Hi Amos,
Thanks for your quick help. I am using following (I suppose latest
available series) of Squid
Index of /jskala/squid/squid-3.0.STABLE16-1.el5/i386
I've made those ufs/aufs changes & cache_low/high in squid.conf. I'll
let you know about the feedback soon. Also I've removed spaces from time
ACL elements MTWHF ...
-Asim Ahmed
Amos Jeffries wrote:
> On Tue, 20 Oct 2009 19:53:02 +0500, "Asim Ahmed @ Folio3"
> <aahmed_at_folio3.com> wrote:
>
>> -
>>
>> Hi all,
>>
>> I have installed Squid 3.0 STABLE on RHEL5. I am using it on conjunction
>>
>
>
> 3.0STABLE what? there are now around 21 releases in circulation.
>
>
>> with Shorewall 4.4.2.2. I've tested that Shorewall is working fine on
>> machine. The problem is that SQUID stops responding intermittently. This
>>
>
>
>> period ranges from minuts / hours / days. Some time it works absolutely
>> fine and at other times it just dies. Even "tail -f access.log" does not
>>
>
>
>> show any activity at all. Internet stops working.
>>
>> Machine is Pentium D 2.0 GHz with 2 GB of RAM. Out of my squid.conf
>> through *grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'* is
>>
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/32
>> acl to_localhost dst 127.0.0.0/8
>> acl localnet src 192.168.4.0/24 # RFC1918 possible internal network
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
>> acl BusinessHours time M T W H F 9:00-13:00
>> acl BusinessHours time M T W H F 14:30-19:00
>>
>
> The above should have no spaces in the day specifier: MTWHF
>
>
>> acl BadSites dstdomain "/etc/squid/restricted_sites.list"
>> http_access allow manager localhost
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny BadSites BusinessHours
>> http_access allow localnet
>> http_access deny all
>> icp_access allow localnet
>> icp_access deny all
>> htcp_access allow localnet
>> htcp_access deny all
>> reply_body_max_size 5 MB
>> http_port 46095 transparent
>> include /etc/squid/mediatypes.list
>> hierarchy_stoplist cgi-bin ?
>> cache_mem 256 MB
>> cache_dir ufs /var/spool/squid 16384 16 256
>>
>
> This is probably the cause. UFS file system is extremely slow. Also with
>
>> 10GB the default garbage collection settings for 3.0 are too wide. Squid
>>
> can block up while removing 5% of the cached files once an hour.
>
> I recommend setting:
> cache_dir aufs /var/spool/squid 16384 16 256
> cache_swap_low 90
> cache_swap_high 92
>
>
> Also,,,,
>
> check cache.log for signs of squid dying. Restarting and reloading a
> large cache through slow disk IO systems can cause a few dozen seconds
> delay in request handling.
>
> please use the latest release available (there are current 'unofficial'
> packages for RHEL in the www.squid-cache.org binary downloads pages).
>
>
>
>> access_log /var/log/squid/access.log squid
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern (cgi-bin|\?) 0 0% 0
>> refresh_pattern . 0 20% 4320
>> shutdown_lifetime 5 seconds
>> visible_hostname gateway.folio3.com
>> icp_port 3130
>> coredump_dir /var/spool/squid
>>
>> Any help on where to look for the error and any remedy would be
>> appriciated.
>>
>
>
> Amos
>
>
-- Regards, Asim Ahmed Khan IT Manager, Folio3 (Pvt.) Ltd. www.folio3.com Direct: 92-21-4323721-4 Ext 110 Email: aahmed_at_folio3.comReceived on Wed Oct 21 2009 - 05:27:56 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 22 2009 - 12:00:03 MDT