[tune up] squid 3

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
sipelaut
Posts: 1965
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

[tune up] squid 3

Postby sipelaut » 20 Feb 2013, 13:36

udah ada yang tuning squid 3
bagi dong masbrooo
soalnya keknya alokasi memori punya ane kadang2 hanya kepakai dibawah 20% aja nichhh

Code: Select all

root@proxy:/proc# free -m total used free shared buffers cached Mem: 4024 2557 1467 0 305 1520 -/+ buffers/cache: 731 3293 <==== free Swap: 9535 0 9535
User avatar
agumonfuad
Posts: 8
Joined: 16 Dec 2012, 08:05
Location: Tangerang
Contact:

Re: [tune up] squid 3

Postby agumonfuad » 20 Feb 2013, 16:20

Ukuran cache berapa ?
Apakah sudah terisi penuh ?

Menurutku penggunaan RAM tidak bisa menggambarkan performa squid. Coba gunakan software semacam squidclient atau semacamnya untuk memeriksa apakah sudah maksimal squidnya.
User avatar
sipelaut
Posts: 1965
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 20 Feb 2013, 16:23

hmm...
masalahnya sichh sewaktu makek 2.7 stable penggunaan memori bisa sampek 75%
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 16:36

Mainkan secara gradual nilai pada opsi

Code: Select all

cache_mem ?? MB maximum_object_size_in_memory ?? KB
Untuk memantaunya gunakan seperti saran mas Agumonfuad di atas (squidclient)
User avatar
wonglinggo
Posts: 21
Joined: 18 Feb 2013, 16:18
Location: lubuklinggau

Re: [tune up] squid 3

Postby wonglinggo » 20 Feb 2013, 17:09

ada yang tahu setting n konfigurasi squid 3.1.19 ngak... gan
tolong infonya.....
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 18:01

@wonglinggo
Anda buat trit sendiri saja mas, kasihan yang punya trit.
User avatar
sipelaut
Posts: 1965
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 20 Feb 2013, 19:51

Mainkan secara gradual nilai pada opsi

Code: Select all

cache_mem ?? MB maximum_object_size_in_memory ?? KB
Untuk memantaunya gunakan seperti saran mas Agumonfuad di atas (squidclient)
oke ane keknya juga mikirnya kesini
x-periment dulu...
User avatar
wonglinggo
Posts: 21
Joined: 18 Feb 2013, 16:18
Location: lubuklinggau

Re: [tune up] squid 3

Postby wonglinggo » 20 Feb 2013, 20:33

masalahnya nih dadakan buat materi ujian siswa all...
sb muai mentok... beda dgn squid 2.7
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 22:14

Mainkan secara gradual nilai pada opsi

Code: Select all

cache_mem ?? MB maximum_object_size_in_memory ?? KB
Untuk memantaunya gunakan seperti saran mas Agumonfuad di atas (squidclient)
oke ane keknya juga mikirnya kesini
x-periment dulu...
OK, selamat ber-Xperiment Cak :)
User avatar
sipelaut
Posts: 1965
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 20 Feb 2013, 22:14

masalahnya nih dadakan buat materi ujian siswa all...
sb muai mentok... beda dgn squid 2.7

tinggal apt-get install squid3
config squid3nya
ane gelar dah squid3 ane, siapa tau ada yang ngoreksi :wow:
[spoiler]http_port 3128 transparent
hierarchy_stoplist cgi-bin ? localhost

acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
acl localnet src 127.0.0.1/255.255.255.255
acl lan src 192.168.11.0/255.255.255.240
acl luar src 192.168.10.0/255.255.255.0
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81
acl purge method PURGE
acl connect method CONNEC

icp_port 3120
log_icp_queries off
icp_hit_stale off
query_icmp on

http_access allow localnet
http_access allow lan
http_access allow luar
http_access deny !safeports
http_access deny CONNECT !sslports
http_access deny purge
http_access deny CONNECT !sslports

cache_mem 3500 MB
maximum_object_size_in_memory 130560 KB
# maximum_object_size 120000 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /p1 68000 183 256
cache_dir aufs /p2 68000 183 256
cache_swap_low 95
cache_swap_high 99
store_dir_select_algorithm least-load|round-robin
access_log /var/log/squid3/access.log

cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^http: 720 90% 432000
refresh_pattern . 1440 90% 10080
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(php|asp|aspx|cgi|html|htm|css|js) 1440 75% 40320
refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95%

dns_nameservers 127.0.0.1 192.168.11.1
ipcache_size 8192
ipcache_low 90
ipcache_high 95
fqdncache_size 8192

cache_mgr aurel_alika_masihBOBOK
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
visible_hostname cahaya_malam

forward_timeout 240 second
connect_timeout 30 second
peer_connect_timeout 5 second
read_timeout 600 second
request_timeout 60 second
shutdown_lifetime 5 seconds

memory_pools off
client_db off
reload_into_ims on
pipeline_prefetch on
offline_mode off

acl download url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .tar .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .msi .mp4 .flv

delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_class 2 2
delay_parameters 2 15000/9000000 1500/9000000
delay_access 1 deny download
delay_access 1 allow all
delay_access 2 allow download !lan
delay_access 2 deny all
# ...[/spoiler]
masih rada prawan tuch konfignya , maklum baru aja nyoba yang versi 3
seting iptbles untuk firewall dan untuk transparentnya (klo memang transparent)
ane gelar dah hasil iptablesnya, siapa tau ada tambahan buat ngamanin proxy
[spoiler]

Code: Select all

root@proxy:/etc/squid3# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere anywhere tcp dpt:www to:192.168.10.28 DNAT tcp -- anywhere anywhere tcp dpt:www to:192.168.11.28 REDIRECT tcp -- anywhere anywhere tcp dpt:www redir ports 31 Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination
[/spoiler]

klo yang ini oprekan iptablesnya untuk transparent

ane terapin di squid 2.6 -2.7 ama squid 3 jalan semua tuchhh

Code: Select all

SQUID_SERVER_1="192.168.10.1" SQUID_SERVER_2="192.168.11.1" #INTERNET="eth2" INTERNET="ppp0" LAN_IN_1="eth0" LAN_IN_2="eth1" MODEM="eth2" SQUID_PORT="3128" iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X modprobe ip_conntrack modprobe ip_conntrack_ftp echo 1 > /proc/sys/net/ipv4/ip_forward iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN_1 -j ACCEPT iptables --append FORWARD --in-interface $LAN_IN_2 -j ACCEPT iptables --append FORWARD --in-interface $MODEM -j ACCEPT iptables -A INPUT -i $LAN_IN_1 -j ACCEPT iptables -A OUTPUT -o $LAN_IN_1 -j ACCEPT iptables -A INPUT -i $MODEM -j ACCEPT iptables -A OUTPUT -o $MODEM -j ACCEPT iptables -A INPUT -i $LAN_IN_2 -j ACCEPT iptables -A OUTPUT -o $LAN_IN_2 -j ACCEPT iptables -t nat -A PREROUTING -i $LAN_IN_1 -p tcp --dport 80 -j DNAT --to $SQUID_SERVER_1:$SQUID_PORT iptables -t nat -A PREROUTING -i $LAN_IN_2 -p tcp --dport 80 -j DNAT --to $SQUID_SERVER_2:$SQUID_PORT iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT iptables -A INPUT -j LOG iptables -A INPUT -j DROP
tinggal di buat autorun aja masbro
ISP makek yang murah speedol dengan diseting mode bridge di modemnya. jadi dialnya lewat server.. biar modem ngak cepet panas... soalnya proxy kantor full 24jam
mohon dikoreksi mastahhhhhhhhhhhhhhhhhhhh
User avatar
sipelaut
Posts: 1965
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 20 Feb 2013, 22:20

tambah lagi nichhh
konfig buat sysctl.conf
mohon dikoreksi juga mastahhhhhhhhhhhh :wow:

Code: Select all

net.ipv4.ip_forward=1 net.core.rmem_max = 16777216 net.core.rmem_default = 262144 net.core.wmem_max = 16777216 net.core.wmem_default = 262144 net.core.netdev_max_backlog = 4000 net.ipv4.ip_local_port_range = 2048 65000 net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 net.ipv4.tcp_no_metrics_save = 1 net.ipv4.tcp_low_latency = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_sack = 1 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_sack = 1 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.msgmnb = 65536 kernel.core_uses_pid = 1 kernel.sysrq = 0 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 vm.drop_caches = 3 vm.swappiness = 3
btw...........
untuk "net.ipv4.ip_forward=1" ane pernah ngak aktifin kok client masih bisa internetan yaa.... dengan begitukan fungsi router mati tuchh ???
apa karena setingan iptables ane yaa yang bikin mengALLOW semua koneksi dari modem ke clientt
mohon penjelasannya masbrooo........ mastahhhhhhhhhh
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 23:13

untuk "net.ipv4.ip_forward=1" ane pernah ngak aktifin kok client masih bisa internetan yaa.... dengan begitukan fungsi router mati tuchh ???
selesai edit sudah jalankan ?

Code: Select all

sysctl -p
User avatar
sipelaut
Posts: 1965
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 20 Feb 2013, 23:32

untuk "net.ipv4.ip_forward=1" ane pernah ngak aktifin kok client masih bisa internetan yaa.... dengan begitukan fungsi router mati tuchh ???
selesai edit sudah jalankan ?

Code: Select all

sysctl -p

klo reboot apakah sama aja masbro....
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 23:38

sama, tapi resikonya cache yang tersimpan di memory "lenyap"
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: [tune up] squid 3

Postby q_p » 20 Feb 2013, 23:54

Kalau ada waktu, coba yang ini cak

Code: Select all

cache_mem 3500 MB ======> 16 MB maximum_object_size_in_memory 130560 KB ======> 32 KB cache_swap_low 95 ====> 98 cache_swap_high 99 ====> 99 quick_abort_pct 95% ====> 98 ipcache_size 8192 ====> 4098 ipcache_low 90 ====> 98 ipcache_high 95 ====> 99 fqdncache_size 8192 ====> 2048 #jika 1 HDD cache_dir aufs /p1 68000 183 256 ===> 15000 32 256 #store_dir_select_algorithm least-load|round-robin #jika 2 HDD cache_dir aufs /p1 68000 183 256 ===> 15000 32 256 (HDD 1) cache_dir aufs /p2 68000 183 256 ===> 15000 32 256 (HDD 2) store_dir_select_algorithm least-load|round-robin #delay_pool di-command saja semua, mending pakai webHTB #squid hanya membatasasi di sisi client, tapi squid sendiri #download dengan full-speed ke server origin. rugi toh ?
User avatar
sipelaut
Posts: 1965
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3

Postby sipelaut » 21 Feb 2013, 08:48

Kalau ada waktu, coba yang ini cak

Code: Select all

cache_mem 3500 MB ======> 16 MB maximum_object_size_in_memory 130560 KB ======> 32 KB cache_swap_low 95 ====> 98 cache_swap_high 99 ====> 99 quick_abort_pct 95% ====> 98 ipcache_size 8192 ====> 4098 ipcache_low 90 ====> 98 ipcache_high 95 ====> 99 fqdncache_size 8192 ====> 2048 #jika 1 HDD cache_dir aufs /p1 68000 183 256 ===> 15000 32 256 #store_dir_select_algorithm least-load|round-robin #jika 2 HDD cache_dir aufs /p1 68000 183 256 ===> 15000 32 256 (HDD 1) cache_dir aufs /p2 68000 183 256 ===> 15000 32 256 (HDD 2) store_dir_select_algorithm least-load|round-robin #delay_pool di-command saja semua, mending pakai webHTB #squid hanya membatasasi di sisi client, tapi squid sendiri #download dengan full-speed ke server origin. rugi toh ?

makasih masbro hari ini mo ditess
tapi seperti judul postingan saya yang pertama
untuk persoalan utamanya sichh saya genjot penggunaan memori dulu
jadi untuk

Code: Select all

cache_mem 3500 MB ======> 16 MB maximum_object_size_in_memory 130560 KB ======> 32 KB
masih pancet menggunakan 3500 ama 130560
pengen tau alokasi memori dulu masbro..
btw makasih atas sharingnya..... apalagi delaypool, saya baru nyadar ternyata hanya squid aja yang nyekek benwithnya, tapi koneksi ke server malah masih original :hajarpc:
btw kira2 ada contoh untuk delaypoll dynamis ngak soalnya pernah denger masalah kek gini di forum sebelah
User avatar
sr_aja
Posts: 603
Joined: 10 Dec 2012, 11:21
Location: Jakarta

Re: [tune up] squid 3

Postby sr_aja » 21 Feb 2013, 09:06

tambah lagi nichhh
konfig buat sysctl.conf
mohon dikoreksi juga mastahhhhhhhhhhhh :wow:

Code: Select all

net.ipv4.ip_forward=1 net.core.rmem_max = 16777216 net.core.rmem_default = 262144 net.core.wmem_max = 16777216 net.core.wmem_default = 262144 net.core.netdev_max_backlog = 4000 net.ipv4.ip_local_port_range = 2048 65000 net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 net.ipv4.tcp_no_metrics_save = 1 net.ipv4.tcp_low_latency = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_sack = 1 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_sack = 1 net.ipv4.tcp_mem = 786432 1048576 1572864 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.msgmnb = 65536 kernel.core_uses_pid = 1 kernel.sysrq = 0 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 vm.drop_caches = 3 vm.swappiness = 3
btw...........
untuk "net.ipv4.ip_forward=1" ane pernah ngak aktifin kok client masih bisa internetan yaa.... dengan begitukan fungsi router mati tuchh ???
apa karena setingan iptables ane yaa yang bikin mengALLOW semua koneksi dari modem ke clientt
mohon penjelasannya masbrooo........ mastahhhhhhhhhh
kan ade option
echo 1 > /proc/sys/net/ipv4/ip_forward
di iptables nya ;)
itu kan sama ajah menambahkan nilai true (1) ke file /proc/sys/net/ipv4/ip_forward

untuk meyakinkan nya;
coba command ini;

sudo more /proc/sys/net/ipv4/ip_forward

kalau nilai nya (1), berarti itu karena script iptables di atas, tapi kalau nilainya 0, gw ngak tau jawaban nya deh :D
User avatar
wonglinggo
Posts: 21
Joined: 18 Feb 2013, 16:18
Location: lubuklinggau

Re: [tune up] squid 3

Postby wonglinggo » 21 Feb 2013, 10:39

[img:center]http://i49.tinypic.com/2wnmnvm.png[/img]

kalo masalah seperti ini apa yang salahnya ya gan? mohon bantuannya ya gan
User avatar
sr_aja
Posts: 603
Joined: 10 Dec 2012, 11:21
Location: Jakarta

Re: [tune up] squid 3

Postby sr_aja » 21 Feb 2013, 11:11

@wonglinggo
coba matikan ipv6 nya, kalau memang ngak di gunakan
kalau bisa seh posting disini squid.conf nya

biar nanti di revisi oleh om pragola bagian aclnya
User avatar
sipelaut
Posts: 1965
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: [tune up] squid 3 [squidcleint eror nichh]

Postby sipelaut » 21 Feb 2013, 11:48

cek squidclient kok eror yahhh.....

Code: Select all

root@proxy:/etc/squid3# squidclient mgr:info assert "false" at line 650 IpAddress invalid? with IsIPv4()=F, IsIPv6()=T ADDRESS: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 squidclient: IpAddress.cc:650: void IpAddress::GetAddrInfo(addrinfo*&, int) const: Assertion `false' failed. Aborted
=====update==========
sorii udah bisa ternyata makek ini

Code: Select all

squidclient -h 127.0.0.1 mgr:info

Who is online

Users browsing this forum: No registered users and 23 guests