Dan Casey wrote:
> I'm running squid 2.6 from CentOS 5 repository, as an http accelerator
> for wordpress.
>
> I've got it working to a point using a configuration I found elsewhere
> (I'm not very familiar with squid yet, and most docs I've found are not
> relevant to this version).
The FAQ has a current configuration setup tutorial
http://wiki.squid-cache.org/SquidFaq/ReverseProxy
there are large access control settings missing from your config that
are needed to make things work efficiently and securely. Additional to
the notes I've made below.
> It is successfully caching the images as stuff and other static content,
> but I would like it cache some of dynamic pages as well. I've played
> around with the refresh_pattern's a little bit, but didn't have any
> luck. Here is an example from the access log.
>
> ping.php is specifically not cached, but the other one "?p=1" I would
> like to cache.
>
>
> ############# /etc/squid/squid.conf ##################
> # Basic parameters
> visible_hostname localhost
Calling the gateway machine "localhost" may cause all sorts of trouble
and confusion. Please try using a proper machine or domain FQDN.
> # This line indicates the server we will be proxying for
> http_port 80 defaultsite=wordpress.dom.tld
> # And the IP Address for it
> cache_peer 10.10.10.10 parent 80 0 no-query originserver
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> # Where the cache files will be, memory and such
> cache_dir ufs /var/spool/squid 10000 16 256
> cache_mem 256 MB
> maximum_object_size_in_memory 32 KB
> # Log locations and format
> logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
> logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
> "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
> access_log /var/log/squid/access.log squid
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
store log is not usually needed. you can save yourself a lot of storage
space setting this to "none".
> hosts_file /etc/hosts
> # Basic ACLs
> acl all src 0.0.0.0/0.0.0.0
> acl mydomain dstdomain .example.com
That should be set properly to the wordpress domain.
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl Safe_ports port 80
> acl purge method PURGE
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access allow localhost
> http_access allow all
Drop that allow all!
> http_access allow mydomain
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> cache_effective_group squid
should only need cache_effective_user here. Group plays wickedness with
permissions.
> coredump_dir /var/spool/squid
> forwarded_for on
> emulate_httpd_log on
> redirect_rewrites_host_header off
> buffered_logs on
>
> refresh_pattern -i ping.php 0 0% 0 override-expire
> refresh_pattern -i .php 0 50% 30
> refresh_pattern -i .js 0 50% 300
> refresh_pattern -i .css 0 50% 300
> refresh_pattern -i .jpg 0 50% 300
> refresh_pattern -i .gif 0 50% 300
> refresh_pattern -i .png 0 50% 300
> refresh_pattern -i .swf 0 50% 300
> refresh_pattern -i .html 0 50% 300
> refresh_pattern -i .shtml 0 50% 300
>
> client_persistent_connections on
> server_persistent_connections on
> pipeline_prefetch on
> strip_query_terms off
>
Amos
-- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11 Current Beta Squid 3.1.0.3Received on Wed Jan 07 2009 - 06:02:33 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 07 2009 - 12:00:02 MST