MY SQUID.CONF

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
Mario
Posts: 18
Joined: 27 May 2010, 12:14
Location: Medan Sumut
Contact:

MY SQUID.CONF

Postby Mario » 27 May 2010, 12:46

http_port 192.168.0.2:8080 transparent
icp_port 0
hierarchy_stoplist cgi-bin ? *.ac.id
acl QUERY urlpath_regex cgi-bin \? *.ac.id
no_cache deny QUERY
server_http11 on
cache_mem 8 MB
maximum_object_size 10 MB
cache_swap_low 90
cache_swap_high 95
ipcache_size 4096
ipcache_low 98
ipcache_high 99
fqdncache_size 4096
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache1 150000 469 256 <== HDD 250 GB di pake untuk squid 150GB aja
log_fqdn off
log_icp_queries off
buffered_logs on
log_mime_hdrs on
emulate_httpd_log off
cache_access_log none
cache_log none
cache_store_log none
mime_table /usr/share/squid/mime.conf
pid_filename /var/run/squid.pid
coredump_dir /var/spool/squid/
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on

dns_nameservers 203.130.206.250
dns_nameservers 202.134.0.155
dns_nameservers 208.67.222.222
dns_nameservers 208.67.220.220

refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern -i \.(class|css|js|tif)(\?.*)?$ 1440 95% 100000080 reload-into-ims override-lastmod
refresh_pattern -i \.(jpe|jpg|jpeg|png|bmp|gif)(\?.*)?$ 0 95% 1000000080 reload-into-ims override-lastmod
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)(\?.*)?$ 2 20% 432000 reload-into-ims override-lastmod
refresh_pattern -i \.(ini)(\?.*)?$ 2 5% 10800 reload-into-ims override-lastmod
refresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.static.ak.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://apps.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://facebook.poker.zynga.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://statics.poker.static.zynga.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://profile.ak.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static-facebook.farmville.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static.farmville.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://zbar.static.zynga.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320



quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100%
icp_hit_stale on
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on


acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl lan src 192.168.1.23-192.168.1.111/24
acl wifi src 192.168.4.100-192.168.4.200/24
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl download url_regex -i \.mpg$ \.mpeg$ \.avi$ \.dat$ \.exe$ \.vqf$ \.tar.gz$ \.gz$ \.rpm$
acl download url_regex -i \.zip$ \.bz2$ \.rar$ \.qt$ \.ram$ \.rm$ \.iso$ \.raw$ \.wav$ \.mov$ \.cab$
http_access allow manager localhost
http_access allow localhost
http_access allow manager lan
http_access allow lan
http_access allow manager wifi
http_access allow wifi
http_reply_access allow all
always_direct allow all
icp_access allow all
miss_access allow all
cache deny download
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny manager
http_access deny download
http_access deny all


negative_ttl 2 minutes
client_persistent_connections on
server_persistent_connections on
update_headers on
redirect_rewrites_host_header off
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
connect_timeout 1 minute
read_timeout 1 minutes
request_timeout 1 minutes
persistent_request_timeout 2 minutes
half_closed_clients on
ignore_unknown_nameservers on
shutdown_lifetime 10 second
memory_pools off
forwarded_for off
half_closed_clients off
high_page_fault_warning 2
nonhierarchical_direct off
prefer_direct off
cache_mgr mylaponet@ymail.com
cache_effective_user squid
cache_effective_group squid
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

Saya merasa ada yang salah nih dg squid.conf saya.
sepertinya masih lambat,
P4 478
Real memory 1.47 GB total, 83.26 MB used
SQUID di instal di HDD 10gb
cache di HDD 250GB di gunakan 150 gb aja untuk cache
topologi

============================wifi
=============================|
=============================|
========speedy(bridge)====mikrotik(pppoe)===LAN
=============================|
=============================|
=============================|
==================Squid 9.10 server squid

Tolong denh teman apa yang salah dengen squid saya itu
1 lagi kenapa kalo buka situs
snmptn.ac.id
http://penerimaan.spmb.or.id/
http://www.semanggi51.com/ <== waktu penerimaan jamsosetk itu
saya harus buat rule di NAT untuk bypass situs tersebut agar tidak lewat squid, baru berjalan normal situs nya

Salam Hormat
User avatar
Mario
Posts: 18
Joined: 27 May 2010, 12:14
Location: Medan Sumut
Contact:

Re: MY SQUID.CONF

Postby Mario » 27 May 2010, 12:53

gimana yang cara mengatasi situs yg gak bisa di cache squid
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: MY SQUID.CONF

Postby sipelaut » 28 May 2010, 13:38

> cache_dir aufs /cache1 150000 469 256

kalo pengalaman saya. squid saya pernah gak bisa ngecache sama sekali (selalu miss) akhirnya saya coba nambahin lagi tempat cachenya. mending ditambah lagi tempat penyimpanannya
3 atau 4 lagi. dan untuk alokasinya diperkecil saja bisa dibuat 10000 16 256
maaf saya juga lgi belajar nichh. munkin ada yg bisa nambahin lagi.??
CMIIW
User avatar
Rh354
Posts: 718
Joined: 14 Mar 2010, 19:56
Location: between the truth and the lies
Contact:

Re: MY SQUID.CONF

Postby Rh354 » 28 May 2010, 14:33

cache_dir aufs /cache1 150000 469 256 -----> buset....tipe HDD nya apaan nich SCSI ato IDE

bakalan lambat ni squidnya(ga' responsif)

Hal yang perlu di ingat adalah jangan membuat cache dir lebih dari 20GB per partisi mengingat spindle head HDD demi terjaganya aliran data. (kecuali SCSI HDD bisa dibuat maksimal 100GB per partisi)

AFAIK mending lo buat cache 20Gb dengan 5 HDD daripada lo pake cache besar di satu HDD dengan kapasitas yg besar...


misal lo buat dengan cache 20Gb

berarti cachenya

cache_dir aufs /cache 20000 48 256

klo SCSI mo dibuat 100Gb jg bs

cache_dir aufs /cache 100000 235 256
===================================================
refresh_pattern -i \.(ini)(\?.*)?$ 2 5% 10800 reload-into-ims override-lastmod
refresh_pattern ^http://*.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.static.ak.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://*.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://apps.facebook.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://facebook.poker.zynga.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://statics.poker.static.zynga.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://profile.ak.fbcdn.net/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static-facebook.farmville.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://static.farmville.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth
refresh_pattern ^http://zbar.static.zynga.com/.* 720 100% 10080 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-auth

refresh pattern yg 100% lebih baik dikurangin menjadi 90 ato 95% aja kasian yg maen poker..(klo 100 menyebabkan sitenya ga' update contoh klo buka kompas dsb)

======================

ga' normalnya gimana bro site2 diatas gw buka normal koq..

==========================

di mikrotik udah diatur rulesnya bro

============================

klo diliat speknya udah lebih dari cukup buat squid ngacir,squidnya dedicated khan bro...

trus tipe partisinya seperti apa

apakah ext4 ato reiserfs

==========================

udah coba optimalkan kernelnya


contoh settingan warnet temen gw

# HIGH PERFORMANCE SQUID 2.7
# ApisTECH IT Development
# Config date : 19 Februari 2010
###########################################

# ACCESS CONTROLS
#----------------

acl QUERY urlpath_regex -i cgi-bin \? \.php$ \.asp$ \.shtml$ \.cfm$ \.cfml$ \.phtml$ \.php3$ localhost
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 563 81
acl Safe_ports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl CONNECT method CONNECT
acl purge method PURGE
acl ApisTECH src 192.168.2.0/27

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ApisTECH
http_access allow localnet
http_access deny all

# NETWORK OPTIONS
#----------------

http_port 3128 transparent
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

icp_port 0
htcp_port 0
icp_access deny all
htcp_access deny all

snmp_port 0
snmp_access deny all

# OPTIONS WHICH AFFECT THE CACHE SIZE
#------------------------------------

cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /cache1 7500 16 256
cache_dir aufs /cache2 7500 16 256
cache_dir aufs /cache3 7500 16 256
store_dir_select_algorithm least-load
maximum_object_size 128000 KB
cache_swap_low 90
cache_swap_high 95
update_headers off

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#----------------------------------------

access_log none
cache_log /dev/null
cache_store_log none
logfile_rotate 5
log_ip_on_direct off
log_icp_queries off
buffered_logs off
netdb_filename none
pid_filename /var/run/squid.pid

# OPTIONS FOR TUNING THE CACHE
#-----------------------------

cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(rpm|cab|deb|exe|msi|msu|zip|tar|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i \.(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i \.index.(html|htm)$ 0 75% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 1440 90% 10080

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 98
store_avg_object_size 13 KB

# HTTP OPTIONS
#-------------

server_http11 on
collapsed_forwarding on
vary_ignore_expire on
header_access From deny all
header_access Server deny all
header_access Link deny all
header_access Via deny all
header_access X-Forwarded-For deny all

# TIMEOUTS
#---------

forward_timeout 240 seconds
connect_timeout 30 second
peer_connect_timeout 5 seconds
read_timeout 600 second
request_timeout 60 second
persistent_request_timeout 60 seconds
client_lifetime 86400 second
half_closed_clients off
pconn_timeout 60 second
shutdown_lifetime 10 second

# ADMINISTRATIVE PARAMETERS
#--------------------------

cache_mgr ApisTECH
cache_effective_user squid
cache_effective_group squid
httpd_suppress_version_string on
visible_hostname ApisTECH

# DELAY POOL PARAMETERS
#----------------------

# ADVANCED NETWORKING OPTIONS
#---------------------------

max_filedescriptors 4096

# DNS OPTIONS
#-----------

check_hostnames off
dns_timeout 10 seconds
dns_nameservers 125.160.4.82 203.130.196.155 203.130.196.5 222.124.204.34 202.134.0.61 8.8.4.4 8.8.8.8
hosts_file /etc/hosts
ipcache_size 8192
ipcache_low 90
ipcache_high 95
fqdncache_size 4096

# MISCELLANEOUS
#--------------

memory_pools off
forwarded_for off
reload_into_ims on
coredump_dir /cache1
pipeline_prefetch on
offline_mode off
# -=EoF=-

Code: Select all

http://apistech.wordpress.com/2010/03/28/tuning-high-performance-squid-cache/


klo mo ngeblock ato batesin download tinggal pake delaypools parameter :D
User avatar
zitux
Posts: 843
Joined: 15 Jan 2010, 23:17
Location: Malang Jatim Indonesia
Contact:

Re: MY SQUID.CONF

Postby zitux » 28 May 2010, 19:47

[quote=Rh354]

AFAIK mending lo buat cache 20Gb dengan 5 HDD daripada lo pake cache besar di satu HDD dengan kapasitas yg besar...


misal lo buat dengan cache 20Gb

berarti cachenya

cache_dir aufs /cache 20000 48 256

klo SCSI mo dibuat 100Gb jg bs

cache_dir aufs /cache 100000 235 256



klo misal pake 2 hardisk ? gimana bro ?
1hardisk untuk linux nya ( OS)
1hardisk untuk cache nya ?
misal hardisk untuk chace dikasih 160GB dari jawaban diatas kan mending dibuat bnayk partisi dari pada 1 partisi besar

klo misal dari 160GB tak buat cache 8GB an jadi = ada 20 partisi untuk chace

di chown -R proxy.proxy /letak_partisi = sebanyak 20kali ???

trus waktu jalanin squid -z cuma 1x <---- bener ndak ?

trus cara kerja squid nya gimana ?
maksutnya squid itu milih nya partisi yg mana dulu
misal sad1 sda1 sda3 sda4
sda1 dulu dikerjain sampe penuh setelah penuh dia beralih ke sda2 dst ??

atau squid milih cache nya bersamaan dibagi rata sda1,sda2,sda3dst secara bersamaan jadi penuh nya bareng2 :confused:


1 lagi bro
1 gb cache membutuhkan 10 mb ram.
berarti klo pake 160GB bearti membutuhkan 16GB ram/memory :grin:
terima kash