[Debian-br-gud-rs] Duvidas com Squid3 cache
alan inacio
alanbrawdebian em gmail.com
Quarta Outubro 29 15:56:45 UTC 2014
Srs. Bom dia.
Estou montando um servidor cache.
Cenário link adsl 2mb isso mesmo 2 mb infelizmente não temos outra opção de
link, Divido a internet com 11 pessoas a ideia não é fazer bloqueios por
enquanto rs mas sim aumentar a performance da internet o servidor já esta
em produção.
Montei o script abaixo com base em pesquisa em alguns sites e gostaria de
uma ajuda para aperfeiçoar o serviço com a ajuda de vc’s.
Estou com duvida referente a real necessidade do quick_abort_min revirei a
net e não ache nada relacionado mas vi que muitos add esse cara no
squid.conf.
Algumas linha estão apresentando erro não consigo declara toda a minha rede
no cache. como estou no trabalho não consigo posta o erro no momento mas
assim que possível irei postar.
Hardware
Intel i3
Memoria 2gb
Hd 350gb
SO. Debian 6
Squid 3.X
#PORTA DO PROXY
http_port 3128 transparent
always_direct allow all
# Nome do servidor - contato
visible_hostname SRV-CACHE
cache_mgr alan.inacio em yahoo.com.br
# CONFIGURACAO DOS LOGS
access_log /var/log/squid3/access.log
access_log /var/log/squid3/cache.log
cache_store_log /var/log/squid3/store.log
error_directory /usr/share/squid3/errors/Portuguese
# DIRETORIO DO CACHE LIBERADO 240GB NO HD DE 350GB
cache_dir aufs /var/cache/squid3 240000 16 256
# MEMORIA TOTAL DO SRV 2GB DDR3 1066
cache_mem 1024 MB
memory_pools off
maximum_object_size_in_memory 512 KB
maximum_object_size 1024 MB
minimum_object_size 0 KB
memory_replacement_policy heap GDSF # Para memoria RAM
cache_replacement_policy heap LFUDA # Para Disco
quick_abort_min -1 KB
#LIMPEZA DO CACHE
cache_swap_low 95
cache_swap_high 98
ipcache_size 1024
ipcache_low 98
ipcache_high 95
fqdncache_size 1024
# client_request_buffer_max_size 512 KB #### DESATIVADO ESTA COM ERRO
# reply_body_max_size 100 MB #### DESATIVADO ESTA COM ERRO
detect_broken_pconn on
# ACL
# acl all src 0.0.0.0/0.0.0.0 #### DESATIVADO ESTA COM ERRO
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl SSL_ports port 443 563 873 # https, snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 973 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # portas altas
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 3389 # acesso remoto windows
acl CONNECT method CONNECT
# PERMICOES DE ACESSO
http_access allow manager localhost
http_access allow manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow all
# DNS GOOGLE
dns_nameservers 8.8.8.8
dns_nameservers 8.8.4.4
# DNS VIVOSPEEDY
dns_nameservers 200.205.125.58
dns_nameservers 200.205.125.57
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# Atualizacoes do cache
hierarchy_stoplist cgi-bin ?
hierarchy_stoplist html ?
#
refresh_pattern -i \.jpg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.gif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.png$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.jpeg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.bmp$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tiff$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.swf$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.exe$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.php$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.html$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.htm$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtml$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtm$ 0 20% 1440 reload-into-ims
# Videos
refresh_pattern -i \.(mp3|mp4|m4a|ogg|mov|avi|wmv|flv)$ 10080 90% 999999
ignore-no-cache override-expire ignore-private
# Widows UPDATE
refresh_pattern -i
microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|psf) 4320 80%
43200 reload-into-ims
refresh_pattern -i
windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|psf) 4320 80%
43200 reload-into-ims
refresh_pattern -i
update.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft) 4320
80% 432000 reload-into-ims
refresh_pattern -i
microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft) 4320 80%
432000 reload-into-ims
refresh_pattern -i
windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft) 4320 80%
432000 reload-into-ims
refresh_pattern -i
windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft) 4320 80%
432000 reload-into-ims
refresh_pattern -i
c2r.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft) 4320 80%
432000 reload-into-ims
refresh_pattern -i
download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft)
4320 80% 432000 reload-into-ims
# Antivirus
refresh_pattern guru.avg.com/.*\.(bin) 4320 100% 43200 reload-into-ims
refresh_pattern bguru.avg.com/.*\.(bin) 4320 100% 43200 reload-into-ims
refresh_pattern af.avg.com/.*\.(bin) 4320 100% 43200 reload-into-ims
refresh_pattern mbam-cdn.malwarebytes.org/.*\.(exe) 4320 100% 43200
reload-into-ims
refresh_pattern data-cdn.mbamupdates.com/.*\.(ref) 4320 100% 43200
reload-into-ims
refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200
reload-into-ims
refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080
100% 43200 reload-into-ims
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://lists.alioth.debian.org/pipermail/debian-br-gud-rs/attachments/20141029/3adc1de7/attachment-0001.html>
Mais detalhes sobre a lista de discussão Debian-br-gud-rs