[GTER] SQUID squid-3.1.0.14 + TPROXY
servidores at futuro.usp.br
servidores at futuro.usp.br
Wed Nov 11 21:42:09 -02 2009
Veja se ajuda:
http://wiki.squid-cache.org/Features/Tproxy4
Lembrando que apartir do kernel 2.6.28 à suporte nativo ao TPROXY, sem
precisar de patchs.
E a configuração do Squid torna-se bem simples como pode ser visto acima.
> Meu camarada...
>
>
> Não sei qual seu problema. Os colegas já fizeram as perguntas que eu
> faria.
>
> considerações:
>
> 1- Tem memória pra caramba no seu servidor. Se o sistema operacional não
> for
> 64bits, você vai ter dificuldade para usa-la.
> 2- Essa apresentação me ajudou (muito) a customizar o squid. (
> http://colab.interlegis.gov.br/attachment/wiki/EncontroGitec/squid.pdf?format=txt
> )
> 3- Uso o Debian v5. Squid 2.7 instalado via apt.
> 4- Boa sorte!
>
>
> [ ]'s
>
>
> 2009/11/11 davi peres <daviperes at gmail.com>
>
>> Sem. Cerca de 60
>>
>> Em 11/11/09, Luzivan<luzivan at gmail.com> escreveu:
>> > Fiz o teste baixando de 12Gb para 1GB até, também fiz um teste
>> alterando
>> de
>> > diskd para aufs e ufs, mas nada, sempre o problema do FD aparece.
>> >
>> > Perguntas (Davi)
>> > 1) O seu squid também trabalha com o tproxy ?
>> >
>> > 2) Quantas conexoes simultâneas seu proxy trabalha ?
>> >
>> >
>> > 2009/11/11 davi peres <daviperes at gmail.com>
>> >
>> >> maximum_object_size 512 MB
>> >> minimum_object_size 0 KB
>> >> ipcache_size 1024
>> >> ipcache_low 90
>> >> ipcache_high 95
>> >> fqdncache_size 1024
>> >> cache_mem 512 MB
>> >> cache_dir ufs /servidores/squid/var/cache 512 20 256
>> >>
>> >> o meu ta assim. tem 4gb de mem. so por via de duvidas tente abaixar
>> >> aqueles
>> >> 12gb por que se nao me engano esta memoria eh multiplicada.
>> >>
>> >>
>> >> 2009/11/10 Luzivan <luzivan at gmail.com>
>> >>
>> >> > ######### SQUID CONF ###########
>> >> >
>> >> > http_port 3129 tproxy
>> >> > httpd_suppress_version_string on
>> >> > max_open_disk_fds 0
>> >> > error_directory /usr/local/squid/share/errors/Portuguese/
>> >> > visible_hostname tempestade
>> >> > cache_effective_user proxy
>> >> > cache_effective_group proxy
>> >> > debug_options ALL,1
>> >> > logfile_rotate 7
>> >> > client_db off
>> >> > icp_port 0
>> >> > ipcache_size 1024
>> >> > cache_mem 12 GB
>> >> > cache_swap_low 90
>> >> > cache_swap_high 95
>> >> > maximum_object_size 5 MB
>> >> > maximum_object_size_in_memory 1 MB
>> >> > minimum_object_size 0 KB
>> >> > cache_dir diskd /cache/spool/squid3 1300000 16 256 Q1=64 Q2=72
>> >> >
>> >> > cache_dir diskd /cache/spool/squid3 1300000 16 256 Q1=64 Q2=72
>> >> >
>> >> > coredump_dir /cache/spool/squid3
>> >> > cache_log /cache/log/squid3/cache.log
>> >> > cache_store_log /cache/log/squid3/store.log
>> >> > access_log /cache/log/squid3/access.log squid
>> >> >
>> >> > acl manager proto cache_object
>> >> > acl localhost src 127.0.0.1/32
>> >> > acl to_localhost dst 127.0.0.0/8
>> >> >
>> >> > cache_replacement_policy heap LFUDA
>> >> > half_closed_clients off
>> >> >
>> >> > uri_whitespace encode
>> >> > strip_query_terms on
>> >> > ie_refresh on
>> >> >
>> >> > acl SSL_ports port 443
>> >> > acl Safe_ports port 80 # http
>> >> > acl Safe_ports port 21 # ftp
>> >> > acl Safe_ports port 443 # https
>> >> > acl Safe_ports port 70 # gopher
>> >> > acl Safe_ports port 210 # wais
>> >> > acl Safe_ports port 1025-65535 # unregistered ports
>> >> > acl Safe_ports port 280 # http-mgmt
>> >> > acl Safe_ports port 488 # gss-http
>> >> > acl Safe_ports port 591 # filemaker
>> >> > acl Safe_ports port 777 # multiling http
>> >> > acl CONNECT method CONNECT
>> >> >
>> >> > http_access allow localhost
>> >> > http_access allow all
>> >> >
>> >> > ########## FIM SQUID CONF #############
>> >> >
>> >> > 1) Estou compilando para usar com o TPROXY, poder usar diskd ou
>> aufs
>> >> >
>> >> > 2) Distro Debian 5.0 R3 com Kernal 2.6.30.4
>> >> >
>> >> >
>> >> > 2009/11/10 Fabio Donizete Mantesso Machado <
>> fabiomantesso at superig.com.br
>> >> >
>> >> >
>> >> > > posta o seu squid.conf ai!
>> >> > > qual distro voce usa? qual a necessidade de compilar o mesmo?
>> >> > >
>> >> > > 2009/11/10 Luzivan <luzivan at gmail.com>
>> >> > >
>> >> > > > As config de memória estão assim:
>> >> > > >
>> >> > > > ipcache_size 1024
>> >> > > > cache_mem 12 GB
>> >> > > > cache_swap_low 90
>> >> > > > cache_swap_high 95
>> >> > > > maximum_object_size 5 MB
>> >> > > > maximum_object_size_in_memory 1 MB
>> >> > > > minimum_object_size 0 KB
>> >> > > >
>> >> > > > cache_dir diskd /cache/spool/squid3 1300000 16 256 Q1=64 Q2=72
>> >> > > >
>> >> > > > OBS: Este servidor tem 16GB de memória
>> >> > > >
>> >> > > > 2009/11/9 davi peres <daviperes at gmail.com>
>> >> > > >
>> >> > > > > Ainda acho melhor você consultar sua configuração de memória
>> >> > > > >
>> >> > > > > Em 09/11/09, Luzivan<luzivan at gmail.com> escreveu:
>> >> > > > > > para o squid reconhercer tive que alterar no
>> >> > > /etc/security/limits.conf
>> >> > > > > >
>> >> > > > > > * - nofile 65535
>> >> > > > > >
>> >> > > > > > agora quando consulto das duas formas mostra a quantidade
>> do
>> >> > > > limits.conf
>> >> > > > > >
>> >> > > > > >
>> >> > > > > > squidclient -p 3129 mgr:info | grep descriptors
>> >> > > > > > Maximum number of file descriptors: 65536
>> >> > > > > > Available number of file descriptors: 65526
>> >> > > > > > Reserved number of file descriptors: 100
>> >> > > > > >
>> >> > > > > > cat /cache/log/squid3/cache.log | grep descriptors
>> >> > > > > > 2009/11/09 15:41:15| With 65536 file descriptors available
>> >> > > > > >
>> >> > > > > > *mais tarde vou colocar em operação e ver o qua acontece.
>> >> > > > > >
>> >> > > > > > 2009/11/8 Bruno L F Cabral <bruno at openline.com.br>
>> >> > > > > >
>> >> > > > > >> >> Veja como está no SO.
>> >> > > > > >> > ulimit -a proxy
>> >> > > > > >> > open files (-n) 8192
>> >> > > > > >> ------------------------------------------
>> >> > > > > >>
>> >> > > > > >> Tente aumentar antes de iniciar o squid e veja se ajuda.
>> >> > > > > >>
>> >> > > > > >> !3runo Cabral
>> >> > > > > >> --
>> >> > > > > >> gter list https://eng.registro.br/mailman/listinfo/gter
>> >> > > > > >>
>> >> > > > > >
>> >> > > > > >
>> >> > > > > >
>> >> > > > > > --
>> >> > > > > > [Luzivan ;]
>> >> > > > > > "O caminho do sucesso está sempre em construção"
>> >> > > > > > --
>> >> > > > > > gter list https://eng.registro.br/mailman/listinfo/gter
>> >> > > > > >
>> >> > > > >
>> >> > > > > --
>> >> > > > > Enviado do meu celular
>> >> > > > > --
>> >> > > > > gter list https://eng.registro.br/mailman/listinfo/gter
>> >> > > > >
>> >> > > >
>> >> > > >
>> >> > > >
>> >> > > > --
>> >> > > > [Luzivan ;]
>> >> > > > "O caminho do sucesso está sempre em construção"
>> >> > > > --
>> >> > > > gter list https://eng.registro.br/mailman/listinfo/gter
>> >> > > >
>> >> > > --
>> >> > > gter list https://eng.registro.br/mailman/listinfo/gter
>> >> > >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > [Luzivan ;]
>> >> > "O caminho do sucesso está sempre em construção"
>> >> > --
>> >> > gter list https://eng.registro.br/mailman/listinfo/gter
>> >> >
>> >> --
>> >> gter list https://eng.registro.br/mailman/listinfo/gter
>> >>
>> >
>> >
>> >
>> > --
>> > [Luzivan ;]
>> > "O caminho do sucesso está sempre em construção"
>> > --
>> > gter list https://eng.registro.br/mailman/listinfo/gter
>> >
>>
>> --
>> Enviado do meu celular
>> --
>> gter list https://eng.registro.br/mailman/listinfo/gter
>>
>
>
>
> --
> Bruno Ayub.
> --
> gter list https://eng.registro.br/mailman/listinfo/gter
>
More information about the gter
mailing list