On 18/09/10 06:00, Andrei wrote:
> I'm a newbie. To get Squid started all I was able to do is create the
> config below. This works but it feels like it could be a little
> faster. I have about 300 users.
> Are there any other options that you would recommend adding to this
> config file? This is my config file for Squid 3.0 on Debian, P4, 40GB
> IDE disk.
RAM?
Tip #1: Add the backports.org repo to your list and pull squid3 (3.1)
from there.
>
> refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
pattern: \.index\.(html|htm)$
> refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
add here: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 40% 40320
> cache_dir ufs /var/spool/squid3 7000 16 256
AUFS
+ more disk? (that will depend on your available RAM).
> visible_hostname proxy.ourdomain.com
> http_port 176.16.0.9:3128 transparent
Use a random port for NAT interception. It only needs to be accessible
to your local machine firewall to send packets.
Regular proxy requests arriving at this port will be slowed by useless
NAT searches.
Tip #2: avoid NAT. Use WPAD/PAC to invisibly configure the networks
browsers and pre-filter broken domains.
> acl localnet src 176.16.0.0/255.255.248.0
acl localnet src 176.16.0.0/21
Tip #3: retain the security Safe_Ports and SSL_Ports restrictions to
prevent internal viral/spam spreading.
> http_access allow localnet
> debug_options ALL,1
> access_log /var/log/squid3/access.log squid
Check and be sure about your response times. They might surprise you one
way or the other:
squidclient mgr:info
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2Received on Mon Sep 20 2010 - 13:18:38 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 21 2010 - 12:00:03 MDT