:

---------------------------------------------------------------
     
http://www.atals.net.ru/Squid-faq.html
---------------------------------------------------------------




Squid -    , ,
  ,      
.   FAQ   .    
 .         
   Squid.



      ilgam@atlas.net.ru






    -  ,  , Copyright
© 1997


  






1  Squid,  FAQ,     Squid




1.1   Squid?

Squid      web , 
ftp, gopher,  http.      , Squid
    ,   /. Squid
     ,  DNS ,  
  DNS ,     .  
SSL,       . 
Internet Cache Protocol (ICP),  Squid   
      .


Squid   -   squid,  
DNS  dnsserver,   ftp  ftpget,
    .  squid ,
    dnsserver-,    
,   DNS .   
    DNS.


Squid      ARPA  Harvest. http://harvest.cs.colorado.edu/


1.2     ?

       (, 
  http, ftp  gopher )  ,  
    .    
Squid   http -,    ,   
.


1.3  Squid?

Harris' Lament , "All the good ones are taken." - "  
 "


   -    Harvest. Squid  
    ,    .


1.4    Squid?

Squid  ;      http://squid.nlanr.net/Squid/


1.5   Squid?

Squid        Internet. 
 Duane Wessels  National
Laboratory for Applied Network Research ( National Science Foundation).


1.6    Squid?

    ftp :




ftp://squid.nlanr.net/pub/.



     :




http://squid.nlanr.net/Squid/mirrors.html






1.7      Squid?



      http://squid.nlanr.net/Mail-Archive/squid-users/


1.8 Web   Squid.

    Squid http://squid.nlanr.net/Squid/,
  http://www.nlanr.net/Cache/
    .


1.9    Squid?

  Squid,  README:

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.




1.10  Squid FAQ

Jonathan Larmour <JLarmour@origin-at.co.uk>

Cord Beermann <cord@cc.fh-lippe.de>

Tony Sterrett <tony@nlanr.net>

Gerard Hynes
<ghynes@compusult.nf.ca>

<tkatayam@pi.titech.ac.jp>

Duane Wessels <wessels@nlanr.net>

K Claffy <kc@nlanr.net>

Paul Southworth <pauls@etext.org>


  ,    : squid-faq@nlanr.net.







2 




2.1    ?

      squid-x.y.z-src.tar.gz
(, squid-1.1.6-src.tar.gz)  http://squid.nlanr.net/Squid/.
      ,  
 patch,     ftp://prep.ai.mit.edu/pub/gnu/.


2.2    Squid?

     ,  :


% gzip -dc squid-x.y.z-src.tar.gz | tar xvf -


  ,   


% cd squid-x.y.z

% ./configure

% make all

% make install


   GNU C (gcc) .   
 ANSI C,       . GNU C 
  ftp://prep.ai.mit.edu/pub/gnu/.
     .  
--prefix     .    /usr/local/squid.
   :


% cd squid-x.y.z

% ./configure --prefix=/some/other/directory/squid


2.3      Squid?

        Unix , 
    AIX, FreeBSD, HP-UX, IRIX, Linux, OSF/1, Solaris,
 SunOS.        ,
     email: squid-bugs@nlanr.net.


2.4     squid.conf?

 squid.conf   squid.  
  (   )   HTTP ,    ICP
,    ,     ,
   .


2.5     squid.conf?

,       make install,  
squid.conf     "etc" 
 Squid.  squid.conf   
 .


2.6    squid?

   ,   squid
  RunCache.       
     :


/usr/local/squid/bin/RunCache &


2.7     Squid ?

    client:


% client http://www.netscape.com/ > test


   HTTP -    .
     :url_get,   ftp://ftp.pasteur.fr/pub/Network/url_get/,
echoping,   ftp://ftp.pasteur.fr/pub/Network/echoping/.
     access.log cache.log.


2.8   ?

  patch.  :

 cd squid-1.1.x
 patch < /tmp/fixes.patch

          'src',  :



 cd squid-1.1.x/src
 patch < /tmp/fixes.patch

  patch  -           ,   GNU FTP site.










3 




3.1    ?

    ,   cache_host
  squid.conf,      (
 :) - ..  ) .


,  squid.conf  childcache.example.com
 ,        
    :

 # squid.conf - On the host: childcache.example.com
 #
 # Format is: hostname type http_port udp_port
 #
 cache_host parentcache.example.com parent 3128 3130
 cache_host childcache2.example.com sibling 3128 3130
 cache_host childcache3.example.com sibling 3128 3130

 cache_host_domain     
 ,    :

 # squid.conf - On the host: sv.cache.nlanr.net
 #
 # Format is: hostname type http_port udp_port
 #

 cache_host electraglide.geog.unsw.edu.au parent 3128 3130
 cache_host cache1.nzgate.net.nz parent 3128 3130
 cache_host pb.cache.nlanr.net parent 3128 3130
 cache_host it.cache.nlanr.net parent 3128 3130
 cache_host sd.cache.nlanr.net parent 3128 3130
 cache_host uc.cache.nlanr.net sibling 3128 3130
 cache_host bo.cache.nlanr.net sibling 3128 3130
 cache_host_domain electraglide.geog.unsw.edu.au .au
 cache_host_domain cache1.nzgate.net.nz .au .aq .fj .nz
 cache_host_domain pb.cache.nlanr.net .uk .de .fr .no .se .it
 cache_host_domain it.cache.nlanr.net .uk .de .fr .no .se .it
 cache_host_domain sd.cache.nlanr.net .mx .za .mu .zm

  ,     pb.cache.nlanr.net
 it.cache.nlanr.net   uk, de, fr, no, se  it, sd.cache.nlanr.net
  mx, za, mu  zm,  cache1.nzgate.net.nz  
au, aq, fj,  nz.


3.2      NLANR?

   
    NLANR.


3.3       NLANR?

 NLANR       
.      NLANR   
 .


3.4       NLANR?

      squid.conf  :

cache_announce 24
announce_to sd.cache.nlanr.net:3131

:           NLANR.      NLANR  ,         NLANR.




3.5         
//   ?

 NLANR 
    . ,  ,    
           //.
   ...


3.6    httpd-?

         ,
      ""  "" .
     (,   -  
     )    
-  .       
"   ".


       (,
      ).     
  HTTP    .     80 
(     ),   ,  
HTTP   "" HTTP  (   
  ).        ( 
  ).


   web ,    
           HTTP 
,        . 
     ICP     
web     .


 Squid       
   .       
     ,    
HTTP       URL , 
 .


     " "   
    ,    
. ,    web-  
     .  ,   
       .
,          .


  Squid    Harvest   
      CERN   
  .    
  httpd ,     web-
( 80 ),      httpd (
81 ).


    web     
 URL  81  httpd.     
,   HTML   GIF-,   httpd ( 81 )
-  ,    cgi-bin .  
     ,   
    web-.


  ,      squid  httpd-
    ,      
.         
.   Squid      httpd-
   ,   httpd_accel_with_proxy
  on   squid.conf.


3.7   ,  Squid   ?

          
 ,     
. Squid   ICP     ,  
  .


   inside_firewall  squid.conf
        . :


inside_firewall example.com


  :


inside_firewall example.com example.org example.net


 inside_firewall     
.          
  .    :


        none  
     .


3.8    dnsserver , 
 ,       squid.conf?

 dnsserver  squid - ,  
    IP- (gethostbyname(3)) 
(      ).    squid
,  ,          
  .   dnsserver  
,         squid.


      dnsserver 
   ,   squid 
 .       dnsserver-,
   squid,      
.  ,        dnsserver
,    .  , dnsserver 
      .


3.9     Squid,    
socks     .   Squid Socks?

From: carson@lehman.com

Date: Sat, 25 Jan 1997 11:50:59 -0500

Subject: Re: SOCKS


  socks5,      Squid.
  ,    -Dbind=SOCKSbind etc  
  -lsocks   .


3.10  Squid     ?

Kolics Bertold  
-   .




4 Squid  

  web      
  Squid   .     
      URL    
,  JavaScript   .


4.1   Netscape

 Network Preferences   Options.  
Proxies,   Manual Proxy Configuration   
 View.       Squid
( , HTTP, FTP,  gopher)    IP  Squid  
 (  3128)   Port.   , 
 Squid     .


     
Netscape Navigator.


4.2   Netscape

  Netscape Navigator     
JavaScript (  Navigator 2.0  ).  Network Preferences
  Options.   Proxies,   Automatic
Proxy Configuration   URL   JavaScript 
.


    
 Netscape Navigator.       Netscape
    Navigator   JavaScript  
http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html


    JavaScript  Oskar Pearson:

//We (www.is.co.za) run a central cache for our customers that they
//access through a firewall - thus if they want to connect to their intranet
//system (or anything in their domain at all) they have to connect
//directly - hence all the "fiddling" to see if they are trying to connect
//to their local domain.

//Replace each occurrence of company.com with your domain name
//and if you have some kind of intranet system, make sure
//that you put it's name in place of "internal" below.

//We also assume that your cache is called "cache.company.com", and
//that it runs on port 8080. Change it down at the bottom.

//(C) Oskar Pearson and the Internet Solution (http://www.is.co.za)
 function FindProxyForURL(url, host)
 {
 //If they have only specified a hostname, go directly.
 if (isPlainHostName(host))
 return "DIRECT";
 //These connect directly if the machine they are trying to
 //connect to starts with "intranet" - ie http://intranet
 //Connect directly if it is intranet.*
 //If you have another machine that you want them to
 //access directly, replace "internal*" with that
 //machine's name
 if (shExpMatch( host, "intranet*")||
 shExpMatch(host, "internal*"))
 return "DIRECT";
 //Connect directly to our domains (NB for Important News)
 if (dnsDomainIs( host,"company.com")||
 //If you have another domain that you wish to connect to
 //directly, put it in here
 dnsDomainIs(host,"sistercompany.com"))
 return "DIRECT";
 //So the error message "no such host" will appear through the
 //normal Netscape box - less support queries :)
 if (!isResolvable(host))
 return "DIRECT";
 //We only cache http, ftp and gopher
 if (url.substring(0, 5) == "http:" ||
 url.substring(0, 4) == "ftp:"||
 url.substring(0, 7) == "gopher:")
 //Change the ":8080" to the port that your cache
 //runs on, and "cache.company.com" to the machine that
 //you run the cache on
 return "PROXY cache.company.com:8080; DIRECT";
 //We don't cache WAIS
 if (url.substring(0, 5) == "wais:")
 return "DIRECT";
 else
 return "DIRECT";
 }




4.3  Lynx  Mosaic

 Mosaic  Lynx,      . 
( csh  tcsh):


% setenv http_proxy http://mycache.example.com:3128/

% setenv gopher_proxy http://mycache.example.com:3128/

% setenv ftp_proxy http://mycache.example.com:3128/


 Lynx       lynx.cfg. 
    Lynx     
    . :

 http_proxy:http://mycache.example.com:3128/
 ftp_proxy:http://mycache.example.com:3128/
 gopher_proxy:http://mycache.example.com:3128/




4.4  Microsoft Internet Explorer

 Options   View.    Connection.
 Connect through Proxy Server    Proxy
Settings.       Squid (
, HTTP, FTP,  gopher)    IP  Squid  
 (  3128)   Port.  , 
 Squid      .


     Internet Explorer.


Microsoft      Netscape 
   JavaScript. ,  MSIE  3.0a 
Windows 3.1  Windows NT 3.51    (, 
 3.01 build 1225  Windows 95  NT 4.0,  ).


   MSIE   ,  Options
  View.    Advanced    
    Automatic Configuration.  URL 
 JavaScript.   MSIE. MSIE   
JavaScript    .


4.5  Netmanage Internet Chameleon WebSurfer

Netmanage WebSurfer       
      (   WebSurfer
5.0).  Preferences   Settings.  
 Proxies.   Use Proxy  HTTP, FTP,
 gopher.        IP  Squid 
  ( , 3128)   Port.   
.


  .


        ,   
  ,    .  
.


4.6  ,    
   ?

     Linux, Solaris,  BSD .
  ,      IP 
.         
   Linux  Solaris.


4.6.1    Solaris, SunOS,  BSD 

  http://cheops.anu.edu.au/~avalon/ip-filter.html


4.6.2    Linux

[Contributed by Rodney van den Oever <Rodney.van.den.Oever@tip.nl>]


Warning: this technique has several significant shortcomings!




  access.log      URL.




    IP .  - ,   
   getsockname(2).  , 
      .    
 URL' ,   IP .  URL'     
    .  ,     
 ,    .




    HTTP ,    gopher
 FTP




       ,    FTP
 ( 21  ),    HTTP.   
  ,      .
     gopher.       
 HTTP ,        ,  
 .



    ,      
  .      /usr/src/linux/.config:

 #
 # Code maturity level options
 #
 CONFIG_EXPERIMENTAL=y
 #
 # Networking options
 #
 CONFIG_FIREWALL=y
 # CONFIG_NET_ALIAS is not set
 CONFIG_INET=y
 CONFIG_IP_FORWARD=y
 # CONFIG_IP_MULTICAST is not set
 CONFIG_IP_FIREWALL=y
 # CONFIG_IP_FIREWALL_VERBOSE is not set
 CONFIG_IP_MASQUERADE=y
 CONFIG_IP_TRANSPARENT_PROXY=y
 CONFIG_IP_ALWAYS_DEFRAG=y
 # CONFIG_IP_ACCT is not set
 CONFIG_IP_ROUTER=y

 http://www.xos.nl/linux/ipfwadm/
  ipfwadm   . Ipfwadm 
   .       
 /etc/rc.d/rc.inet1 (Slackware)   
  .       
 .  ,      forwarding
(masquerading).


/etc/rc.d/rc.firewall:

#!/bin/sh
# rc.firewall Linux kernel firewalling rules
FW=/sbin/ipfwadm

# Flush rules, for testing purposes
for i in I O F # A # If we enabled accouting too
do
${FW} -$i -f
done

# Default policies:
${FW} -I -p rej # Incoming policy: reject (quick error)
${FW} -O -p acc # Output policy: accept
${FW} -F -p den # Forwarding policy: deny

# Input Rules:

# Loopback-interface (local access, eg, to local nameserver):
${FW} -I -a acc -S localhost/32 -D localhost/32

# Local Ethernet-interface:

# Redirect to Squid proxy server:
${FW} -I -a acc -P tcp -D default/0 80 -r 80

# Accept packets from local network:
${FW} -I -a acc -P all -S localnet/8 -D default/0 -W eth0

# Only required for other types of traffic (FTP, Telnet):

# Forward localnet with masquerading (udp and tcp, no icmp!):
${FW} -F -a m -P tcp -S localnet/8 -D default/0
${FW} -F -a m -P udp -S localnet/8 -D default/0


           80 .        - :



 IP firewall input rules, default policy: reject
 type prot source destination ports
 acc all 127.0.0.1 127.0.0.1 n/a
 acc/r tcp 10.0.0.0/8 0.0.0.0/0 * -> 80 => 80
 acc all 10.0.0.0/8 0.0.0.0/0 n/a
 acc tcp 0.0.0.0/0 0.0.0.0/0 * -> *

    squid.conf:

 http_port 80
 icp_port 3130
 httpd_accel virtual 80
 httpd_accel_with_proxy on

, virtual    !


   Windows 95   Microsoft Internet Explorer 3.01
  Netscape Communicator        
.


  squid       
 80 .      :

 ${FW} -I -a rej -P tcp -S localnet/8 -D dec/32 80


 IP firewall input rules, default policy: reject
 type prot source destination ports
 acc all 127.0.0.1 127.0.0.1 n/a
 rej tcp 10.0.0.0/8 10.0.0.1 * -> 80
 acc/r tcp 10.0.0.0/8 0.0.0.0/0 * -> 80 => 80
 acc all 10.0.0.0/8 0.0.0.0/0 n/a
 acc tcp 0.0.0.0/0 0.0.0.0/0 * -> *

   :  ,  
 URL ,    . , 
     DNS .


       DNS  ( 
  IMHO)     .







5  




5.1      Squid?

   Squid  CGI  cachemgr.cgi 
  squid  .    
 ,  cachemgr.cgi.


5.2      log ?

       e Squid.
 log     ,      
  , , ,     .
   log  Squid:


access.log,  :

 Host Ident - [D/M/Yr:H:M:S TZ] "Method URL" Status Size

access.log, Squid 1.0  :

 Time Elapsed Host Status/HTTP/Hier_Status Size Method URL

access.log, Squid 1.1  :

 Time Elapsed Host Status/HTTP Size Method URL Ident Hier_Status/Hier_Host

hierarchy.log,  Squid 1.0:

 [D/M/Yr:H:M:S TZ] URL Hier_Status Hier_Host

     log:




Host




IP    (  v1.1,     FQDN).




Ident




 '-'.   1.1  Ident (RFC 931),  .




Method




GET, HEAD, POST  TCP   ICP_QUERY  UDP .




URL




 .




Status




  (TCP_HIT    , TCP_MISS 
      , UDP_HIT  UDP_MISS 
   ).




HTTP




 HTTP : 200  , 000  UDP , 403  ,
500  ,  ..




Size




   .




Hier_Status




   / .   PARENT_MISS,
SIBLING_HIT  ..




Hier_Host




,    .




Time




  Jan 1, 1970  .




Elapsed




   .






5.3  log    ?

  log ,    squid  USR1.
   ,   log     .
     log . ,   squid.pid
 /usr/local/squid/logs/squid.pid (   squid.conf)
  :


kill -USR1 `cat /usr/local/squid/logs/squid.pid`


:  logfile_rotate  squid.conf
     log .  
 logfile_rotate   .   
logfile_rotate  ,  log   .
   logfile_rotate    crontab
 squid '  SIGUSR1,    
:


0 0 * * * /bin/kill -USR1 `cat /usr/local/squid/logs/squid.pid`


 ,     log,
     cache_dir .  
 ,      Squid.
      .


5.4       ?



sort -r -n +4 -5 access.log | awk '{print $5, $7}' | head -25




5.5    Squid   

 ,  -z   .


,   ,   log  
cache_dir.




6 -

[Contributed by Jonathan Larmour <JLarmour@origin-at.co.uk>]


6.1   -?

- (cachemgr.cgi)  CGI    
  squid. -    
       .


6.2   ?

     web ,   .  
    CERN  Apache   
cachemgr.cgi.


       ,  
 web ,    SIGHUP,   
 .


    web ,   
  -  URL:


http://www.example.com/Squid/cgi-bin/cachemgr.cgi


6.3  CERN httpd 3.0    -

-,  ,      
  -.     CERN httpd.conf,   
squid.conf.

 Protection MGR-PROT {
 Mask @(workstation.example.com)
 }

  , IP ,      . 
   .     .


  :

 Protect /Squid/* MGR-PROT
 Exec /Squid/cgi-bin/*.cgi /usr/local/squid/bin/*.cgi

   MGR-PROT,   .


6.4  Apache    -

 ,   cgi-bin   ScriptAlias
  srm.conf  Apache, - :

ScriptAlias /Squid/cgi-bin/ /usr/local/squid/cgi-bin/

   ScriptAlias    /usr/local/squid/bin
   Squid.


,        -. 
   access.conf Apache,    squid.conf. 
 access.conf, :

 <Location /Squid/cgi-bin/cachemgr.cgi>
 order deny,allow
 deny from all
 allow from workstation.example.com
 </Location>

   ,     .


, cachemgr.cgi    .  
   access.conf:

 <Location /Squid/cgi-bin/cachemgr.cgi>
 AuthUserFile /path/to/password/file
 AuthGroupFile /dev/null
 AuthName User/Password Required
 AuthType Basic
 <Limit GET>
 require user cachemanager
 </Location>

  Apache      htpasswd
  .


6.5  ACL ( )  -
 squid.conf

    -   squid.conf :

 acl manager proto cache_object
 acl localhost src 127.0.0.1/255.255.255.255
 acl all src 0.0.0.0/0.0.0.0

  :

 http_access deny manager !localhost
 http_access allow all

   ACL   -,      squid
  cache_object .   :


telnet mycache.example.com 3128

GET cache_object://mycache.example.com/info HTTP/1.0


 ,    cache_object,     
,    ,    - .


,        ,  
 cachemgr.cgi       localhost.
  :

 acl manager proto cache_object
 acl localhost src 127.0.0.1/255.255.255.255
 acl example src 123.123.123.123/255.255.255.255
 acl all src 0.0.0.0/0.0.0.0

 123.123.123.123  IP   web .  
 :

 http_access deny manager !localhost !example
 http_access allow all

  ,  web      ,
  squid. ,   -  squid 
 web ,   .  ,   web  
-   , IP  web ,    cachemgr.cgi
    example   .


      squid.conf  SIGHUP
squid'.


6.6      -   URL?

     ,  ,    
  ,  URL     ( , 
    ).     cachemgr.cgi
  .


6.7     .  ?

 squid.conf   cachemgr_passwd.


6.8  ,    cache host  
   ?

   Makefile.in  :

 HOST_OPT = # -DCACHEMGR_HOSTNAME="getfullhostname()"

 web   cachemgr.cgi     ,   Squid
  #.   web  - , :

 HOST_OPT = -DCACHEMGR_HOSTNAME=\"mycache.example.com\"

       cachemgr.cgi.


6.9    TCP  UDP  Squid?

    TCP      web
  . UDP      
          .
UDP   ICP .


6.10  ,       1970
!

 .  (  - )  squid 
 ,    .


6.11    -?






StoreEntry




   .




IPCacheEntry




   DNS.




Hash link




   -.




URL strings




  URL,      ,  
 StoreEntry.



    log    cache:




PoolMemObject structures




     , (,   ).




Pool for Request structures




   .




Pool for in-memory object




   .






6.12 Pool for in-memory object    
!    ?

.    .      
  squid .    ,    
,   cache_mem     gopher,
http  ftp  squid.conf.


6.13   "Total accounted"   
   squid!

     ,  .  squid
  ,    ,     
         squid.


 squid   ,    ,  !
-  ,   squid.


6.14   utilization,   Other?

Other  ,       
  .


6.15   utilization,   Transfer
KB/sec  ?

         
  .      .


6.16   utilization,   Object Count?

   ,      .


6.17   utilization,   Max/Current/Min
KB?

   //   
 .


6.18    I/O?

        read(2). 
     .


6.19     Objects?

:       
 URL     .    ,  . 
   ,     ! 
     .


6.20    VM Objects?

VM Objects      .  
          .


6.21   AVG RTT?

Average Round Trip Time.   ,   
ICP ping   .


6.22   IP cache ,    hit, negative
hit  miss?

HIT ,     . MISS,   . Negative hit
,     ,   .


6.23     IP cache?

Hostname  ,   .


  Flags:




C




.




N




 .




P




   .




D




    .




L




 ,        .



  TTL  "Time To Live" ( ,  
   ). (  ,   
 .)


 N   IP ,    hostname.


     IP ,    
 IP cache.


6.24      
cachemgr.cgi?

   Cache Information  cachemgr.cgi.
:

 Memory usage for squid via mallinfo():
 Total space in arena: 94687 KB
 Ordinary blocks: 32019 KB 210034 blks
 Small blocks: 44364 KB 569500 blks
 Holding blocks: 0 KB 5695 blks
 Free Small blocks: 6650 KB
 Free Ordinary blocks: 11652 KB
 Total in use: 76384 KB 81%
 Total free: 18302 KB 19%


 Meta Data:
 StoreEntry 246043 x 64 bytes = 15377 KB
 IPCacheEntry 971 x 88 bytes = 83 KB
 Hash link 2 x 24 bytes = 0 KB
 URL strings = 11422 KB
 Pool MemObject structures 514 x 144 bytes = 72 KB ( 70 free)
 Pool for Request structur 516 x 4380 bytes = 2207 KB ( 2121 free)
 Pool for in-memory object 6200 x 4096 bytes = 24800 KB ( 22888 free)
 Pool for disk I/O 242 x 8192 bytes = 1936 KB ( 1888 free)
 Miscellaneous = 2600 KB
 total Accounted = 58499 KB

   mallinfo() ,  r 94M. 
   ,   top (97M).


  94M, 81% (76M)     . 
,   malloc(3)    .


 76M ,    58.5M (76%).  
  malloc(3).


 Meta Data    ,  
 . 45%   StoreEntry   URL .
 42%       ,  
  (Pool for in-memory object).


    squid.conf.   1.0,  
:     ,   
  .  Pool for in-memory object,  
  1/2 cache_mem.  Pool for disk I/O
   200.  MemObject  Request  1/8 
FD_SETSIZE.


      ,   
     'http', 'ftp'  'gopher' .
   cache_mem.    cache_mem
 ,         
 .   Squid   memory_pools
off      .


6.25   fqdncache     ipcache?

IPCache     Hostname  IP-Number,  FQDNCache
  .


:

==============================================================================



IP Cache Contents:
Hostname Flags lstref TTL N [IP-Number]
gorn.cc.fh-lippe.de C 0 21581 1 193.16.112.73
lagrange.uni-paderborn.de C 6 21594 1 131.234.128.245
www.altavista.digital.com C 10 21299 4 204.123.2.75 204.74.103.37 204.123.2.66 204.123.2.69
2/ftp.symantec.com DL 1583 -772855 0



Flags: C -->  
 D --> 
 N -->  
 L --> 

lstref:     
 TTL: Time-To-Live ( )      
 N:  



==============================================================================



FQDN Cache Contents:

IP-Number Flags TTL(?) N Hostname]

130.149.17.15 C -45570 1 andele.cs.tu-berlin.de
194.77.122.18 C -58133 1 komet.teuto.de
206.155.117.51 N -73747 0

Flags: C -->  
 D --> 
 N -->  
 L --> 
 TTL: Time-To-Live
 N:  






7 Troubleshooting




7.1       : "Proxy Access
Denied"?

 squid    httpd-,   HTTP 
   HTTP ,     .   ,
     -HTTP ,   :


http_accel_with_proxy on


,     ACL.   access.log
 squid.conf.


7.2   local_domain.

Squid     .


 local_domain     .
       .
     ,    cache_stoplist
 http_stop (   ).


7.3        ,
 Connection Refused,     ,  
 .

 ICP  ,  HTTP -,  ICP   
,  ICP    ,    ,  
  .      http_port,
          .


7.4    

 ,    Too many open files. 
-       . 
          . 
     : ,    
,  -       .


 Linux,   filehandle.patch.linux
 Michael O'Reilly <michael@metal.iinet.net.au>.


 Solaris,     /etc/system:


set rlim_fd_max = 4096

set rlim_fd_cur = 1024


   #define SQUID_FD_SETSIZE  include/config.h
   ,   rlim_fd_max.    
4096.


Solaris select(2)    1024 ,
    src/Makefile   $(USE_POLL_OPT).
  squid.


 FreeBSD ( Torsten Sturm <torsten.sturm@axis.de>):




     ?




  sysctl -a  kern.maxfilesperproc.




  ?




sysctl -w kern.maxfiles=XXXX



sysctl -w kern.maxfilesperproc=XXXX

:  ,  
maxfiles > maxfilesperproc.


  ?




  ,      .  
   .   ,   
 (,         
).



  BSD- (SunOS, 4.4BSD, OpenBSD, FreeBSD, NetBSD, BSD/OS,
386BSD, Ultrix)    " " (  ):




     ?




  pstat -T  files,  
  current/maximum.




   ?




  -    maxusers  
   .      ,  
    ,       .




    ?




  param.c       
maxusers       
.



  :




SunOS




  nfile  /usr/kvm/sys/conf.common/param.c
    :



int nfile = 16 * (NPROC + 16 + MAXUSERS) / 10 + 64;

 NPROC  :

#define NPROC (10 + 16 * MAXUSERS)


FreeBSD (   2.1.6)




   SunOS,  /usr/src/sys/conf/param.c
    maxusers, maxfiles
 maxfilesperproc:



int maxfiles = NPROC*2;

int maxfilesperproc = NPROC*2;

 NPROC  :

#define NPROC (20 + 16 * MAXUSERS)

         
   :

options OPEN_MAX=128


BSD/OS (   2.1)




 /usr/src/sys/conf/param.c   maxfiles
  :



int maxfiles = 3 * (NPROC + MAXUSERS) + 80;

 NPROC  :

#define NPROC (20 + 16 * MAXUSERS)

    OPEN_MAX,   
   .

:      
Squid.   Squid'    
,      . :

 cd squid-1.1.x
 make realclean
 ./configure --prefix=/usr/local/squid
 make




7.5  squid    ,
   malloc(3)  ,     !

     ,   
   ,  ,   -root
. BSD/OS    ,    .
   ,   :

options DFLDSIZ=67108864 # 64 meg default max data size (was 16)
options MAXDSIZ=134217728 # 128 meg max data size (was 64)

    .


 Digital UNIX,   /etc/sysconfigtab  
...

proc:
 per-proc-data-size=1073741824

,  csh,   limit ...

zpoprp.zpo.dec.com> limit datasize 1024M


 /etc/sysconfigtab  ,  
limit - .


7.6       ?

:

97/01/23 22:31:10| Removed 1 of 9 objects from bucket 3913
97/01/23 22:33:10| Removed 1 of 5 objects from bucket 4315
97/01/23 22:35:40| Removed 1 of 14 objects from bucket 6391

  log ,    ,  squid  cache_swap_high.


  cache information cachemgr.cgi   
:

 Storage LRU Expiration Age: 364.01 days

,      , 
   .      LRU
Expiration Age   reference_age  
.


7.7      cache_effective_user
 nobody  Linux?

  ,      cache_effective_user
 nobody  Linux   :

FATAL: Don't run Squid as root, set 'cache_effective_user'!

,   cache_effective_user   nobody,
  .  ,     Squid  
  cache_effective_user.


   UID nobody  65535  65534.


7.8    Windows NT FTP   
 Unix ?

   !    :

   ftp.


    (   ),  
"Properties"  ,  "directories",   "Directory listing
style."  "Unix" type,   "MS-DOS" type.


--Oskar Pearson <oskar@is.co.za>




7.9      ERR_NO_CLIENTS_BIG_OBJ?

 ,       " "
    .     " "
 :

    

  1. 
,  maximum_object_size
    2. 


  2. 
   ,     proxy-only.
    3. 





7.10  Squid    !?

Squid        
,    .  ,   
FAQ:

     Squid   malloc .
 :




7.11    "Ignoring MISS from non-peer x.x.x.x"?

  ICP MISS ( UDP)     , 
IP     .      .


(1)           , 
   DNS. -,   .     
 IP    DNS,    Squid 'udp_outgoing_address'.


:

# (squid.conf  )
#
udp_outgoing_address proxy.parent.com


# ( squid.conf)
#
cache_host proxy.parent.com parent 3128 3130

(2)        ICP   
.   , Squid    
  ,   .    
    ,      log  . 
 ,       , ,
  ,     .




8  Squid ?




8.1   ?

 Internet   , ,     
: FTP, HTTP,  gopher.    Internet  
,     (  ,   URL,
     ),   .


8.2    ICP?

ICP       squid. ICP  
 Internet Cache Protocol, 2  ,    http://www.nlanr.net/Cache/ICP/ICP-id.txt.


ICP         
   .  squid    , 
 ICP   ,      ICP
 "HIT" ("")  "MISS" ("").   
          MISS.


ICP        
TCP . ICP    UDP.   Squid 
   ICP.


8.3   dnsserver?

Dnsserver    squid  
   IP .   - ,  
gethostbyname(3)      DNS
.


 Squid     /,  DNS 
     .  dnsserver 
  DNS,    squid`.


8.4    ftpget?

 ftpget  FTP ,    
 FTP . - ,  FTP  ,  
     squid.


8.5 FTP PUT  

, FTP put    squid.   - 
 /   -    .


   ,       ftpput.


8.6    ?   
  ?

     -  
 /   ,  ,   
   Internet   ,    
   Internet.    "" .
 ,      ,     
  ,    ,  , 
 .  ,     
 ,     Internet  
  ""  ,    ,
    .


 / , squid   
,       ,  
.           
,     Internet,      ,
   .     
      ,    "".


8.7     Squid?



    

  1. 
 ICP     
    2. 


  2. 
  ,      ( 
 ).
    3. 


  3. 
   HIT    , 
    4. 


  4. 
     ,  MISS ( 
 ), 
    5. 


  5. 
   Internet
    6. 


         .


 single_parent_bypass   ICP ,
        ( ,
    ,   ?)


8.8    Squid  
?

       
,  (  )   ,
,  -     URL,
   .


   ,   http://squid.nlanr.net/Squid/Devel/todo.html.


      http://squid.nlanr.net/Squid/Devel/.


8.9      Internet 

       
   .     
   .    
Internet ,      http://www.nlanr.net/NA/.


8.10      
 NLANR?

      
,   ,    .  
   ..   
  50%,       
   ,     .  
      ,  
,           ,
 ,      .


8.11     ?

    FAQ  http://www.greatcircle.com/firewalls/




$Id: footer,v 1.3 1997/03/13 16:19:52 wessels Exp $



Last-modified: Tue, 01 Dec 1998 21:18:05 GMT

  :