RE: [squid-users] Re: server failover/backup

From: Lawrence Pingree <geekguy_at_geek-guy.com>
Date: Wed, 20 Aug 2014 19:27:25 -0700

Nuhll,
Just use the following config and point your clients to port 8080 on the
squid ip. The ONLY thing you really should change with this configuration is
the IP addresses, the hostname or add file extensions to the
refresh_patterns. It should work!

#
#Recommended minimum configuration:
#
always_direct allow all

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10 # RFC1918 possible internal network
acl Safe_ports port 1-65535 # RFC1918 possible internal network
acl CONNECT method GET POST HEAD CONNECT PUT DELETE # RFC1918 possible
internal network
#acl block-fnes urlpath_regex -i .*/fnes/echo # RFC 4193 local private
network range
acl noscan dstdomain .symantecliveupdate.com liveupdate.symantec.com
psi3.secunia.com update.immunet.com # RFC 4291 link-local (directly plugged)
machines

acl video urlpath_regex -i
\.(m2a|avi|mov|mp(e?g|a|e|1|2|3|4)|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg
|ogm|asf|asx|wmvm3u8|flv|ts)

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost

no_cache deny noscan
always_direct allow noscan
always_direct allow video

# Deny requests to certain unsafe ports

# Deny CONNECT to other than secure SSL ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on .localhost. is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
#cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest
no-netdb-exchange
#never_direct allow all

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

http_access allow all

# allow localhost always proxy functionality

# And finally deny all other access to this proxy

# Squid normally listens to port 3128
http_port 192.168.2.2:8080

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
maximum_object_size 5000 MB
#store_dir_select_algorithm round-robin
cache_dir aufs /daten/squid 100000 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

# Add any of your own refresh_pattern entries above these.
# General Rules
refresh_pattern -i
\.(jpg|gif|png|webp|jpeg|ico|bmp|tiff|bif|ver|pict|pixel|bs)$ 220000 90%
300000 override-expire ignore-no-store ignore-private ignore-auth
refresh-ims
refresh_pattern -i
\.(js|css|class|swf|wav|dat|zsci|do|ver|advcs|woff|eps|ttf|svg|svgz|ps|acsm|
wma)$ 220000 90% 300000 override-expire ignore-no-store ignore-private
ignore-auth refresh-ims
refresh_pattern -i \.(html|htm|crl)$ 220000 90% 259200 override-expire
ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i \.(xml|flow)$ 0 90% 100000
refresh_pattern -i \.(json)$ 1440 90% 5760
refresh_pattern -i ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)$ 0 0%
0
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$
220000 80% 259200
refresh_pattern -i
windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$ 220000 80% 259200
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$
220000 80% 259200
refresh_pattern -i
\.(bin|deb|rpm|drpm|exe|zip|tar|tgz|bz2|ipa|bz|ram|rar|bin|uxx|gz|crl|msi|dl
l|hz|cab|psf|vidt|apk|wtex|hz|ipsw)$ 220000 90% 500000 override-expire
ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i \.(ppt|pptx|doc|docx|pdf|xls|xlsx|csv|txt)$ 220000 90%
259200 override-expire ignore-no-store ignore-private ignore-auth
refresh-ims
refresh_pattern -i ^ftp: 66000 90% 259200
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern -i . 0 90% 259200
log_icp_queries off
icp_port 0
htcp_port 0
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all
minimum_object_size 0 KB
buffered_logs on
cache_effective_user squid
#header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221
Firefox/2.0.0.9
vary_ignore_expire on
cache_swap_low 90
cache_swap_high 95
visible_hostname shadow
unique_hostname shadow-DHS
shutdown_lifetime 0 second
request_header_max_size 256 KB
half_closed_clients off
max_filedesc 65535
connect_timeout 10 second
cache_effective_group squid
#access_log /var/log/squid/access.log squid
access_log daemon:/var/log/squid/access.log buffer-size=1MB
client_db off
dns_nameservers 127.0.0.1
#pipeline_prefetch 20
ipcache_size 8192
fqdncache_size 8192
#positive_dns_ttl 72 hours
#negative_dns_ttl 5 minutes
tcp_outgoing_address 192.168.2.2
dns_v4_first on
check_hostnames off
forwarded_for delete
via off
pinger_enable off
cache_mem 2048 MB
maximum_object_size_in_memory 256 KB
memory_cache_mode disk
cache_store_log none
read_ahead_gap 50 MB
reload_into_ims on

-----Original Message-----
From: nuhll [mailto:nuhll_at_web.de]
Sent: Wednesday, August 20, 2014 12:08 PM
To: squid-users_at_squid-cache.org
Subject: [squid-users] Re: server failover/backup

I give up. Squid sucks so hard.

New and easier idea:

accel the sites i want to cache.

But how? Information about this is crazy much

http://wiki.squid-cache.org/SquidFaq/ReverseProxy

But how to cache?

#
#Recommended minimum configuration:
#

debug_options ALL,1 33,2

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing # should be
allowed acl localnet src 192.168.0.0/16 acl localnet src fc00::/7 acl
localnet src fe80::/10 # RFC1918 possible internal network #acl Safe_ports
port 1-65535 # RFC1918 possible internal network #acl CONNECT method GET
POST HEAD CONNECT PUT DELETE # RFC1918 possible internal network #acl
block-fnes urlpath_regex -i .*/fnes/echo # RFC 4193 local private network
range #acl noscan dstdomain .symantecliveupdate.com liveupdate.symantec.com
psi3.secunia.com update.immunet.com # RFC 4291 link-local (directly plugged)
machines #acl video urlpath_regex -i
\.(m2a|avi|mov|mp(e?g|a|e|1|2|3|4)|m1s|mp2v|m2v|m2s|wmx|rm|rmvb|3pg|3gpp|omg
|ogm|asf|asx|wmvm3u8|flv|ts)

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost

#no_cache deny noscan
#always_direct allow noscan
#always_direct allow video

# Deny requests to certain unsafe ports

# Deny CONNECT to other than secure SSL ports

# We strongly recommend the following be uncommented to protect innocent #
web applications running on the proxy server who think the only # one who
can access services on .localhost. is a local user #http_access deny
to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #
#cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest
#no-netdb-exchange #never_direct allow all

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks #
from where browsing should be allowed

#http_access allow all

# allow localhost always proxy functionality

# And finally deny all other access to this proxy

http_port 192.168.0.8:80 accel defaultsite=windowsupdate.com cache_peer
windowsupdate.com parent 80 0 no-query originserver

http_port 192.168.0.8:80 accel defaultsite=microsoft.com cache_peer
microsoft.com parent 80 0 no-query originserver

http_port 192.168.0.8:80 accel defaultsite=windows.com cache_peer
windows.com parent 80 0 no-query originserver # We recommend you to use at
least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
maximum_object_size 5000 MB
#store_dir_select_algorithm round-robin
cache_dir aufs /daten/squid 100000 16 256

# Leave coredumps in the first cache dir coredump_dir /daten/squid

#windows update
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$
202974 80% 262974
refresh_pattern -i
windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$ 202974 80% 262974
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wma|dat|zip)$
202974 80% 262974

log_icp_queries off
icp_port 0
htcp_port 0
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic all
minimum_object_size 0 KB
buffered_logs on
cache_effective_user proxy
#header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221
Firefox/2.0.0.9
vary_ignore_expire on
cache_swap_low 90
cache_swap_high 95
#visible_hostname shadow
#unique_hostname shadow-DHS
shutdown_lifetime 0 second
request_header_max_size 256 KB
half_closed_clients off
max_filedesc 65535
connect_timeout 10 second
cache_effective_group proxy
#access_log /var/log/squid/access.log squid #access_log
daemon:/var/log/squid3/access.test.log squid client_db off #dns_nameservers
192.168.0.10 ipcache_size 1024 fqdncache_size 1024 positive_dns_ttl 24 hours
negative_dns_ttl 5 minutes #itcp_outgoing_address 192.168.2.2 dns_v4_first
on check_hostnames off forwarded_for delete via off #pinger_enable off
#memory_replacement_policy heap LFUDA #cache_replacement_policy heap LFUDA
cache_mem 2048 MB maximum_object_size_in_memory 512 KB #memory_cache_mode
disk cache_store_log none read_ahead_gap 50 MB pipeline_prefetch on
reload_into_ims on #quick_abort_min -1 KB

Does not cache any windows updates.

--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ONLY-Cache-certain-Websit
es-tp4667121p4667289.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Thu Aug 21 2014 - 02:27:41 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 21 2014 - 12:00:06 MDT