11.8 with diskd regards askar
Re: [squid-users] mount options for cache_dir
Matus UHLAR - fantomas wrote: On 25.05 19:32, Askar Ali wrote: would someone spare sometime to suggest me good mount options for cache_dir partition for reiserfs fs. Atm i'm using the below for my cache_dir partition is this the correct or some guru could suggest thing better.. $cat /etc/fstab dev/sda6/cache1 reiserfs rw,noexec,nosuid,nodev,noatime,nodiratime,notail,block-allocator=noborder 0 2 I think they are just OK. What is probably most inportand is noatime and for reiserfs notail and noborder However, some researches documented that reiserfs is not good FS for things like squid cache and that ext3 is faster... hi Matus thanks for your reply, as far as I heard and read reiserfs kinda good fs for squid cache (skipping details). However I will keep your point in ma mind for future reference. Thanks and regards Askar
[squid-users] mount options for cache_dir
Hi list would someone spare sometime to suggest me good mount options for cache_dir partition for reiserfs fs. Atm i'm using the below for my cache_dir partition is this the correct or some guru could suggest thing better.. $cat /etc/fstab dev/sda6/cache1 reiserfs rw,noexec,nosuid,nodev,noatime,nodiratime,notail,block-allocator=noborder 0 2 Regards Askar Ali
Re: [squid-users] Congratulation
Kashif Ali Bukhari wrote: congratulation to you all squid.2.5.STABLE10 is very nice its working fine and having no problem hmm sound like its time to upgrade our servers atm running squid-2.5 Stable9, however I don't want take a risk coz stable9 working cool for us ;) thanks for the tip regards askar
Re: [squid-users] How to check cache
Elsen Marc wrote: hi all i am using linux 9 and squid as a proxy server how i can check the utilization of my cache. i mean how i can check the % disk space occupied by cache dir i have 3 cache dir regards Use cachemgr - Store Directory Stats. M. df -lh regards
Re: [squid-users] howto stop this
Matus UHLAR - fantomas wrote: On Tue, 5 Apr 2005, Askar wrote: yep this sound interesting external acl , to query our radius ras , I hope this will sort lot of problem invalid requests On 05.04 16:48, Henrik Nordstrom wrote: Ah, no that can't be done in this manner. The invalid request is before access controls. So, watching radius log files is what to do. However, using radius auth could help in the future. Btw, do you find it useful to check acl's before the request? atm We just letting them to send invalid request, squid handling it fine. however what you say in long run ? regards
Re: [squid-users] howto stop this
Henrik Nordstrom wrote: On Tue, 5 Apr 2005, Matus UHLAR - fantomas wrote: Blocking via ACL is not possible beacouse these are dialup user getting different IP when they reconnect. well, can you find out from radius logs (or whatever auth system do you use), which user causes that? If you provide them proxy functionality, you should be able to do that. You should even be able to automate it with an external acl helper querying your dialup aaa system about who the current user is, allowing you to block per dialup user name. Regards Henrik yep this sound interesting external acl , to query our radius ras , I hope this will sort lot of problem invalid requests Thanks and regards Askar
Re: [squid-users] Which method for sibling peers?
Pawlowski Julian wrote: Askar wrote: http://www.mail-archive.com/squid-users@squid-cache.org/msg27484.html Ah, okay! That example is nearly the same as mine. I would use HTCP if someone would say it is good enough to be used with Squid. But I think I will take the classic ICP to be sure everything works. Maybe some day when Squid 3 stable has been released, I guess about a change... :-) Regards Julian you bet :) cache_peer some_cache_net sibling 3128 3130 proxy-only regards
Re: [squid-users] howto stop this
Matus UHLAR - fantomas wrote: On 02.04 12:24, Askar wrote: I duno who to stop this sorta request, tail -f cache.log 05/04/02 12:12:33| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:33| urlParse: Illegal character in hostname 'www.speedy!.com' find out which IP requests that and block it via ACL. Blocking via ACL is not possible beacouse these are dialup user getting different IP when they reconnect. regards
Re: [squid-users] child process 3364 exited due to signal 6
Henrik Nordstrom wrote: On Sun, 3 Apr 2005, Askar wrote: This is newly configured squid cache server specs are machine: P4 ram : 2GB squid: Version 2.5.STABLE9-20050402 Please try next snapshot. As seen in other discussion the snapshots from the last days have been somewhat unstable, more so when using diskd. Apr 3 03:16:06 pcache squid[3045]: Squid Parent: child process 3346 exited due to signal 6 Need a stack trace on this error. But first upgrade to 20050404 snapshot or later. Request header is too large (10494 bytes) 2004/04/23 02:21:02| Config 'request_header_max_size'= 10240 bytes. This should be unrelated to your problem. there should be an assertion failure message indicating why your Squid is restarting. Regards Henrik Thanks for the reply, yep I also thinks the the snapshot I installed was broken, later I just grep Version 2.5.STABLE9 and now its running fine from last 12hours without exiting child process :) Thanks and regards Askar
[squid-users] child process 3364 exited due to signal 6
hi list This is newly configured squid cache server specs are machine: P4 ram : 2GB squid: Version 2.5.STABLE9-20050402 compiled with : --enable-poll --enable-snmp --enable-cache_digests --enable-underscores --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,ufs --enable-delay-pools --enable-linuxnetfilter --with-pthreads --enable-icmp --enable-arp-acl --enable-htcp cache_dir: cache_dir diskd /cache1/cache 26000 32 256 cache_dir diskd /cache2/cache 33000 32 256 Within first few hours (during peak hours) squid giving problem .. Apr 3 01:51:34 pcache squid[3045]: Squid Parent: child process 3255 started Apr 3 02:05:51 pcache squid[3045]: Squid Parent: child process 3255 exited due to signal 6 Apr 3 02:05:54 pcache squid[3045]: Squid Parent: child process 3261 started Apr 3 02:09:12 pcache squid[3045]: Squid Parent: child process 3261 exited due to signal 6 Apr 3 02:09:15 pcache squid[3045]: Squid Parent: child process 3267 started Apr 3 02:16:21 pcache squid[3045]: Squid Parent: child process 3267 exited due to signal 6 Apr 3 02:16:24 pcache squid[3045]: Squid Parent: child process 3273 started Apr 3 02:26:06 pcache squid[3045]: Squid Parent: child process 3273 exited due to signal 6 Apr 3 02:26:09 pcache squid[3045]: Squid Parent: child process 3279 started Apr 3 02:40:36 pcache -- MARK -- Apr 3 02:42:04 pcache squid[3045]: Squid Parent: child process 3279 exited due to signal 6 Apr 3 02:42:07 pcache squid[3045]: Squid Parent: child process 3285 started Apr 3 02:58:51 pcache squid[3045]: Squid Parent: child process 3285 exited due to signal 6 Apr 3 02:58:54 pcache squid[3045]: Squid Parent: child process 3331 started Apr 3 03:02:40 pcache squid[3045]: Squid Parent: child process 3331 exited due to signal 6 Apr 3 03:02:43 pcache squid[3045]: Squid Parent: child process 3340 started Apr 3 03:13:40 pcache squid[3045]: Squid Parent: child process 3340 exited due to signal 6 Apr 3 03:13:43 pcache squid[3045]: Squid Parent: child process 3346 started Apr 3 03:16:06 pcache squid[3045]: Squid Parent: child process 3346 exited due to signal 6 . . . In cache.log I would see ... Request header is too large (10494 bytes) 2004/04/23 02:21:02| Config 'request_header_max_size'= 10240 bytes. 2004/04/23 02:21:30| Request header is too large (11680 bytes) 2004/04/23 02:21:30| Config 'request_header_max_size'= 10240 bytes. 2004/04/23 02:24:27| Request header is too large (10494 bytes) 2004/04/23 02:24:27| Config 'request_header_max_size'= 10240 bytes. 2004/04/23 02:24:50| Request header is too large (11680 bytes) 2004/04/23 02:24:50| Config 'request_header_max_size'= 10240 bytes. 2004/04/23 02:26:07| Request header is too large (10494 bytes) . . . any help in this regards will be greatly appreciated Regards Askar
[squid-users] howto stop this
hi list, I duno who to stop this sorta request, tail -f cache.log 05/04/02 12:12:33| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:33| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:34| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:34| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:35| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:35| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:36| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:36| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:37| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:37| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:38| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:38| urlParse: Illegal character in hostname 'www.speedy!.com' 2005/04/02 12:12:39| urlParse: Illegal character in hostname 'www.speedy!.com' which is causing lot of pain in the ass. regards
Re: [squid-users] what the difference b/w htcp / proxy only
Elsen Marc wrote: ... ... Frankly I really don't know if htcp is better then ICP while configuring HTCP provides better security and better cache hit predictions versus ICP. However, HTCP messages are larger and more complicated. So they impose slightly more network overhead. sibling, all we want to achieve sibling and yes proxy-only would be the best coz all of the caches servers are on the same network/switch. I thinks there is some sorta lack of communication probably from my side coz I'm not native ya ;) So what you suggest may I use ICP or HTCP protocol while configuring cache_peer , sibling relationship b/w the cache servers. You need ICP or HTCP to use siblings in a fashionable manner. I.e. the ability for the cache 'client' to ask the sibling whether it has the object or not. Probably ICP will has a slighty more chance for 'false hits'. M. Thank you Elsen Marc for your time and patience. Now HTCP vs ICP kinda clear to me Regards Askar
Re: [squid-users] Squid-2.5STABLE9 CPU usage problem
netcraft wrote: hi all: We use squid to accelerate our dynamic pages(resin/jsp), some pages are setting to very short expiry time(2min). and some are one day. It works good at the beginning, But I meet a strange problem: when squid start, it use about 8% of cpu time. the speed is fast. after 2 or 3 days, the cpu usage grows up to 49%, and the speed is slow. since the system is using hyperthread feature of cpu, so I think the actual cpu usage is about 99%. below is the configuration file and some information. thanks squid.conf: http_port 80 acl CACHABLE_PAGES urlpath_regex ^/page1.jsp acl CACHABLE_PAGES urlpath_regex ^/page2.jsp acl NONE_CACHABLE_PAGES urlpath_regex \.jsp no_cache allow CACHABLE_PAGES no_cache deny NONE_CACHABLE_PAGES maximum_object_size_in_memory 256 KB cache_mem 128 MB cache_dir diskd /data/squid/var/cache 1024 16 256 cache_log /data/squid/var/logs/cache.log cache_store_log none emulate_httpd_log off dns_children 5 redirect_children 20 auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern -i \.jpg$144050% 10080reload-into-ims refresh_pattern -i \.gif$144050% 10080reload-into-ims refresh_pattern -i \.png$144050% 10080reload-into-ims refresh_pattern -i \.bmp$144050% 10080reload-into-ims refresh_pattern -i \.css$10 50% 60 reload-into-ims refresh_pattern -i \.js$ 10 50% 60 reload-into-ims refresh_pattern -i \.htm$10 50% 60 reload-into-ims refresh_pattern -i \.html$ 10 50% 60 reload-into-ims refresh_pattern ^http://host1/page1\.jsp 14400% 1440ignore-reload refresh_pattern ^http://host1/ 14400% 1440 ignore-reload refresh_pattern ^http://host1/page2\.jsp2 0% 2 ignore-reload refresh_pattern . 0 0% 0 ... some acl ... visible_hostname squid1 httpd_accel_port 80 httpd_accel_host host1 httpd_accel_single_host on httpd_accel_with_proxy off httpd_accel_uses_host_header on coredump_dir /data/squid/var/cache client_db off half_closed_clients off client_persistent_connections off server_persistent_connections off some information: client_http.requests = 23.248488/sec client_http.hits = 11.862562/sec server.all.requests = 11.339263/sec page_faults = 0.00/sec select_loops = 246.597295/sec select_fds = 214.716036/sec Hi I don't know what thing hitting your cache however your post solved my problem, I added these two tags from your post and my squid cpu load come down to 99% to 34% :) client_persistent_connections off server_persistent_connections off Thanks and regards
Re: [squid-users] transparent proxy
[EMAIL PROTECTED] wrote: Hello I can not get squid to work transparent. I have the following in ipchains -A input -p tcp -s 0/0 -d 0/0 80 -j REDIRECT 8080 -A input -p tcp -s 192.87.209.0/24 -d 0/0 80 -j REDIRECT 8080 And this in squid.conf http_port 200.1.1.250:8080 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on http_port 192.87.209.250:8080 icp_port 3130 #htcp_port 4827 #mcast_groups 239.128.16.128 # tcp_outgoing_address 192.168.10.2 check your iptables rule coz i can see a syntax error in it this is the correct rule #iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 --dport 80 -j REDIRECT --to-port 8080 also do confirm you are not droping legitimate traffic to your cache serever, i-e if you are running a firewall on the same machine /cache then make sure you allow legitimate traffic IN and OUT. Or Just make your default Policy ACCEPT (less secure) regards
[squid-users] what the difference b/w htcp / proxy only
hi I'm kinda confuse what would be the best solution to set sibling between cache servers on the same switch/network. We have 3 cache servers that we want to configure to look each other before sending request out Internet. Secondly what the difference b/w 1) cache_peer Mysecondcache sibling 3128 4827 htcp proxy-only and 2) cache_peer Mysecondcache sibling 3128 4827 proxy-only Is there any benefit of using htcp instead of only using proxy only as in the second line?
Re: [squid-users] what the difference b/w htcp / proxy only
Elsen Marc wrote: I'm kinda confuse what would be the best solution to set sibling between cache servers on the same switch/network. We have 3 cache servers that we want to configure to look each other before sending request out Internet. Secondly what the difference b/w 1) cache_peer Mysecondcache sibling 3128 4827 htcp proxy-only and 2) cache_peer Mysecondcache sibling 3128 4827 proxy-only Is there any benefit of using htcp instead of only using proxy only as in the second line? - These directives are unrelated : htcp specifies a type if intercache communication protocol. no-proxy says that objects from the remote peer should not be saved locally. M. sorry but what do you mean by unrelated ? cache_peer Mysecondcache sibling 3128 4827 htcp proxy-only 3128 4827 htcp proxy-only you mean its of no benefit to specify 3128 4827 htcp proxy-only while configureing cache_peer? Thanks and regards Askar
Re: [squid-users] what the difference b/w htcp / proxy only
Elsen Marc wrote: ... ... cache_peer Mysecondcache sibling 3128 4827 htcp proxy-only 3128 4827 htcp proxy-only you mean its of no benefit to specify 3128 4827 htcp proxy-only while configureing cache_peer? - Depends on your requirements ; htcp is a more advanced inter cache protocol then ICP. - proxy-only specifies that objects from the remote cache should not be saved locally. So, if you need those : the question is the reverse. Why do you think that is a better situation for you ? M. Frankly I really don't know if htcp is better then ICP while configuring sibling, all we want to achieve sibling and yes proxy-only would be the best coz all of the caches servers are on the same network/switch. I thinks there is some sorta lack of communication probably from my side coz I'm not native ya ;) So what you suggest may I use ICP or HTCP protocol while configuring cache_peer , sibling relationship b/w the cache servers. Thanks and regards Askar
[squid-users] high cpu load
hi list Can someone tell me what are the causes of high CPU load , one of our squid cache server observing 99% cpu load during *peak* hours, its sucks coz req/sec not more then 80. However we have two other caches server on the same network switch and they are working just fine i-e cpu load = normal. squid v. Latest stable kernel 2.6.11.5 ram : 2GB swap : not used Note: I know im kinda repeating things *posts* but im helpless Regards
[squid-users] rep
I duno where I missed while replying some more info ...needed ? this is dual Dell machine diskd is the method used for cache_dir regards
Re: [squid-users] high cpu load
Elsen Marc wrote: hi list Can someone tell me what are the causes of high CPU load , one of our squid cache server observing 99% cpu load during *peak* hours, its sucks coz req/sec not more then 80. However we have two other caches server on the same network switch and they are working just fine i-e cpu load = normal. squid v. Latest stable kernel 2.6.11.5 ram : 2GB swap : not used Note: I know im kinda repeating things *posts* but im helpless Regards http://www.squid-cache.org/mail-archive/squid-users/200503/0663.html http://www.squid-cache.org/mail-archive/squid-users/200503/0795.html M. well I'm sorry I really missed that, however tell you what I don't know how to determine whether my ram fists the cache directory for squid needs cache_dir diskd /cache1/cache 25000 32 256 cache_dir diskd /cache2/cache 16000 32 256 cache_dir diskd /cache3/cache 16000 32 256 RAM: 2gb Note: Page I/O problem not exists any more. One and only one problem is squid consuming very high cpu load regards
Re: [squid-users] Cache size
Jacques van Dijk wrote: Hello Is there any way to find out how much diskspace is actualy being used by squid, in comparison to the predifined diskspace. And is it posible to switch of the logging? read FAQs for switching off logging Kind regards Jacques you can check cache_dir size by df -lh (human readable) or df -l or du -sh cachedir regards
Re: [squid-users] rep
Matus UHLAR - fantomas wrote: On 25.03 18:14, Askar wrote: I duno where I missed while replying some more info ...needed ? hard to say without seeing whith thread it belongs to. You should reply the message you sent before... this is dual Dell machine diskd is the method used for cache_dir hi list Can someone tell me what are the causes of high CPU load , one of our squid cache server observing 99% cpu load during *peak* hours, its sucks coz req/sec not more then 80. However we have two other caches server on the same network switch and they are working just fine i-e cpu load = normal. squid v. Latest stable kernel 2.6.11.5 ram : 2GB swap : not used Note: I know im kinda repeating things *posts* but im helpless file system reisefs Regardscache_dir diskd /cache1/cache 25000 32 256 cache_dir diskd /cache2/cache 16000 32 256 cache_dir diskd /cache3/cache 16000 32 256 request_header_max_size cache_swap_low 98 cache_swap_high 10010 KB maximum_object_size 1024 KB maximum_object_size_in_memory 128 KB cache_replacement_policy heap GDSF memory_replacement_policy heap GDSF #for trans. (interception) httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on #top 2460 squid 16 0 939m 928m 2400 R 44.6 45.8 2869:31 squid (atm 25 req/s) # free -m total used free sharedbuffers cached Mem: 2026 1978 47 0413468 -/+ buffers/cache: 1096929 Swap: 1913 0 1913 regards Askar
[squid-users] high page i/o
One of our cache servers cachemrg show very high number of page faults in compare to our other cache servers on which this number is as low as 0 and 8 Page faults with physical i/o: 513938 This cache server also consuming lot of swap Swap:total 1913 used 290 free 1623 and high cpu upto 90% during peaks. this is squid Squid Cache: Version 2.5.STABLE9 compiled with onfigure options: --prefix=/usr/local/squid --enable-poll --enable-snmp --enable-cache_digests --enable-underscores --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,ufs --enable-delay-pools --enable-linuxnetfilter --with-pthreads --enable-icmp --enable-arp-acl --enable-htcp OS: linux kernel 2.6.11.3 total physical ram : 2 GB regards
Re: [squid-users] high page i/o
Henrik Nordstrom wrote: On Tue, 22 Mar 2005, Askar wrote: This cache server also consuming lot of swap Swap:total 1913 used 290 free 1623 and high cpu upto 90% during peaks. How much memory is your Squid using? Regards Henrik squid is using upto 79-81% of memory Regards
Re: [squid-users] squid req/min
Matus UHLAR - fantomas wrote: On 18.03 20:10, Askar wrote: Find the info you asked 1) squid Version 2.5.STABLE9 2) Linux (slackware) kernel 2.6.11.3 3) 2 sata hard drive 37GB each cache_dir diskd /cache1/cache 25000 32 256 cache_dir diskd /cache2/cache 16000 32 256 cache_dir diskd /cache3/cache 16000 32 256 eh, three cache_dir's on two disks? a bit useless and ineffective you only should use one cache_dir per disk. Got it, would you kind enough guide me howto get rid of these two cache_dir from a single disk to one cache_dir, without effective our users and cache server, remember its a production cache server serving more then 200 users anytime. And also would you suggest me the maximum_object_size_in_memory for my setup. Thanks and regards
Re: [squid-users] squid req/min
Matus UHLAR - fantomas wrote: Hi Matus, Thanks for your reply and I will try to let you know after making changes as you suggested, atm kinda busy with other stuff Thanks and regards On 18.03 20:10, Askar wrote: cache_dir diskd /cache1/cache 25000 32 256 cache_dir diskd /cache2/cache 16000 32 256 cache_dir diskd /cache3/cache 16000 32 256 Matus UHLAR - fantomas wrote: eh, three cache_dir's on two disks? a bit useless and ineffective you only should use one cache_dir per disk. On 21.03 15:01, Askar wrote: Got it, would you kind enough guide me howto get rid of these two cache_dir from a single disk to one cache_dir, without effective our users and cache server, remember its a production cache server serving more then 200 users anytime. the only way I see is to remove one of cache_dirs off squid.conf and restart squid, remove the data on the disk and increase second cache_dir to whole disk. You'll loose its contents of course. And also would you suggest me the maximum_object_size_in_memory for my setup. I would try bigger number, even if it's hard to decide the best setting. I currently have 256KB (but probably will decrease it a bit to see if it helps the memory hit ratio), for your setup I'd probably try 64-128KB.
[squid-users] squid req/min
bonjour, HTTP requests 2963.0 req/min what you gurus says squid is capable to handle that number of req/m ? regards
Re: [squid-users] squid req/min
Elsen Marc wrote: bonjour, HTTP requests 2963.0 req/min what you gurus says squid is capable to handle that number of req/m ? Easy : without even twinkling. That's about 50 reqs/sec. My old Compaq ML370 now serves 60 reqs/sec with cpu to spare. On modern P4 based 'light server hardware' that kind of load is not even good enough to warm the fans... :-). M. thanks for the reply, but i have a problem squid consuming too much cpu i-e during peak hours 2963.0 req/min, squid take up 80% of cpu. Any idea ? thanks and regards
Re: [squid-users] squid req/min
Elsen Marc wrote: thanks for the reply, but i have a problem squid consuming too much cpu i-e during peak hours 2963.0 req/min, squid take up 80% of cpu. Any idea ? - Telling that from the beginning can save a lot of 'mail space' for everyone. - Please include : * Squid version * OS/platform/version * Store dir params (size,store method,aufs, diskd,ufs) M. hi Marc, Find the info you asked 1) squid Version 2.5.STABLE9 2) Linux (slackware) kernel 2.6.11.3 3) 2 sata hard drive 37GB each cache_dir diskd /cache1/cache 25000 32 256 cache_dir diskd /cache2/cache 16000 32 256 cache_dir diskd /cache3/cache 16000 32 256 thanks and regards
Re: [squid-users] squid req/min
Elsen Marc wrote: hi Marc, Find the info you asked 1) squid Version 2.5.STABLE9 2) Linux (slackware) kernel 2.6.11.3 3) 2 sata hard drive 37GB each cache_dir diskd /cache1/cache 25000 32 256 cache_dir diskd /cache2/cache 16000 32 256 cache_dir diskd /cache3/cache 16000 32 256 - check whether you have adequate RAM versus the total size of the cache (see FAQ) - 2 GB of physical RAM - Check squid process SIZE versus RSS with : % top squid 15 0 883m 714m 1204 S 26.0 80.8 3147:47 squid verify whether the squid process 'fits' in memory and does not need swap. - Average swap need of the system can be checked with : % free total used free sharedbuffers cached Mem: 883874 9 0 57 32 -/+ buffers/cache:784 98 Swap: 1913759 1154 If there is to much swap in use. Squid performance can be hampered too. - Squid rpm's from vendors sometime have all option configured with configure. squid is installed from source with #squid -v Squid Cache: Version 2.5.STABLE9 configure options: --prefix=/usr/local/squid --enable-poll --enable-snmp --enable-cache_digests --enable-underscores --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,ufs --enable-delay-pools --enable-linuxnetfilter --with-pthreads --enable-icmp --enable-arp-acl --enable-htcp In that case I advise to build squid manually, with only those configure options needed which you want. M. regards
[squid-users] code 502
sometime access.log show me code 502, I duno what it mean ?
Re: [squid-users] code 502
Elsen Marc wrote: sometime access.log show me code 502, I duno what it mean ? http://www.squid-cache.org/Doc/FAQ/FAQ-6.html#ss6.8 M. thanks but why i'm getting code 520, Bad Gateway only today even though we didn't changed anything. however things kinda smooth from few hours. regards
[squid-users] squid plugin for nagios
hi list can someone point me where to get the plugin of squid for nagios regards
Re: [squid-users] squid plugin for nagios
Christoph Haas wrote: On Sat, Mar 05, 2005 at 01:57:01PM +0500, Askar wrote: can someone point me where to get the plugin of squid for nagios I have written a plugin that I make available at http://workaround.org Regards Christoph Hi ChrisH, Surprised ? you already gives the plugins to me kokoko1, actually I posted in the list first and then asked you about the plugin in the channel. :) Thanks and regards Askar
[squid-users] sibling hit/miss report
hi list Is there a srcipt (mrtg) for graphically plot the HIT/MISS between sibling cache servers. we are currently using mrtg for monitoring our squid servers which reports http/req, http/hit etc. regards
Re: [squid-users] acl with groups + w2k domain
it clown wrote: Cost saving. Is ISA better than squid? On Mon, 28 Feb 2005 16:58:41 +1100 Derek Liu [EMAIL PROTECTED] wrote: For curiosity, why do you want to replace ISA server with squid? Regards, Derek -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of it clown Sent: Monday, 28 February 2005 4:59 AM To: squid-users@squid-cache.org Subject: Re: [squid-users] acl with groups + w2k domain I found some help in the squid docs. Will try them, thanks. On Sun, 27 Feb 2005 14:19:17 +0200 it clown [EMAIL PROTECTED] wrote: Hi All, I am using ISA server and i am wanting to replace it with squid. I am running squid on a linux box. Now what i want to do is have w2k users to use the squid proxy. I want to add a few users in a group to have internet access and add other users in another group to have access only to a few sites. To do this i need to make the linux box part of the w2k domain via winbind (I know how to do that)? How do i allow some users to have full access to internet and to allow others to only have access to some sites in squid? What auth do i need to set squid to to auth the users with the w2k domain controller? I do not want an auth box to pop up. Thanks Regards __ http://www.webmail.co.za the South African FREE email service __ http://www.webmail.co.za the South African FREE email service __ http://www.webmail.co.za the South African FREE email service ISA not recommended for production enviroment :)
Re: [squid-users] How to determine which options sre compiled into a binary?
[EMAIL PROTECTED] wrote: How can I determine which squid options are compiled into a binary? John Sutherland Phone Fax +61 2 4683 1511 9 Meryla Street, Couridjah NSW 2571 Australia squid -v regards
[squid-users] ugent help needed
hi list This is urgent my squid exiting abnormally this I don't understand why here is the log from /var/log/messages Feb 27 04:41:35 mcache (squid): logfileWrite: /var/log/squid/access.log: (42) No message of desired type Feb 27 04:41:40 mcache (squid): logfileWrite: /var/log/squid/access.log: (28) No space left on device Feb 27 04:41:55 mcache last message repeated 4 times Feb 27 04:41:55 mcache squid[617]: Exiting due to repeated, frequent failures Feb 27 09:33:39 mcache (squid): logfileWrite: /var/log/squid/access.log: (42) No message of desired type Feb 27 09:33:44 mcache (squid): logfileWrite: /var/log/squid/access.log: (28) No space left on device Feb 27 09:33:57 mcache last message repeated 4 times Feb 27 09:33:57 mcache squid[3691]: Exiting due to repeated, frequent failures ugent help will be greatly appreciated regards
[squid-users] question about sibling
hi list, we have three cache servers i want to setup them in sibling i-e all of cache server at the movment serving clients if object found in cache then reply from the cache other wise fetch the contents from Internet. Now we want if request arrive at cache1 it check cache2 and cache3 if object found in any of sibling cache fetch it from the cache, cache it locally and reply to client. Same if request arrive at cache2 it check cache1 and cache3. we are also running default DROP iptables firewall on all cache server , so which port to allow to let sibling working? any help in this regard will be greatly appreciated. regards
Re: [squid-users] storing objects in round robin fashion
Matus UHLAR - fantomas wrote: On 24.02 09:53, Askar wrote: we have these three cache directories, squid/cache working fine expect two things. 1) I want to store objects in these three directories in round-robin fashion. even though I had enable store_dir_select_algorithm round-robin in squid.conf however still I can see squid storing objects in cache1. After putting store_dir_select_algorithm round-robin in squid.conf , I just give squid -k reconfigure. did you run 'squid -z' after you created new cache_dir's? /dev/sda6 26G 2.4G 24G 10% /cache1 /dev/sdb1 16G 81M 16G 1% /cache2 /dev/sdb2 16G 81M 16G 1% /cache3 seems you have two cache_dir's on two partitions of the same disk. That is very ineffective 2) this is P3, 1200MHz Dell machine , and squid is taking upto 70% of cpu during peak hours. cache_dir diskd /cache1/ cache_dir diskd /cache2/ cache_dir diskd /cache3/ these say nothing about reasons why squid takes that much ram. From what I see in this list, big CPU usage is usually caused by ineffective ACL setup. hi henrik and matus thanks for your reply, okay i just restarted the machine, now im waiting for the result of df -lh :) Matus, its not the RAM but cpu, squid taking too much cpu cycles i-e upto 70% sometime during peak hours and this is for sure not normal coz we have other cache servers running running very smooth. regards
[squid-users] storing objects in round robin fashion
hi list we have these three cache directories, squid/cache working fine expect two things. 1) I want to store objects in these three directories in round-robin fashion. even though I had enable store_dir_select_algorithm round-robin in squid.conf however still I can see squid storing objects in cache1. After putting store_dir_select_algorithm round-robin in squid.conf , I just give squid -k reconfigure. /dev/sda6 26G 2.4G 24G 10% /cache1 /dev/sdb1 16G 81M 16G 1% /cache2 /dev/sdb2 16G 81M 16G 1% /cache3 2) this is P3, 1200MHz Dell machine , and squid is taking upto 70% of cpu during peak hours. cache_dir diskd /cache1/ cache_dir diskd /cache2/ cache_dir diskd /cache3/
Re: [squid-users] LVS/TUN or LVS/DR
Andrew Sawyers wrote: -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 6:14 PM To: Andrew Sawyers Cc: 'Henrik Nordstrom'; 'Askar'; 'Squid Users' Subject: RE: [squid-users] LVS/TUN or LVS/DR On Wed, 9 Feb 2005, Andrew Sawyers wrote: Any particular reason why you're after DR mode? I have several squids load balanced in masq mode and we're able to handle more traffic then most sites can aspire too - with basically 0 load on the LVS server. If you do interception then LVS must not NAT the destination IP of the connections, or else Squid has no way of figuring out what the original destination was on HTTP/1.0 requests without Host header. Excellent, thanks - that solves that. :) Regards Henrik Andrew Thank you all for your time and patience that clear the concept of LVS to me, I will come back with my queries regarding LVS if we got problem during actaul migration to LVS. Regards
[squid-users] LVS/TUN or LVS/DR
hi list I am wondering if anyone here running Virtual Server via IP Tunneling or Virtual Server via Direct Routing, LVS based caches cluster. Thanks and Regards Askar
Re: [squid-users] Help..
Chris Robertson wrote: -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Monday, February 07, 2005 11:58 AM To: Chris Robertson Cc: squid-users@squid-cache.org Subject: RE: [squid-users] Help.. On Mon, 7 Feb 2005, Chris Robertson wrote: Not entirely true. There is a benefit on a multi-processor box. Squid, being a single threaded application can't natively take advantage of multiple processors. Running multiple instances of squid is beneficial in such a situation. If CPU usage is your main bottleneck (most often it is not the main bottleneck) Regards Henrik With high latency, squid seems to eat CPU with impunity. http://mrtg.schoolaccess.net/squid/ ~70 requests/sec, ~850KB/sec, nearly 50% CPU on a Xeon 3GHz w/2GB RAM and very little in the way of ACLs: http_port 8080 cache_peer proxy2.schoolaccess.net sibling 8080 3130 proxy-only no-digest cache_peer proxy3.schoolaccess.net parent 8080 3130 round-robin proxy-only no-digest cache_peer proxy3.schoolaccess.net parent 8081 3131 round-robin proxy-only no-digest hierarchy_stoplist acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 32 MB maximum_object_size 10 KB cache_dir ufs /cache1 3072 16 256 cache_dir ufs /cache2 3072 16 256 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log cache_store_log none cache_swap_log /usr/local/squid/logs/swap.log pid_filename /usr/local/squid/logs/squid.pid refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 negative_ttl 30 seconds negative_dns_ttl 30 seconds half_closed_clients off acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl Corp src xxx.xxx.xxx.xxx/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl mrtg src xxx.xxx.xxx.xxx/32 acl snmppublic snmp_community public http_access allow manager localhost http_access allow manager Corp http_access deny manager http_access deny to_localhost http_access allow all icp_access allow all cache_mgr [EMAIL PROTECTED] cache_effective_user squid cache_effective_group squid log_icp_queries off icp_hit_stale on acl snmppublic snmp_community public snmp_access allow snmppublic localhost snmp_access allow snmppublic mrtg snmp_access deny all nonhierarchical_direct off strip_query_terms off coredump_dir /usr/local/squid/cache Most of the requests to these servers are over satellite (~600ms latency) through squid2.5Stable7 servers, and that seems to make a huge difference. FWIW, proxy1 and proxy2 are running RHLinux 9, proxy3 is running FreeBSD 5.2, and has 4GB of RAM. All three are on the same switch, and only a single router hop (over ethernet) to the fibre. Access to the cache is limited via a firewall. The MRTG graphs for proxy3 are using combined statistics for the two squid processes running on it (as it's a dual proc box). Running top shows that about 2/3rds of squid's CPU usage is system vs. user on all three boxes. The select loop takes around 4ms to execute on all three boxes. *shrug* Perhaps it's not a issue with squid itself. I'm not too concerned, as it works well, and overall surfing is faster with squid than without (due to the on-site caches), and all traffic flows by the filtering servers (due to the central caches). At some point in the future, I'm likely going to turn this lot into a LVS, with a pair of smaller (cheaper) boxes acting as a redundant front-end controller. Chris LVS , that's what im thinking about atm, :) regards
Re: [squid-users] cluster solution
H Matik wrote: On Saturday 05 February 2005 22:25, you wrote: LVS is useful in load balancing both servers and proxies, including transparently intercepting proxies if you like. It can even run on the same nodes as the servers, eleminating the need of extra hardware. hmm, for server balance ok but do you think LVS is better then parent weight and some other squid configs for walking through several frontend caches? Hans Regards Henrik That's why im asking in this list, I have to decide which clustering load balancing is good for cache servers. truely I have no idea of parent weight catch , it would be nice of you if you put some light on this. regards
Re: [squid-users] Need Your Suggestion
Ahmad Arif wrote: Dear Squid Master, I've Just installed squid2.5 STABLE2 on RH7 recently, right now I need frree monitoring tools which will use access.log as a source, is there any good free monitoring tools I can use ? Great Thanks AArif look into http://www.squid-cache.org/Scripts/ , and if you want to monitor via MRTG then point your browser to http://people.ee.ethz.ch/~oetiker/webtools/mrtg/ regards
[squid-users] cluster solution
hi list what is the best clustering solution for squid cache servers ? LVS ? LVS tunneling or routing. we are thinking about this http://dragon.linux-vs.org/~dragonfly/ solution based on LVS however im will be kinda glad to get some advices from gurus over here :) regards
Re: [squid-users] cluster solution
H Matik wrote: On Saturday 05 February 2005 15:24, Askar wrote: hi list what is the best clustering solution for squid cache servers ? LVS ? LVS tunneling or routing. do you serve users or serv content with your cache? What OS you wnat to use? And may be you have some more details, links, bandwidth, size, disks, servers we serv http port 80 via cache, that is transparent caches serving web pages to our clients. current we have three cache/proxy server running squid OS FC2, in numbers ? And what is your priority? Performance, link problemas, server problems? What do you wnat to get out of this? we want to implement load balancer to over come link problem, and ofcourse to achieve good performance lvs (I may be wrong) is probably only a load balancer but not the cluster and probably thought for serving content but not users (access users) yep lvs is load balancer, with one computer working as FE (front end) and real servers in back ends. lvs is what ppl suggested to me. Load balance you can probably achieve easier and cheaper (depending on your project size) using only squid on several servers for different content types but may be you answer first my first question I didn't get this? at the movement our caches servers are just configured for http port 80 tranparently however we are sending traffic from our gateway to caches via iproute2 + iptables (mark) Hans regards we are thinking about this http://dragon.linux-vs.org/~dragonfly/ solution based on LVS however im will be kinda glad to get some advices from gurus over here :) regards
Re: [squid-users] Help..
Chris Robertson wrote: -Original Message- From: Ahmad Arif [mailto:[EMAIL PROTECTED] Sent: Friday, February 04, 2005 1:46 AM To: squid-users@squid-cache.org Subject: [squid-users] Help.. DEar Squid Master, I need your help, I plan to install 2 version of squid in the same machine Redhat 9. is it possible ? Many thanks for your help.. AArif It is possible. You just need a separate squid.conf file for each instance of Squid. Each conf file has to specify a different listening port, different cache directories, and different log files (or none at all). You can use the same squid binary (of you don't want to use different versions of squid) and just point each instance at a different conf file like: /sbin/squid -f /etc/squid1.conf /sbin/squid -f /etc/squid2.conf Chris any benefit of running two instances of squid on a single machine?
Re: [squid-users] squid child process extended
Elsen Marc wrote: hi list today i get this in /var/log/messages Feb 1 11:40:04 Mcache squid[1318]: Squid Parent: child process 9501 exited with status 1 Feb 1 11:40:07 Mcache squid[1318]: Squid Parent: child process 9503 started Feb 1 11:40:07 Mcache squid[1318]: Squid Parent: child process 9503 exited with status 1 Feb 1 11:40:10 Mcache squid[1318]: Squid Parent: child process 9505 started Feb 1 11:40:10 Mcache squid[1318]: Squid Parent: child process 9505 exited with status 1 Feb 1 11:40:13 Mcache squid[1318]: Squid Parent: child process 9507 started Feb 1 11:40:13 Mcache squid[1318]: Squid Parent: child process 9507 exited with status 1 Feb 1 11:40:13 Mcache squid[1318]: Exiting due to repeated, frequent failures Check cache.log for more info. i google for it but didn't find anything can someone tell me why this happen and how to stop squid using all the partition , coz df -lh showing that squid is using one of cache directory 99%. how to delete objects from cache dir ? (safe way) is it simple like rm * ? Specify appropriate size(s), for the cache dir(s), taking into account available disk (partition) space. Squid will maintain those sizes automatically and no user intervention is needed. 'rm *' is evil , and will lead to swap failures as then there will be a mismatch with what squid thinks is in the cache and which objects are effectively still there, (info which is maintained in the swap.state file(s)) M. right, cache partition size is 15gb and we have created cache_dir diskd /cache2/cache1 7500 cache_dir diskd /cache2/cache2 7500 Is this fine? or we have to leave some space on cache2 partition , currently 7500 + 7500 = 15000 all the partition space what is the good partice? thanks and regards
[squid-users] squid child process extended
hi list today i get this in /var/log/messages Feb 1 11:40:04 Mcache squid[1318]: Squid Parent: child process 9501 exited with status 1 Feb 1 11:40:07 Mcache squid[1318]: Squid Parent: child process 9503 started Feb 1 11:40:07 Mcache squid[1318]: Squid Parent: child process 9503 exited with status 1 Feb 1 11:40:10 Mcache squid[1318]: Squid Parent: child process 9505 started Feb 1 11:40:10 Mcache squid[1318]: Squid Parent: child process 9505 exited with status 1 Feb 1 11:40:13 Mcache squid[1318]: Squid Parent: child process 9507 started Feb 1 11:40:13 Mcache squid[1318]: Squid Parent: child process 9507 exited with status 1 Feb 1 11:40:13 Mcache squid[1318]: Exiting due to repeated, frequent failures i google for it but didn't find anything can someone tell me why this happen and how to stop squid using all the partition , coz df -lh showing that squid is using one of cache directory 99%. how to delete objects from cache dir ? (safe way) is it simple like rm * ? regards
[squid-users] cache direcotry full
hi list df -lh showing 100% for one of /cache directory , how to manage this ? regards
Re: [squid-users] Re: assertion failed: HttpHeader.c:1046: e
Henrik Nordstrom wrote: On Mon, 17 Jan 2005, Askar wrote: 2005/01/17 11:56:37| WARNING: unparseable HTTP header field near 'F57A245B432AD60D0956D90; OE_Usermoonjee81_hotmail.com=1106030955' 2005/01/17 11:56:37| assertion failed: HttpHeader.c:1046: e we are using : Squid Cache: Version 2.5.STABLE7-20041228 any work around this problem ? Better yet, there is a fix. Upgrade to a more recent snapshot and you will get rid of this. Regards Henrik yep I upgraded to lastest release and things looks fine atm from last 2 hours. Regards Askar
[squid-users] Squid Parent: child process 12613 started
hello list, after giving problem from many todays squid process died heh too bad. here are the /var/log/messages Jan 17 10:23:20 Mcache squid[1419]: Squid Parent: child process 12613 started Jan 17 10:23:23 Mcache squid[1419]: Squid Parent: child process 12613 exited due to signal 6 Jan 17 10:23:26 Mcache squid[1419]: Squid Parent: child process 12625 started Jan 17 10:23:28 Mcache squid[1419]: Squid Parent: child process 12625 exited due to signal 6 Jan 17 10:23:28 Mcache squid[1419]: Exiting due to repeated, frequent failures we are using Squid Cache: Version 2.5.STABLE7-20041228, any idea why child process exited due to signal 6? regards Askar
[squid-users] assertion failed: HttpHeader.c:1046: e
as my squid child processes are exiting and restarting frequently when i look into cache.log i found this 2005/01/17 11:56:37| WARNING: unparseable HTTP header field near 'F57A245B432AD60D0956D90; OE_Usermoonjee81_hotmail.com=1106030955' 2005/01/17 11:56:37| assertion failed: HttpHeader.c:1046: e we are using : Squid Cache: Version 2.5.STABLE7-20041228 any work around this problem ?
[squid-users] Squid Parent: child process 4977 exited due to signal 6
hi list can someone help me to solve my problem, from last few days im getting this in /var/log/messages/ Jan 15 16:20:29 Mcache squid[1419]: Squid Parent: child process 4289 exited due to signal 6 Jan 15 16:20:32 Mcache squid[1419]: Squid Parent: child process 4711 started Jan 15 16:50:19 Mcache squid[1419]: Squid Parent: child process 4711 exited due to signal 6 Jan 15 16:50:22 Mcache squid[1419]: Squid Parent: child process 4795 started Jan 15 16:50:23 Mcache squid[1419]: Squid Parent: child process 4795 exited due to signal 6 Jan 15 16:50:26 Mcache squid[1419]: Squid Parent: child process 4807 started Jan 15 16:50:32 Mcache squid[1419]: Squid Parent: child process 4807 exited due to signal 6 Jan 15 16:50:35 Mcache squid[1419]: Squid Parent: child process 4819 started Jan 15 17:23:53 Mcache squid[1419]: Squid Parent: child process 4819 exited due to signal 6 Jan 15 17:23:56 Mcache squid[1419]: Squid Parent: child process 4905 started Jan 15 17:33:13 Mcache squid[1419]: Squid Parent: child process 4905 exited due to signal 6 Jan 15 17:33:16 Mcache squid[1419]: Squid Parent: child process 4941 started Jan 15 17:33:59 Mcache squid[1419]: Squid Parent: child process 4941 exited due to signal 6 Jan 15 17:34:02 Mcache squid[1419]: Squid Parent: child process 4953 started Jan 15 17:37:42 Mcache squid[1419]: Squid Parent: child process 4953 exited due to signal 6 Jan 15 17:37:45 Mcache squid[1419]: Squid Parent: child process 4977 started Jan 15 17:40:18 Mcache squid[1419]: Squid Parent: child process 4977 exited due any help in this regards will greatly appreciated regards Askar
[squid-users] Testing new user
Hi all this is just a test message from a new comer :D regards
