[tune up] squid 3

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

[tune up] squid 3

Postby sipelaut » 20 Feb 2013, 13:36

udah ada yang tuning squid 3
bagi dong masbrooo
soalnya keknya alokasi memori punya ane kadang2 hanya kepakai dibawah 20% aja nichhh

Code: Select all

root@proxy:/proc# free -m
             total       used       free     shared    buffers     cached
Mem:          4024       2557       1467          0        305       1520
-/+ buffers/cache:        731       3293 <==== free
Swap:         9535          0       9535
User avatar
agumonfuad
Posts: 8
Joined: 16 Dec 2012, 08:05
Location: Tangerang
Contact:

Re: [tune up] squid 3

Postby agumonfuad » 20 Feb 2013, 16:20

Ukuran cache berapa ?
Apakah sudah terisi penuh ?

Menurutku penggunaan RAM tidak bisa menggambarkan performa squid. Coba gunakan software semacam squidclient atau semacamnya untuk memeriksa apakah sudah maksimal squidnya.
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 20 Feb 2013, 16:23

hmm...
masalahnya sichh sewaktu makek 2.7 stable penggunaan memori bisa sampek 75%
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 16:36

Mainkan secara gradual nilai pada opsi

Code: Select all

cache_mem ?? MB
maximum_object_size_in_memory ?? KB
Untuk memantaunya gunakan seperti saran mas Agumonfuad di atas (squidclient)
User avatar
wonglinggo
Posts: 21
Joined: 18 Feb 2013, 16:18
Location: lubuklinggau

Re: [tune up] squid 3

Postby wonglinggo » 20 Feb 2013, 17:09

ada yang tahu setting n konfigurasi squid 3.1.19 ngak... gan
tolong infonya.....
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 18:01

@wonglinggo
Anda buat trit sendiri saja mas, kasihan yang punya trit.
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 20 Feb 2013, 19:51

Pragola_Pati wrote:Mainkan secara gradual nilai pada opsi

Code: Select all

cache_mem ?? MB
maximum_object_size_in_memory ?? KB
Untuk memantaunya gunakan seperti saran mas Agumonfuad di atas (squidclient)

oke ane keknya juga mikirnya kesini
x-periment dulu...
User avatar
wonglinggo
Posts: 21
Joined: 18 Feb 2013, 16:18
Location: lubuklinggau

Re: [tune up] squid 3

Postby wonglinggo » 20 Feb 2013, 20:33

masalahnya nih dadakan buat materi ujian siswa all...
sb muai mentok... beda dgn squid 2.7
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 22:14

sipelaut wrote:
Pragola_Pati wrote:Mainkan secara gradual nilai pada opsi

Code: Select all

cache_mem ?? MB
maximum_object_size_in_memory ?? KB
Untuk memantaunya gunakan seperti saran mas Agumonfuad di atas (squidclient)

oke ane keknya juga mikirnya kesini
x-periment dulu...
OK, selamat ber-Xperiment Cak :)
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 20 Feb 2013, 22:14

wonglinggo wrote:masalahnya nih dadakan buat materi ujian siswa all...
sb muai mentok... beda dgn squid 2.7

tinggal apt-get install squid3
config squid3nya
ane gelar dah squid3 ane, siapa tau ada yang ngoreksi :wow:
Tampilkan
http_port 3128 transparent
hierarchy_stoplist cgi-bin ? localhost

acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
acl localnet src 127.0.0.1/255.255.255.255
acl lan src 192.168.11.0/255.255.255.240
acl luar src 192.168.10.0/255.255.255.0
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl purge method PURGE
acl connect method CONNEC

icp_port 3120
log_icp_queries off
icp_hit_stale off
query_icmp on

http_access allow localnet
http_access allow lan
http_access allow luar
http_access deny !safeports
http_access deny CONNECT !sslports
http_access deny purge
http_access deny CONNECT !sslports

cache_mem 3500 MB
maximum_object_size_in_memory 130560 KB
# maximum_object_size 120000 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /p1 68000 183 256
cache_dir aufs /p2 68000 183 256
cache_swap_low 95
cache_swap_high 99
store_dir_select_algorithm least-load|round-robin
access_log /var/log/squid3/access.log

cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^http: 720 90% 432000
refresh_pattern . 1440 90% 10080
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(php|asp|aspx|cgi|html|htm|css|js) 1440 75% 40320
refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95%

dns_nameservers 127.0.0.1 192.168.11.1
ipcache_size 8192
ipcache_low 90
ipcache_high 95
fqdncache_size 8192

cache_mgr aurel_alika_masihBOBOK
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
visible_hostname cahaya_malam

forward_timeout 240 second
connect_timeout 30 second
peer_connect_timeout 5 second
read_timeout 600 second
request_timeout 60 second
shutdown_lifetime 5 seconds

memory_pools off
client_db off
reload_into_ims on
pipeline_prefetch on
offline_mode off

acl download url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .tar .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .msi .mp4 .flv

delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_class 2 2
delay_parameters 2 15000/9000000 1500/9000000
delay_access 1 deny download
delay_access 1 allow all
delay_access 2 allow download !lan
delay_access 2 deny all
# ...

masih rada prawan tuch konfignya , maklum baru aja nyoba yang versi 3
seting iptbles untuk firewall dan untuk transparentnya (klo memang transparent)
ane gelar dah hasil iptablesnya, siapa tau ada tambahan buat ngamanin proxy
Tampilkan

Code: Select all

root@proxy:/etc/squid3# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere            tcp dpt:www to:192.168.10.28
DNAT       tcp  --  anywhere             anywhere            tcp dpt:www to:192.168.11.28
REDIRECT   tcp  --  anywhere             anywhere            tcp dpt:www redir ports 31

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


klo yang ini oprekan iptablesnya untuk transparent

ane terapin di squid 2.6 -2.7 ama squid 3 jalan semua tuchhh

Code: Select all

SQUID_SERVER_1="192.168.10.1"
SQUID_SERVER_2="192.168.11.1"
#INTERNET="eth2"
INTERNET="ppp0"
LAN_IN_1="eth0"
LAN_IN_2="eth1"
MODEM="eth2"
SQUID_PORT="3128"
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
modprobe ip_conntrack
modprobe ip_conntrack_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN_1 -j ACCEPT
iptables --append FORWARD --in-interface $LAN_IN_2 -j ACCEPT
iptables --append FORWARD --in-interface $MODEM -j ACCEPT
iptables -A INPUT -i $LAN_IN_1 -j ACCEPT
iptables -A OUTPUT -o $LAN_IN_1 -j ACCEPT
iptables -A INPUT -i $MODEM -j ACCEPT
iptables -A OUTPUT -o $MODEM -j ACCEPT
iptables -A INPUT -i $LAN_IN_2 -j ACCEPT
iptables -A OUTPUT -o $LAN_IN_2 -j ACCEPT
iptables -t nat -A PREROUTING -i $LAN_IN_1 -p tcp --dport 80 -j DNAT --to $SQUID_SERVER_1:$SQUID_PORT
iptables -t nat -A PREROUTING -i $LAN_IN_2 -p tcp --dport 80 -j DNAT --to $SQUID_SERVER_2:$SQUID_PORT
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

tinggal di buat autorun aja masbro
ISP makek yang murah speedol dengan diseting mode bridge di modemnya. jadi dialnya lewat server.. biar modem ngak cepet panas... soalnya proxy kantor full 24jam
mohon dikoreksi mastahhhhhhhhhhhhhhhhhhhh
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 20 Feb 2013, 22:20

tambah lagi nichhh
konfig buat sysctl.conf
mohon dikoreksi juga mastahhhhhhhhhhhh :wow:

Code: Select all

net.ipv4.ip_forward=1
net.core.rmem_max = 16777216
net.core.rmem_default = 262144
net.core.wmem_max = 16777216
net.core.wmem_default = 262144
net.core.netdev_max_backlog = 4000
net.ipv4.ip_local_port_range = 2048 65000
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.msgmnb = 65536
kernel.core_uses_pid = 1
kernel.sysrq = 0
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
vm.drop_caches = 3
vm.swappiness = 3

btw...........
untuk "net.ipv4.ip_forward=1" ane pernah ngak aktifin kok client masih bisa internetan yaa.... dengan begitukan fungsi router mati tuchh ???
apa karena setingan iptables ane yaa yang bikin mengALLOW semua koneksi dari modem ke clientt
mohon penjelasannya masbrooo........ mastahhhhhhhhhh
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 23:13

sipelaut wrote:untuk "net.ipv4.ip_forward=1" ane pernah ngak aktifin kok client masih bisa internetan yaa.... dengan begitukan fungsi router mati tuchh ???
selesai edit sudah jalankan ?

Code: Select all

sysctl -p
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 20 Feb 2013, 23:32

Pragola_Pati wrote:
sipelaut wrote:untuk "net.ipv4.ip_forward=1" ane pernah ngak aktifin kok client masih bisa internetan yaa.... dengan begitukan fungsi router mati tuchh ???
selesai edit sudah jalankan ?

Code: Select all

sysctl -p

klo reboot apakah sama aja masbro....
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 23:38

sama, tapi resikonya cache yang tersimpan di memory "lenyap"
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 23:54

Kalau ada waktu, coba yang ini cak

Code: Select all

cache_mem 3500 MB   ======> 16 MB
maximum_object_size_in_memory 130560 KB  ======> 32 KB
cache_swap_low 95   ====> 98
cache_swap_high 99   ====> 99
quick_abort_pct 95%   ====> 98

ipcache_size 8192    ====> 4098
ipcache_low 90      ====> 98
ipcache_high 95      ====> 99
fqdncache_size 8192   ====> 2048

#jika 1 HDD
cache_dir aufs /p1 68000 183 256   ===> 15000 32 256
#store_dir_select_algorithm least-load|round-robin

#jika 2 HDD
cache_dir aufs /p1 68000 183 256   ===> 15000 32 256 (HDD 1)
cache_dir aufs /p2 68000 183 256   ===> 15000 32 256 (HDD 2)
store_dir_select_algorithm least-load|round-robin

#delay_pool di-command saja semua, mending pakai webHTB
#squid hanya membatasasi di sisi client, tapi squid sendiri
#download dengan full-speed ke server origin. rugi toh ?
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 21 Feb 2013, 08:48

Pragola_Pati wrote:Kalau ada waktu, coba yang ini cak

Code: Select all

cache_mem 3500 MB   ======> 16 MB
maximum_object_size_in_memory 130560 KB  ======> 32 KB
cache_swap_low 95   ====> 98
cache_swap_high 99   ====> 99
quick_abort_pct 95%   ====> 98

ipcache_size 8192    ====> 4098
ipcache_low 90      ====> 98
ipcache_high 95      ====> 99
fqdncache_size 8192   ====> 2048

#jika 1 HDD
cache_dir aufs /p1 68000 183 256   ===> 15000 32 256
#store_dir_select_algorithm least-load|round-robin

#jika 2 HDD
cache_dir aufs /p1 68000 183 256   ===> 15000 32 256 (HDD 1)
cache_dir aufs /p2 68000 183 256   ===> 15000 32 256 (HDD 2)
store_dir_select_algorithm least-load|round-robin

#delay_pool di-command saja semua, mending pakai webHTB
#squid hanya membatasasi di sisi client, tapi squid sendiri
#download dengan full-speed ke server origin. rugi toh ?

makasih masbro hari ini mo ditess
tapi seperti judul postingan saya yang pertama
untuk persoalan utamanya sichh saya genjot penggunaan memori dulu
jadi untuk

Code: Select all

cache_mem 3500 MB   ======> 16 MB
maximum_object_size_in_memory 130560 KB  ======> 32 KB

masih pancet menggunakan 3500 ama 130560
pengen tau alokasi memori dulu masbro..
btw makasih atas sharingnya..... apalagi delaypool, saya baru nyadar ternyata hanya squid aja yang nyekek benwithnya, tapi koneksi ke server malah masih original :hajarpc:
btw kira2 ada contoh untuk delaypoll dynamis ngak soalnya pernah denger masalah kek gini di forum sebelah
User avatar
sr_aja
Posts: 602
Joined: 10 Dec 2012, 11:21
Location: Jakarta

Re: [tune up] squid 3

Postby sr_aja » 21 Feb 2013, 09:06

sipelaut wrote:tambah lagi nichhh
konfig buat sysctl.conf
mohon dikoreksi juga mastahhhhhhhhhhhh :wow:

Code: Select all

net.ipv4.ip_forward=1
net.core.rmem_max = 16777216
net.core.rmem_default = 262144
net.core.wmem_max = 16777216
net.core.wmem_default = 262144
net.core.netdev_max_backlog = 4000
net.ipv4.ip_local_port_range = 2048 65000
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_mem = 786432 1048576 1572864
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.msgmnb = 65536
kernel.core_uses_pid = 1
kernel.sysrq = 0
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
vm.drop_caches = 3
vm.swappiness = 3

btw...........
untuk "net.ipv4.ip_forward=1" ane pernah ngak aktifin kok client masih bisa internetan yaa.... dengan begitukan fungsi router mati tuchh ???
apa karena setingan iptables ane yaa yang bikin mengALLOW semua koneksi dari modem ke clientt
mohon penjelasannya masbrooo........ mastahhhhhhhhhh


kan ade option
echo 1 > /proc/sys/net/ipv4/ip_forward
di iptables nya ;)
itu kan sama ajah menambahkan nilai true (1) ke file /proc/sys/net/ipv4/ip_forward

untuk meyakinkan nya;
coba command ini;

sudo more /proc/sys/net/ipv4/ip_forward

kalau nilai nya (1), berarti itu karena script iptables di atas, tapi kalau nilainya 0, gw ngak tau jawaban nya deh :D
User avatar
wonglinggo
Posts: 21
Joined: 18 Feb 2013, 16:18
Location: lubuklinggau

Re: [tune up] squid 3

Postby wonglinggo » 21 Feb 2013, 10:39

[img:center]http://i49.tinypic.com/2wnmnvm.png[/img]

kalo masalah seperti ini apa yang salahnya ya gan? mohon bantuannya ya gan
User avatar
sr_aja
Posts: 602
Joined: 10 Dec 2012, 11:21
Location: Jakarta

Re: [tune up] squid 3

Postby sr_aja » 21 Feb 2013, 11:11

@wonglinggo
coba matikan ipv6 nya, kalau memang ngak di gunakan
kalau bisa seh posting disini squid.conf nya

biar nanti di revisi oleh om pragola bagian aclnya
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3 [squidcleint eror nichh]

Postby sipelaut » 21 Feb 2013, 11:48

cek squidclient kok eror yahhh.....

Code: Select all

root@proxy:/etc/squid3# squidclient mgr:info
assert "false" at line 650
IpAddress invalid? with IsIPv4()=F, IsIPv6()=T
ADDRESS: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
squidclient: IpAddress.cc:650: void IpAddress::GetAddrInfo(addrinfo*&, int) const: Assertion `false' failed.
Aborted

=====update==========
sorii udah bisa ternyata makek ini

Code: Select all

squidclient -h 127.0.0.1 mgr:info

Return to “Ubuntu Server”

Who is online

Users browsing this forum: No registered users and 1 guest