Home arrow Tuning FreeBSD arrow Tuning Squid HTTP Proxy
Tuning Squid HTTP Proxy PDF
Thursday, 03 April 2008
First you shoud install Squid from ports and compile with options to support diskd.

1. Install Squid from ports.

cd /usr/ports/www/squid
make install

2. Compile Squid with diskd support:

cd /usr/ports/www/squid/work/squid-2.5.STABLE9

./configure --bindir=/usr/local/sbin --sysconfdir=/usr/local/etc/squid --datadir=/usr/local/etc/squid --libexecdir=/usr/local/libexec/squid --localstatedir=/usr/local/squid --enable-removal-policies=lru,heap --enable-auth=basic,ntlm,digest --enable-basic-auth-helpers=NCSA,PAM,MSNT,SMB,winbind,YP --enable-digest-auth-helpers=password --enable-external-acl-helpers=ip_user,unix_group,wbinfo_group,winbind_group --enable-ntlm-auth-helpers=SMB,winbind --enable-storeio=ufs,diskd,null --enable-underscores --enable-err-languages=English --enable-default-err-language=Romanian --with-large-files --enable-large-cache-files --enable-delay-pools --enable-ipf-transparent --disable-ident-lookups --enable-snmp --enable-removal-policies --prefix=/usr/local i386-portbld-freebsd5.4

make install

3. Add FreeBSD sysctl parameters into your /boot/loader.conf:

kern.ipc.nmbclusters: 32768
net.inet.ip.portrange.last: 65535

4. Compile kernel with this options:
options SHMSEG=16
options SHMMNI=32
options SHMMAX=2097152
options SHMALL=4096
options MAXFILES=8192

5. Your squid.conf should like like that:
(please modify the path where your stored squid cache, the size of cache and also the allowed ip range for your squid daemon. Don't forget do do a 'squid -z' if you did not, at install time (for creating cache directories).

#my settings
http_port 8080
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 128 MB

maximum_object_size 80000 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_dir diskd /mnt/squid 28000 32 512 Q1=72 Q2=64

log_fqdn off
logfile_rotate 10


auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .        0    20%    4320

#next, remove
acl localnet src
acl localhost src
acl to_localhost dst

acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 210 1025-65535 280 488 591 777
acl all src

http_access deny !Safe_ports

http_access allow localnet
http_reply_access allow all
visible_hostname localhost

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

coredump_dir /usr/local/squid/cache
< Prev   Next >

Other BSD Systems





Best BSD firewall?