[GTER] SQUID squid-3.1.0.14 + TPROXY
Luzivan
luzivan at gmail.com
Thu Nov 12 17:19:23 -02 2009
resultado do ps aux
root 17590 0.0 0.0 34652 1808 ? Ss 16:20 0:00
/usr/local/squid/sbin/squid
proxy 17592 3.0 0.1 73700 18220 ? S 16:20 0:00 (squid)
proxy 17593 0.0 0.0 15768 1028 ? S 16:20 0:00 (unlinkd)
2009/11/12 MARLON BORBA <MBORBA at trf3.jus.br>
> hummm.. com que usuário ele deve rodá-lo?
>
> ;-)
>
>
>
> >>>Em 12/11/2009 às 17:13, Bruno Ayub <bruno.ayub at gmail.com> gravou:
>
> > Roda esse comando e retorna o resultado pra gente:
> >
> >
> > ulimit -n -H
> >
> >
> >
> >
> > 2009/11/12 Luzivan <luzivan at gmail.com>
> >
> >> Fiz todos estes ajustes... mas o problema dos FD continua.
> >>
> >> 2009/11/11 <servidores at futuro.usp.br>
> >>
> >> > Veja se ajuda:
> >> > http://wiki.squid-cache.org/Features/Tproxy4
> >> >
> >> > Lembrando que apartir do kernel 2.6.28 à suporte nativo ao TPROXY,
> sem
> >> > precisar de patchs.
> >> >
> >> > E a configuração do Squid torna-se bem simples como pode ser visto
> acima.
> >> >
> >> >
> >> >
> >> >
> >> > > Meu camarada...
> >> > >
> >> > >
> >> > > Não sei qual seu problema. Os colegas já fizeram as perguntas
> que eu
> >> > > faria.
> >> > >
> >> > > considerações:
> >> > >
> >> > > 1- Tem memória pra caramba no seu servidor. Se o sistema
> operacional
> >> não
> >> > > for
> >> > > 64bits, você vai ter dificuldade para usa-la.
> >> > > 2- Essa apresentação me ajudou (muito) a customizar o squid. (
> >> > >
> >> >
> >>
> >
>
> http://colab.interlegis.gov.br/attachment/wiki/EncontroGitec/squid.pdf?format
>
> > =txt
> >> > > )
> >> > > 3- Uso o Debian v5. Squid 2.7 instalado via apt.
> >> > > 4- Boa sorte!
> >> > >
> >> > >
> >> > > [ ]'s
> >> > >
> >> > >
> >> > > 2009/11/11 davi peres <daviperes at gmail.com>
> >> > >
> >> > >> Sem. Cerca de 60
> >> > >>
> >> > >> Em 11/11/09, Luzivan<luzivan at gmail.com> escreveu:
> >> > >> > Fiz o teste baixando de 12Gb para 1GB até, também fiz um
> teste
> >> > >> alterando
> >> > >> de
> >> > >> > diskd para aufs e ufs, mas nada, sempre o problema do FD
> aparece.
> >> > >> >
> >> > >> > Perguntas (Davi)
> >> > >> > 1) O seu squid também trabalha com o tproxy ?
> >> > >> >
> >> > >> > 2) Quantas conexoes simultâneas seu proxy trabalha ?
> >> > >> >
> >> > >> >
> >> > >> > 2009/11/11 davi peres <daviperes at gmail.com>
> >> > >> >
> >> > >> >> maximum_object_size 512 MB
> >> > >> >> minimum_object_size 0 KB
> >> > >> >> ipcache_size 1024
> >> > >> >> ipcache_low 90
> >> > >> >> ipcache_high 95
> >> > >> >> fqdncache_size 1024
> >> > >> >> cache_mem 512 MB
> >> > >> >> cache_dir ufs /servidores/squid/var/cache 512 20 256
> >> > >> >>
> >> > >> >> o meu ta assim. tem 4gb de mem. so por via de duvidas tente
> abaixar
> >> > >> >> aqueles
> >> > >> >> 12gb por que se nao me engano esta memoria eh multiplicada.
> >> > >> >>
> >> > >> >>
> >> > >> >> 2009/11/10 Luzivan <luzivan at gmail.com>
> >> > >> >>
> >> > >> >> > ######### SQUID CONF ###########
> >> > >> >> >
> >> > >> >> > http_port 3129 tproxy
> >> > >> >> > httpd_suppress_version_string on
> >> > >> >> > max_open_disk_fds 0
> >> > >> >> > error_directory /usr/local/squid/share/errors/Portuguese/
> >> > >> >> > visible_hostname tempestade
> >> > >> >> > cache_effective_user proxy
> >> > >> >> > cache_effective_group proxy
> >> > >> >> > debug_options ALL,1
> >> > >> >> > logfile_rotate 7
> >> > >> >> > client_db off
> >> > >> >> > icp_port 0
> >> > >> >> > ipcache_size 1024
> >> > >> >> > cache_mem 12 GB
> >> > >> >> > cache_swap_low 90
> >> > >> >> > cache_swap_high 95
> >> > >> >> > maximum_object_size 5 MB
> >> > >> >> > maximum_object_size_in_memory 1 MB
> >> > >> >> > minimum_object_size 0 KB
> >> > >> >> > cache_dir diskd /cache/spool/squid3 1300000 16 256 Q1=64
> Q2=72
> >> > >> >> >
> >> > >> >> > cache_dir diskd /cache/spool/squid3 1300000 16 256 Q1=64
> Q2=72
> >> > >> >> >
> >> > >> >> > coredump_dir /cache/spool/squid3
> >> > >> >> > cache_log /cache/log/squid3/cache.log
> >> > >> >> > cache_store_log /cache/log/squid3/store.log
> >> > >> >> > access_log /cache/log/squid3/access.log squid
> >> > >> >> >
> >> > >> >> > acl manager proto cache_object
> >> > >> >> > acl localhost src 127.0.0.1/32
> >> > >> >> > acl to_localhost dst 127.0.0.0/8
> >> > >> >> >
> >> > >> >> > cache_replacement_policy heap LFUDA
> >> > >> >> > half_closed_clients off
> >> > >> >> >
> >> > >> >> > uri_whitespace encode
> >> > >> >> > strip_query_terms on
> >> > >> >> > ie_refresh on
> >> > >> >> >
> >> > >> >> > acl SSL_ports port 443
> >> > >> >> > acl Safe_ports port 80 # http
> >> > >> >> > acl Safe_ports port 21 # ftp
> >> > >> >> > acl Safe_ports port 443 # https
> >> > >> >> > acl Safe_ports port 70 # gopher
> >> > >> >> > acl Safe_ports port 210 # wais
> >> > >> >> > acl Safe_ports port 1025-65535 # unregistered ports
> >> > >> >> > acl Safe_ports port 280 # http-mgmt
> >> > >> >> > acl Safe_ports port 488 # gss-http
> >> > >> >> > acl Safe_ports port 591 # filemaker
> >> > >> >> > acl Safe_ports port 777 # multiling http
> >> > >> >> > acl CONNECT method CONNECT
> >> > >> >> >
> >> > >> >> > http_access allow localhost
> >> > >> >> > http_access allow all
> >> > >> >> >
> >> > >> >> > ########## FIM SQUID CONF #############
> >> > >> >> >
> >> > >> >> > 1) Estou compilando para usar com o TPROXY, poder usar
> diskd ou
> >> > >> aufs
> >> > >> >> >
> >> > >> >> > 2) Distro Debian 5.0 R3 com Kernal 2.6.30.4
> >> > >> >> >
> >> > >> >> >
> >> > >> >> > 2009/11/10 Fabio Donizete Mantesso Machado <
> >> > >> fabiomantesso at superig.com.br
> >> > >> >> >
> >> > >> >> >
> >> > >> >> > > posta o seu squid.conf ai!
> >> > >> >> > > qual distro voce usa? qual a necessidade de compilar o
> mesmo?
> >> > >> >> > >
> >> > >> >> > > 2009/11/10 Luzivan <luzivan at gmail.com>
> >> > >> >> > >
> >> > >> >> > > > As config de memória estão assim:
> >> > >> >> > > >
> >> > >> >> > > > ipcache_size 1024
> >> > >> >> > > > cache_mem 12 GB
> >> > >> >> > > > cache_swap_low 90
> >> > >> >> > > > cache_swap_high 95
> >> > >> >> > > > maximum_object_size 5 MB
> >> > >> >> > > > maximum_object_size_in_memory 1 MB
> >> > >> >> > > > minimum_object_size 0 KB
> >> > >> >> > > >
> >> > >> >> > > > cache_dir diskd /cache/spool/squid3 1300000 16 256
> Q1=64
> >> Q2=72
> >> > >> >> > > >
> >> > >> >> > > > OBS: Este servidor tem 16GB de memória
> >> > >> >> > > >
> >> > >> >> > > > 2009/11/9 davi peres <daviperes at gmail.com>
> >> > >> >> > > >
> >> > >> >> > > > > Ainda acho melhor você consultar sua configuração
> de
> >> memória
> >> > >> >> > > > >
> >> > >> >> > > > > Em 09/11/09, Luzivan<luzivan at gmail.com> escreveu:
> >> > >> >> > > > > > para o squid reconhercer tive que alterar no
> >> > >> >> > > /etc/security/limits.conf
> >> > >> >> > > > > >
> >> > >> >> > > > > > * - nofile 65535
> >> > >> >> > > > > >
> >> > >> >> > > > > > agora quando consulto das duas formas mostra a
> quantidade
> >> > >> do
> >> > >> >> > > > limits.conf
> >> > >> >> > > > > >
> >> > >> >> > > > > >
> >> > >> >> > > > > > squidclient -p 3129 mgr:info | grep descriptors
> >> > >> >> > > > > > Maximum number of file descriptors: 65536
> >> > >> >> > > > > > Available number of file descriptors: 65526
> >> > >> >> > > > > > Reserved number of file descriptors: 100
> >> > >> >> > > > > >
> >> > >> >> > > > > > cat /cache/log/squid3/cache.log | grep
> descriptors
> >> > >> >> > > > > > 2009/11/09 15:41:15| With 65536 file descriptors
> >> available
> >> > >> >> > > > > >
> >> > >> >> > > > > > *mais tarde vou colocar em operação e ver o qua
> acontece.
> >> > >> >> > > > > >
> >> > >> >> > > > > > 2009/11/8 Bruno L F Cabral
> <bruno at openline.com.br>
> >> > >> >> > > > > >
> >> > >> >> > > > > >> >> Veja como está no SO.
> >> > >> >> > > > > >> > ulimit -a proxy
> >> > >> >> > > > > >> > open files (-n) 8192
> >> > >> >> > > > > >> ------------------------------------------
> >> > >> >> > > > > >>
> >> > >> >> > > > > >> Tente aumentar antes de iniciar o squid e veja se
> ajuda.
> >> > >> >> > > > > >>
> >> > >> >> > > > > >> !3runo Cabral
> >> > >> >> > > > > >> --
> >> > >> >> > > > > >> gter list
> >> > https://eng.registro.br/mailman/listinfo/gter
> >> > >> >> > > > > >>
> >> > >> >> > > > > >
> >> > >> >> > > > > >
> >> > >> >> > > > > >
> >> > >> >> > > > > > --
> >> > >> >> > > > > > [Luzivan ;]
> >> > >> >> > > > > > "O caminho do sucesso está sempre em construção"
> >> > >> >> > > > > > --
> >> > >> >> > > > > > gter list
> >> https://eng.registro.br/mailman/listinfo/gter
> >> > >> >> > > > > >
> >> > >> >> > > > >
> >> > >> >> > > > > --
> >> > >> >> > > > > Enviado do meu celular
> >> > >> >> > > > > --
> >> > >> >> > > > > gter list
> https://eng.registro.br/mailman/listinfo/gter
> >> > >> >> > > > >
> >> > >> >> > > >
> >> > >> >> > > >
> >> > >> >> > > >
> >> > >> >> > > > --
> >> > >> >> > > > [Luzivan ;]
> >> > >> >> > > > "O caminho do sucesso está sempre em construção"
> >> > >> >> > > > --
> >> > >> >> > > > gter list
> https://eng.registro.br/mailman/listinfo/gter
> >> > >> >> > > >
> >> > >> >> > > --
> >> > >> >> > > gter list
> https://eng.registro.br/mailman/listinfo/gter
> >> > >> >> > >
> >> > >> >> >
> >> > >> >> >
> >> > >> >> >
> >> > >> >> > --
> >> > >> >> > [Luzivan ;]
> >> > >> >> > "O caminho do sucesso está sempre em construção"
> >> > >> >> > --
> >> > >> >> > gter list https://eng.registro.br/mailman/listinfo/gter
>
> >> > >> >> >
> >> > >> >> --
> >> > >> >> gter list https://eng.registro.br/mailman/listinfo/gter
> >> > >> >>
> >> > >> >
> >> > >> >
> >> > >> >
> >> > >> > --
> >> > >> > [Luzivan ;]
> >> > >> > "O caminho do sucesso está sempre em construção"
> >> > >> > --
> >> > >> > gter list https://eng.registro.br/mailman/listinfo/gter
> >> > >> >
> >> > >>
> >> > >> --
> >> > >> Enviado do meu celular
> >> > >> --
> >> > >> gter list https://eng.registro.br/mailman/listinfo/gter
> >> > >>
> >> > >
> >> > >
> >> > >
> >> > > --
> >> > > Bruno Ayub.
> >> > > --
> >> > > gter list https://eng.registro.br/mailman/listinfo/gter
> >> > >
> >> >
> >> >
> >> > --
> >> > gter list https://eng.registro.br/mailman/listinfo/gter
> >> >
> >>
> >>
> >>
> >> --
> >> [Luzivan ;]
> >> "O caminho do sucesso está sempre em construção"
> >> --
> >> gter list https://eng.registro.br/mailman/listinfo/gter
> >>
> >
>
> --
>
> Abraços,
>
> Marlon Borba, CISSP, APC DataCenter Associate
> Técnico Judiciário · Segurança da Informação
> IPv6 Evangelist · Moreq-Jus Evangelist
> Comissão Local de Resposta a Incidentes - CLRI
> TRF 3 Região
> (11) 3012-1581
> --
> Follow me on Twitter!
> twitter.com/mborba
> --
>
> --
> gter list https://eng.registro.br/mailman/listinfo/gter
>
--
[Luzivan ;]
"O caminho do sucesso está sempre em construção"
More information about the gter
mailing list