# TAG: sslcrtd_children # The maximum number of processes spawn to service ssl server. # The maximum this may be safely set to is 32. # # The startup= and idle= options allow some measure of skew in your # tuning. # # startup=N # # Sets the minimum number of processes to spawn when Squid # starts or reconfigures. When set to zero the first request will # cause spawning of the first child process to handle it. # # Starting too few children temporary slows Squid under load while it # tries to spawn enough additional processes to cope with traffic. # # idle=N # # Sets a minimum of how many processes Squid is to try and keep available # at all times. When traffic begins to rise above what the existing # processes can handle this many more will be spawned up to the maximum # configured. A minimum setting of 1 is required. # # queue-size=N # # Sets the maximum number of queued requests. # If the queued requests exceed queue size for more than 3 minutes # squid aborts its operation. # The default value is set to 2*numberofchildren. # # You must have at least one ssl_crtd process. #Default: # sslcrtd_children 32 startup=5 idle=1
Feel free to read squid.conf.documented. 16.02.2018 19:03, erdosain9 пишет: > Hi. > Im having this warning in cache.log > > > 2018/02/14 15:56:55 kid1| WARNING: All 32/32 ssl_crtd processes are busy. > 2018/02/14 15:56:55 kid1| WARNING: 32 pending requests queued > 2018/02/14 15:56:55 kid1| WARNING: Consider increasing the number of > ssl_crtd processes in your config file. > > 2018/02/14 16:07:06 kid1| WARNING: All 35/35 negotiateauthenticator > processes are busy. > 2018/02/14 16:07:06 kid1| WARNING: 35 pending requests queued > 2018/02/14 16:07:06 kid1| WARNING: Consider increasing the number of > negotiateauthenticator processes in your config file. > > I know how to increase the negotiate authenticator... but, how can i > increase the ssl_crtd proceses??? > > Thanks to all. > > This is my config > > acl sin_autenticacion src "/etc/squid/listas/sin_autenticacion.lst" > > > ###Kerberos Auth with ActiveDirectory### > auth_param negotiate program /lib64/squid/negotiate_kerberos_auth -s > HTTP/squid.mydomain....@mydomain.lan > auth_param negotiate children 35 startup=0 idle=1 > auth_param basic credentialsttl 2 hours > auth_param negotiate keep_alive on > > > external_acl_type i-restringidos %LOGIN > /usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-restringi...@mydomain.lan > external_acl_type i-full %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl > -g i-f...@mydomain.lan > external_acl_type i-limitado %LOGIN > /usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-limit...@mydomain.lan > > acl i-restringidos external i-restringidos > acl i-full external i-full > acl i-limitado external i-limitado > > acl ads dstdom_regex "/etc/squid/listas/ad_block.lst" > http_access deny ads > > acl youtube url_regex -i \.flv$ > acl youtube url_regex -i \.mp4$ > acl youtube url_regex -i watch? > acl youtube url_regex -i youtube > acl facebook url_regex -i facebook > acl facebook url_regex -i fbcdn\.net\/v\/(.*\.mp4)\? > acl facebook url_regex -i fbcdn\.net\/v\/(.*\.jpg)\? > acl facebook url_regex -i akamaihd\.net\/v\/(.*\.mp4)\? > acl facebook url_regex -i akamaihd\.net\/v\/(.*\.jpg)\? > > acl restringidos dstdomain "/etc/squid/listas/restringidos.lst" > acl dominios_denegados dstdomain "/etc/squid/listas/dominios_denegados.lst" > > acl SSL_ports port 443 > acl SSL_ports port 4443 > acl SSL_ports port 8443 > acl SSL_ports port 8080 > acl SSL_ports port 20000 > acl SSL_ports port 10000 > acl SSL_ports port 2083 > > acl Safe_ports port 631 # httpCUPS > acl Safe_ports port 85 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 25 ######### > acl Safe_ports port 587 ######### > acl Safe_ports port 143 ######### > acl Safe_ports port 993 ######### > acl Safe_ports port 995 ######### > acl Safe_ports port 465 ######### > acl Safe_ports port 443 # https > acl Safe_ports port 4443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 8443 # httpsalt > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl Safe_ports port 8080 # edesur y otros > acl Safe_ports port 2199 # radio > acl CONNECT method CONNECT > > > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > > # Only allow cachemgr access from localhost > http_access allow localhost manager > http_access deny manager > > # We strongly recommend the following be uncommented to protect innocent > # web applications running on the proxy server who think the only > # one who can access services on "localhost" is a local user > http_access deny to_localhost > > http_access allow sin_autenticacion > http_access deny i-restringidos restringidos > http_access allow i-limitado !dominios_denegados > http_access allow i-full !dominios_denegados > http_access allow localhost > > http_access deny all > > http_port 127.0.0.1:3128 > http_port 192.168.1.215:3128 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myca.pem > key=/etc/squid/ssl_cert/myca.pem > > acl step1 at_step SslBump1 > > acl excludeSSL ssl::server_name_regex "/etc/squid/listas/excluidosSSL.lst" > > ssl_bump peek step1 > ssl_bump splice excludeSSL > ssl_bump bump all > > > cache_dir diskd /var/spool/squid 15000 16 256 > cache_mem 500 MB > > cache_swap_low 70 > cache_swap_high 85 > > coredump_dir /var/spool/squid > > > refresh_pattern -i \.jpg$ 30 0% 30 ignore-no-cache ignore-no-store > ignore-private > refresh_pattern -i ^http:\/\/www\.google\.com\/$ 0 20% 360 override-expire > override-lastmod ignore-reload ignore-no-cache ignore-no-store > reload-into-ims ignore-must-revalidate > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > delay_pools 5 > > #Ancho de Youtube > delay_class 1 2 > delay_parameters 1 1000000/1000000 20000/150000 > delay_access 1 allow i-limitado youtube !facebook > delay_access 1 deny all > > #Ancho de Facebook > delay_class 2 2 > delay_parameters 2 1000000/1000000 50000/256000 > delay_access 2 allow i-limitado facebook !youtube > delay_access 2 deny all > > #Ancho de banda YOUTUBE FULL > delay_class 3 1 > delay_parameters 3 1000000/1000000 > delay_access 3 allow i-full youtube !facebook > delay_access 3 deny all > > #Ancho de banda LIMITADO > delay_class 4 2 > delay_parameters 4 4000000/4000000 200000/400000 > delay_access 4 allow i-limitado !youtube !facebook > delay_access 4 deny all > > #Ancho de banda FULL > delay_class 5 2 > delay_parameters 5 4000000/4000000 500000/1000000 > delay_access 5 allow i-full !youtube !facebook > delay_access 5 deny all > > dns_nameservers 192.168.1.107 192.168.1.222 > > forward_max_tries 25 > > dns_v4_first on > > > > > > -- > Sent from: > http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -- ***************************** * C++20 : Bug to the future * *****************************
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
