[squid-users] Cache die
After trying every setting I am still asking the same question on a SG2100MAX 4GB ram 128GB disk and a NVMe 250 Optane m.2 drive over mpcie adapter. What is recommended disk cache ? Ufs aufs or diskd? What is the recommended memory cache? I currently have it set to ufs 16 level 1 folders For memory lru What should it be? Diskd? I have tried every setting from 256 level one folders to 32 to 16 every different type of memory catch types all the memory types schemes were using and I just can’t seem to find one that is performance wise the best so I thought After many years of trying that I should just email you guys . Sent from my iPhone ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Using and trusting remote client IP address via upstream proxy
On 1/9/25 02:03, Stephen Borrill wrote:
> On 08/01/2025 23:33, Orion Poplawski wrote:
>> We use e2guardian and squid in a combined method were requests can either go
>> to e2guardian first and get forwarded to squid, or go directly to squid.
>>
>> I would like to be able to have squid allow connections for certain remote
>> client IPs without requiring authentication. However, the connections that
>> come in through e2guardian appear to squid as coming from localhost. Is
>> there
>> a way that e2guardian could pass the IP address of the client on to squid?
>
> You don't say how you select between e2guardian and direct to squid.
> You could use e2guardian in ICAP mode, so that all clients go to squid first
> and then use acls to choose which requests go via e2guardian.
It ends up not really mattering I think for this application.
> You could also try adding forwardedfor = yes in e2guardian.conf along with
> follow_x_forwarded_for in your squid configuration.
I set that in e2guardian.conf and in squid.conf I ended up with:
# Trust X-Forwarded-For from local e2g connections
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow localnet
acl_uses_indirect_client on
log_uses_indirect_client off
# Do not pass X-Forwarded-For on
forwarded_for delete
And I added the forwarded-for to the log explicitly as I do still want to
distinguish between the direct and e2g proxied connections:
logformat squidlocal %{%Y-%m-%dT%H:%M:%S}tl.%03tu%{%z}tl %6tr %>a %Ss/%03>Hs
%h
Thanks to you and Matus for the suggestions.
--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of IT Systems 720-772-5637
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
smime.p7s
Description: S/MIME Cryptographic Signature
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
[squid-users] Cache dir
Sorry I had my iPhone do a voice to text, I do not understand how a Tesla can drive so well but voice to text looks wrong. After trying every setting inside of Squid I thought I should ask I have 4bg ram and 128GB M.2 SSD onboard disk I am using a NVMe secondary Intel Optane M.2 drive for my cache. What is a good recommendation for Hard Drive Cache System I use UFS but AUFS inside of the Squid definitive guide says it is way faster like formula one versus UFS the options I have are UFS AUFS DISKD, I have 16 Level 1 directories my memory replacement policy is LRU for memory cache it seems to run better with that, my options for memory replacement policy are HEAP GDSF I assume any HEAP will require more memory, HEAP LFUDF, HEAP LRU and just LRU. I also have a Cache Replacement policy with the same options I have it set to Heap LFUDA that is the default. Squid Memory cache Size I have set to default 64MB with max object size 256kb for the memory, for disk I have 256GB available I only have it set to 32000MB or 3.2GB for fear of overloading the RAM when it fills up. for level 1 directories I can have 4,8,16,32,64,128,256 each layer one containers 256 sub directories so this could hog memory if you did 256*256=65,536 I imagine not ok with only 4GB I have onboard memory I can’t make it any bigger. I use this with SSL intercept it does cache and works well I just want to get rid of the lag on news websites. rewrite process children I have it set max 25 with process children startup at 12 and idle at 8 SSL certificate deamon children I have it set to start 10 it runs well I have tried many different things as you know from all the emails, I am sorry it is the most fascinating software to me. Code that runs as fast as the internet. Is there any thing I can do to make it go faster? Some website have a lag fox news yahoo only do on the SSL intercept devices the splice devices never have any issues, its lighting fast for them. I thought I should finally ask after 4-5 years of doing changes. I have got it to work as fast as I can on my own, time to ask the community. Thanks again sorry for the weird email before. > On Jan 9, 2025, at 15:24, Jonathan Lee wrote: > > After trying every setting I am still asking the same question on a SG2100MAX > 4GB ram 128GB disk and a NVMe 250 Optane m.2 drive over mpcie adapter. What > is recommended disk cache ? Ufs aufs or diskd? What is the recommended memory > cache? > > I currently have it set to ufs 16 level 1 folders > > For memory lru > > What should it be? Diskd? > > > I have tried every setting from 256 level one folders to 32 to 16 every > different type of memory catch types all the memory types schemes were using > and I just can’t seem to find one that is performance wise the best so I > thought After many years of trying that I should just email you guys . > Sent from my iPhone ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Using and trusting remote client IP address via upstream proxy
On 08.01.25 16:33, Orion Poplawski wrote: We use e2guardian and squid in a combined method were requests can either go to e2guardian first and get forwarded to squid, or go directly to squid. I would like to be able to have squid allow connections for certain remote client IPs without requiring authentication. However, the connections that come in through e2guardian appear to squid as coming from localhost. Is there a way that e2guardian could pass the IP address of the client on to squid? if e2guardian provides x-forwarded-for header, squid can use it: http://www.squid-cache.org/Doc/config/follow_x_forwarded_for/ note that you should this header should be only trusted when you trust the client, localhost should be fine -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Enter any 12-digit prime number to continue. ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Using and trusting remote client IP address via upstream proxy
On 08/01/2025 23:33, Orion Poplawski wrote: We use e2guardian and squid in a combined method were requests can either go to e2guardian first and get forwarded to squid, or go directly to squid. I would like to be able to have squid allow connections for certain remote client IPs without requiring authentication. However, the connections that come in through e2guardian appear to squid as coming from localhost. Is there a way that e2guardian could pass the IP address of the client on to squid? You don't say how you select between e2guardian and direct to squid. You could use e2guardian in ICAP mode, so that all clients go to squid first and then use acls to choose which requests go via e2guardian. You could also try adding forwardedfor = yes in e2guardian.conf along with follow_x_forwarded_for in your squid configuration. -- Stephen ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
