Re: [squid-users] Squidguard replacement for squid if needed
On 29.09.21 13:42, flauenroth wrote: Apparently Debian/Ubunutu does not support openSSL anymore and uses GnuTLS whatever that thing is. Once again I feel savaged by "systemd". I knew, when I started the new job that it will be harsh but I did not expect it to be that different. funny, because a month ago debian 11 came out containing squid-gnutls and squid-openssl variants. Coming from a UNIX backround using Linux and than Ubuntu Server 20.04LTS is well, an experience so to say. Long story short, my best bet is to compile squid by myself and go from there right? try squid-openssl first. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Running SMP workers on multi-core systems
Hi, I am trying to use the squid cache as an outbound HTTP/S proxy service for our production network and would like to scale up the request per sec by running it on multi-core systems. I have searched up the archives and config docs, but couldn't find anything more recent than the below on setting up SMP workers. https://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster https://wiki.squid-cache.org/ConfigExamples/MultiCpuSystem * Can someone please let me know if the config examples in those docs still apply to the latest version 5.1. * Do we still need the combination of squid, frontend, backend.conf files, or is it enabled simply with the "workers" line in the main config file? * When I attempt to run the squid server with "workers 4" in the squid.conf, I get the following error (one for each kid) and the main process does not bind to the "http_port 3128". I see several UDP ports opened up for each kid process. 2021/09/29 00:44:10 kid5| commBind Cannot bind socket FD 11 to [::]: (2) No such file or directory * Does anyone have recommendations on the maximum number of workers to use on a 64 core host (assuming no other CPU intensive apps are running on the same host). Caching is not a must for our initial deployment, so we are fine disabling caching. Thanks Praveen ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Running SMP workers on multi-core systems
On 9/30/21 2:49 AM, Praveen Ponakanti wrote: > I am trying to use the squid cache as an outbound HTTP/S proxy service > for our production network and would like to scale up the request per > sec by running it on multi-core systems. > I have searched up the archives and config docs, but couldn't find > anything more recent than the below on setting up SMP workers. > https://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster > https://wiki.squid-cache.org/ConfigExamples/MultiCpuSystem The two old exotic configurations above are not what you should be starting with when thinking about SMP support in modern Squids. The best starting points I know about are * https://wiki.squid-cache.org/Features/SmpScale * http://www.squid-cache.org/Doc/config/workers/ * http://www.squid-cache.org/Doc/config/cpu_affinity_map/ * http(s)_port worker-queues option That Feature wiki page does not get many updates these days; if there is a conflict between information sources, the directive documentation in your squid.conf.documented may have more recent information. > * Can someone please let me know if the config examples in those docs > still apply to the latest version 5.1. I bet those use cases themselves do not apply well to your situation. > * Do we still need the combination of squid, frontend, backend.conf > files, or is it enabled simply with the "workers" line in the main > config file? The workers directive does not require multiple Squid instances (with multiple configuration files, etc.). > * When I attempt to run the squid server with "workers 4" in the > squid.conf, I get the following error (one for each kid) and the main > process does not bind to the "http_port 3128". I see several UDP ports > opened up for each kid process. > 2021/09/29 00:44:10 kid5| commBind Cannot bind socket FD 11 to [::]: (2) No > such file or directory Unfortunately, I cannot tell exactly what went wrong based on that low-level message alone, but it could be a variant of [1]. If you cannot figure it out after checking [1] suggestions, consider sharing "squid -X" startup cache.log for analysis. There is [1] https://wiki.squid-cache.org/Features/SmpScale#Cannot_bind_socket_FD_NN_to_.5B::.5D:_.2813.29_Permission_denied The UDP ports you are seeing are probably for the internal DNS resolver which is not SMP-aware. > * Does anyone have recommendations on the maximum number of workers to > use on a 64 core host (assuming no other CPU intensive apps are running > on the same host). Caching is not a must for our initial deployment, so > we are fine disabling caching. 28-30. See the following wiki section for the corresponding rules of thumb: https://wiki.squid-cache.org/Features/SmpScale#How_to_configure_SMP_Squid_for_top_performance.3F HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] cicap lines in squid.conf
in the end did this work, the reason why i thought it wasnt is because i went on the eicar test website and downloaded the txt fle and i could see it on the website reason was it was because it was cached and must have saved it in memory as "cache_dir" i have disabled, once i rebooted the squid server and tried to download the txt file again i got the squid virus page i did have to update my clamav service via yum as when i run "freshclam" it errored saying running an old version but once i updated all was good On Wed, 29 Sept 2021 at 13:46, robert k Wild wrote: > hi all, > > going by this link > > https://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP > > theres two icap configuration options, what one should i use as atm i have > this in my squid.conf > > #ICAP > icap_enable on > adaptation_uses_indirect_client on > icap_send_client_ip on > icap_send_client_username on > icap_client_username_header X-Authenticated-User > icap_service service_req reqmod_precache bypass=0 icap:// > 127.0.0.1:1344/squidclamav > adaptation_access service_req allow all > icap_service service_resp respmod_precache bypass=0 icap:// > 127.0.0.1:1344/squidclamav > adaptation_access service_resp allow all > > thanks, > rob > > -- > Regards, > > Robert K Wild. > -- Regards, Robert K Wild. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squidguard replacement for squid if needed
Thanks for the heads up Mathus. By now I ended slapping Squid on the pfsense and go from there. Less hassle, a system I am familiar with and so far everything works fine in my lab. I will look up the new build for sure and if I can get this Ubuntu 20.04 LTS Server up and running with Squid and ufdbguard to work and filter, I will happily give that a shot. ___ Always exit with 42 to return the answer. ‐‐‐ Original Message ‐‐‐ On Thursday, September 30th, 2021 at 2:00 PM, wrote: > Send squid-users mailing list submissions to > > squid-users@lists.squid-cache.org > > To subscribe or unsubscribe via the World Wide Web, visit > > http://lists.squid-cache.org/listinfo/squid-users > > or, via email, send a message with subject or body 'help' to > > squid-users-requ...@lists.squid-cache.org > > You can reach the person managing the list at > > squid-users-ow...@lists.squid-cache.org > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of squid-users digest..." > > Today's Topics: > > 1. Running SMP workers on multi-core systems (Praveen Ponakanti) > 2. Re: Squidguard replacement for squid if needed > > (Matus UHLAR - fantomas) > > > Message: 1 > > Date: Wed, 29 Sep 2021 23:49:55 -0700 > > From: Praveen Ponakanti pponaka...@roblox.com > > To: squid-users@lists.squid-cache.org > > Subject: [squid-users] Running SMP workers on multi-core systems > > Message-ID: > > cacabjxmpcv+ixkrm9z7egfe9newn50n2g16_5vkje8oj7a6...@mail.gmail.com > > Content-Type: text/plain; charset="utf-8" > > Hi, > > I am trying to use the squid cache as an outbound HTTP/S proxy service for > > our production network and would like to scale up the request per sec by > > running it on multi-core systems. > > I have searched up the archives and config docs, but couldn't find anything > > more recent than the below on setting up SMP workers. > > https://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster > > https://wiki.squid-cache.org/ConfigExamples/MultiCpuSystem > > - Can someone please let me know if the config examples in those docs still > > apply to the latest version 5.1. > - Do we still need the combination of squid, frontend, backend.conf files, > > or is it enabled simply with the "workers" line in the main config file? > - When I attempt to run the squid server with "workers 4" in the > > squid.conf, I get the following error (one for each kid) and the main > > process does not bind to the "http_port 3128". I see several UDP ports > > opened up for each kid process. > > 2021/09/29 00:44:10 kid5| commBind Cannot bind socket FD 11 to [::]: > > (2) No such file or directory > - Does anyone have recommendations on the maximum number of workers to use > > on a 64 core host (assuming no other CPU intensive apps are running on the > > same host). Caching is not a must for our initial deployment, so we are > > fine disabling caching. > > Thanks > > Praveen > > -- next part -- > > An HTML attachment was scrubbed... > > URL: > http://lists.squid-cache.org/pipermail/squid-users/attachments/20210929/3899dcce/attachment-0001.htm > > Message: 2 > > Date: Thu, 30 Sep 2021 12:38:02 +0200 > > From: Matus UHLAR - fantomas uh...@fantomas.sk > > To: squid-users@lists.squid-cache.org > > Subject: Re: [squid-users] Squidguard replacement for squid if needed > > Message-ID: 20210930103802.ga25...@fantomas.sk > > Content-Type: text/plain; charset=us-ascii; format=flowed > > On 29.09.21 13:42, flauenroth wrote: > > > Apparently Debian/Ubunutu does not support openSSL anymore and uses GnuTLS > > > > whatever that thing is. Once again I feel savaged by "systemd". I knew, > > > > when I started the new job that it will be harsh but I did not expect it > > > > to be that different. > > funny, because a month ago debian 11 came out containing squid-gnutls and > > squid-openssl variants. > > > Coming from a UNIX backround using Linux and than Ubuntu Server 20.04LTS is > > > > well, an experience so to say. > > > Long story short, my best bet is to compile squid by myself and go from > > > > there right? > > try squid-openssl first. > -- > > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > > Warning: I wish NOT to receive e-mail advertising to this address. > > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > > Atheism is a non-prophet organization. > > > --- > > Subje
