Hi,
(sending again because ezlm didn't like my attaches before)
we've got squid 2.7.STABLE7, running on Ubuntu 10.04, as reverse
proxy for OWA 2007 (or Exchange 2007; excuse me if there are differences, I
don't know much about Windows products). It has been recompiled with
"--enable-ssl" to be able to answer SSL to the clients and to communicate
using SSL with the backend. We followed the howto at [1] and other, and then
modified the configuration a bit to better suit our needs.
It works well, and it's very fast. But it leaks memory like a sieve.
It goes from 250MB to 2.2GB in 24 hours. In cache.log there are a lot of
lines like these:
2010/10/18 09:36:29| fwdNegotiateSSL: Error negotiating SSL connection on FD
5485: error:00000000:lib(0):func(0):reason(0) (5/-1/104)
2010/10/18 09:36:29| TCP connection to owa (XX.XX.XX.XX:443) failed
("owa" is the backend)
Besides that, nothing. No error, no warning, nothing than can give a
hint as to what's happening. Attached is a snippet of the configuration, with
IP addresses and domains obfuscated (customer's requirement). I think
everything important is there, but don't hesitate to ask for more if it's
needed. I attach also the output from "squidclient mgr:info" and "squidclient
mgr:mem", two hours (more or less) after restarting the process. We tried with
"memory_pools" on and off (current configuration), but it seems to make no
difference. We also tried with "client_db" disabled, but as it meant no
improvement we enabled it again.
Unfortunately, this is a production system, so I can't do much
testing without affecting users. But if something can shed light on the
issue, I can ask for a maintenance window.
I'm planning to update to 2.7.STABLE9 (Ubuntu package, recompiled
with SSL again), and also add the patch from the daily snapshot. It seems that
the only thing it adds is a "memBufClean" call, and to me it looks like
something good when speaking about memory leaks :-) I hope it helps.
Sorry if I make little sense in some of this, it's monday morning. Any
help, opinion or suggestion is welcome. Thanks in advance.
References:
[1]
http://www.tanti.org.uk/index.php/blogs/owencampbell/3-tech/3-proxy
-- Roberto Suarez Soto Allenta Consulting robe_at_allenta.com www.allenta.com +34 881 922 600 Este correo electrónico contiene información estrictamente confidencial y es de uso exclusivo del destinatario, quedando prohibida a cualquier otra persona su revelación, copia, distribución, o el ejercicio de cualquier acción relativa a su contenido. Si ha recibido este mensaje por error, por favor conteste a su remitente mediante correo electrónico y proceda a borrarlo de su sistema. Rogamos nos comunique inmediatamente sobre cualquier inconveniente que pueda tener usted en relación al envío de este tipo de correo electrónico. Sus datos personales serán tratados de forma confidencial y no serán cedidos a terceros ajenos a ALLENTA CONSULTING, S.L. En cualquier caso, podrá ejercer los derecho de oposición, acceso, rectificación y cancelación de acuerdo con lo establecido en la Ley Orgánica 15/99, de 13 de diciembre, de Protección de Datos de Carácter Personal dirigiéndose a ALLENTA CONSULTING, S.L. en C/Enrique Mariñas 36, 2º piso, oficina 8, 15009 – A Coruña o en la dirección de electrónico info_at_allenta.com
This archive was generated by hypermail 2.2.0 : Mon Oct 18 2010 - 12:00:03 MDT