Thanks Yuri. That helps. As for the "sslproxy_flags
DONT_VERIFY_PEER", yes I understand the risks. In my specific case,
where my "users" are actually a bunch of automated web clients doing
some web crawling it's the right thing to do.
--
Aaron Turner
https://sy
allow all
sslproxy_flags DONT_VERIFY_PEER
This was on a machine (EC2 VM) with 14GB of RAM.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from nothin
What version are you using Yuri? Can you share your config?
Everytime I use ssl bump, I have massive memory leaks. It's been
effectively unusable for me.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to bein
27;ve attached the two files incase someone with more experience can
find something useful.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from nothing,
Unless you have very very narrow bump requirements for only domains
you control, I don't see much use in that.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Someth
_size 100 MB
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from nothing,"
he
So it's leaking memory and not tracking it? Clearly 'top' is showing
it is using a lot of memory and growing over time. I'm happy to do
more tests/etc, but right now I can't go into production with this
memory leak. Should I try squid4?
--
Aaron Turner
https://sy
Anyone see anything useful?
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from nothing,"
he said. This is profound thinking if you unde
Run multiple instances of squid, one per IP address? I'm not aware of
some magic config option to do what you want.
Seriously though, using a proxy to control your outgoing IP address is
weird.Use setsockopt(SO_BINDTODEVICE) in your code.
--
Aaron Turner
https://synfin.net/ Tw
2.834g 1.008g S 29.2 19.8 230:23.30 squid
3189 squid 20 0 3033460 2.680g 1.008g R 27.0 18.8 226:17.63 squid
https://synfin.net/misc/mgr_mem_1000.txt
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the
If you don't need a proxy server for other reasons, there are better
ways. Example, per-process routing:
http://www.evolware.org/?p=369
Or if you have control over the source code of the software,
setsockopt() will do it for you as well.
--
Aaron Turner
https://synfin.net/ Tw
ion of
what is using all that resident memory.
I've grabbed a few of the mgr:mem output spanning the test and
uploaded them here since I hate sending attachments to lists:
https://synfin.net/misc/watch_share.tar.gz
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once
GET
https://static.licdn.com/sc/h/ddzuq7qeny6qn0ysh3hj6pzmr -
HIER_DIRECT/192.229.163.180
26/Sep/2017:20:14:54 3 10.93.3.47 TCP_MISS/200 11259 GET
https://static.licdn.com/sc/h/ddzuq7qeny6qn0ysh3hj6pzmr -
HIER_DIRECT/192.229.163.180
--
Aaron Turner
https://synfin.net/ Twitter
rst I thought the bus error was hardware, but it's happened on
two different EC2 instances now.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from no
at doesn't seem to be a complete fix.
I can't for the life of me understand why the low hit rate though.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something
emory usage
increase in top (virtual, resident & shared) as well as in mgr:info's
"Total accounted" line. It's not growing as fast before when I didn't
have the sslflags option, but it is growing.
What other information would be useful to debug this?
--
Aaron Turner
ht
Write a small shell script to generate it for you? I don't think
squid supports ranges or mapping of this sort.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Someth
erns. Anything else I can/should do/consider?
Honestly, I'm not sure what the impact of this bug really is? Is it
just a cache miss or???
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for
ack once I enabled the rock. I'm still working on
tuning my squid caching preferences to match our needs, so I may have
more info later.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morali
estimating about 50% of my traffic is SSL so bumping SSL
connections is pretty important.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from nothing,
load
decreases, blocks will be freed until the high-water mark is
reached. Thereafter, blocks will be used to store hot
objects."
Not sure if this is the cause of my problem? Maybe something else?
The FAQ says try a different malloc, so tried recompiling with
--enable-dlmalloc, but tha
he clients reside.
Mostly I'm using it for squid failover and cache affinity so I don't
have to make all my caches peers of each other.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all
Version: 3.5.26 on CentOS 7.3 on AWS EC2 m3.xlarge and 2x 100GB EBS
volumes for rock cache.
Doing some basic system tests and we're seeing a bunch of errors like:
2017/09/22 22:43:15 kid1| Bug: Missing MemObject::storeId value
2017/09/22 22:43:15 kid1| mem_hdr: 0x7f169d0a2a70 nodes.start() 0x7f16
Fair enough. I can understand why Squid would want to do that for
user security purposes.
Sounds like having a single layer/wide cache using the rock cache is
the way to go. Probably would end up fixing a lot of issues I'm
seeing.
--
Aaron Turner
https://synfin.net/ Twitter: @synfi
Thanks Amos. I didn't realize that %>ha{} was a valid format.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from nothing,"
he said.
is a miss, then hit the slower disk cache/outbound network
connection.
Thanks,
Aaron
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from nothing,&quo
ke there's some stale state being left on the filesystem which
is causing this problem, but I'm at a loss to figure out where/what it
is.
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all mor
Followup: I tried %{My-Custom-Client-Id}>h with 3.5.26 and squid
errors out. Looking at the 3.5.x docs
(http://www.squid-cache.org/Versions/v3/3.5/cfgman/external_acl_type.html),
nothing there indicates it supports the logformat method? Looks like
that's a 4.0+ feature?
--
Aaron Turn
Fyi, the 3.5.x docs is where I learned that format:
http://www.squid-cache.org/Versions/v3/3.5/cfgman/external_acl_type.html
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality
On Thu, Aug 24, 2017 at 5:16 PM, Alex Rousskov
wrote:
> On 08/24/2017 06:00 PM, Aaron Turner wrote:
>> So I've deployed squid in forward mode, installed the CA in my web
>> clients, etc and have squid working fine for both http and https
>> traffic.
>
> Forgive me
bly 50% of my traffic is
https.
Thanks!
--
Aaron Turner
https://synfin.net/ Twitter: @synfinatic
My father once told me that respect for the truth comes close to being
the basis for all morality. "Something cannot emerge from nothing,"
he said. This is profound thinking if you under
31 matches
Mail list logo
