'lo all,
I inherited a task that I'm not quite up to but would like to learn how to set up properly, maybe you can shed some light?
My barely adequate Squid skills are about 3 years rusty and I'm still reading about the differences, but I believe the desired configuration is "accelerated mode", "reverse proxy", or "a redirector". Basicly I want to hide/protect a webserver farm from the Internet (with the added benefit of caching).
And there is a somewhat functional solution in place:
The box is remote, so I don't know much about the hardware yet:
70Gb drive, but a df shows <3Gb in use. (that's odd, right?)
Running a top command shows squid only periodicly, and using <5% CPU and <5% Memory
(sorry, I forgot to write down the total RAM)
The squid is version 2.5.STABLE9, and it has acceleration configs:
http_accel_host virtual
http_accel_port 80
http_accel_single_host off
http_accel_with_proxy off [this means it is not caching, right?]
http_accel_uses_host_header on
and some
https_port <ip>:443 cert=/path/to/cert key=/path/to/key
They also have some kind of redirector in place... but I don't really understand how or what it's doing.
There is no "redirect_program" line in the squid.conf, though "redir" seems to run as a service?
There is a script called port.forwarder in /etc/init.d which calls a bunch of redir's (redir-2.2.1) with parameters like:
--laddr=aaa.aaa.aaa.aaa --lport=8080 --cport=8080 --caddr=bbb.bbb.bbb.bbb
Which I interpret as port forwarding... but I don't see where it's actually being used.
Running a ps -aux command shows a redir process running for each ip assigned to the NIC, yet I don't see them with top.
There have been increasing problems with timeouts on the client side and the concern is that redir-2.2.1 is obsolete and slowing down traffic. And when they get complaints, they run "port.forwarder stop; port.forwarder start" and the symptoms go away. The solution proposed as my task is: upgrade "redir" to "squidGuard"...
(personally I believe the root of their problem lies elsewhere, but the least I can do is tune up their squid)
Can anyone explain what they have set up now?
Or, help me understand how squidGuard will improve performance (and then how to configure it in an accelerator mode to port forward?!) or help me gain the weapons to prove that squidGuard is not the answer?
Sincerely,
Mike
Received on Sat Jul 30 2005 - 08:14:02 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:03 MDT