Preferred Squid compilation options.

Discussion regarding the installation and configuration of Linux distributions.

Preferred Squid compilation options.

Postby azfar » Mon Jan 15, 2007 1:47 pm

I am going to re-setup my squid box. I am on rhel 4. I want to know what options should I choose while compiling it. I have to setup it as transparent proxy as well. I dont want to know transparent proxy how-to but I am intrested in performance improvements

I have HT proccessor so I boot SMP kernel or nonSMP.
I have hundreds of users (2mb bandwidth) what cache size should i use.
What --enable-htcp, --enable-ssl, --enable-cache-digests, --enable-async-io do.

Thanks.
Azfar Hashmi
Email : azfarhashmi@hotmail.com
azfar
Captain
 
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
WLM: azfarhashmi@hotmail.com
Yahoo Messenger: azfarhusain@yahoo.com
Location: Karachi

Re: Preferred Squid compilation options.

Postby lambda » Mon Jan 15, 2007 2:24 pm

type "squid -v" and see what its configuration options are. it might already be configured with the options you want, and you might not need to recompile it at all. here's what mine says (the squid package on ubuntu 6.10):

Code: Select all

root@lunix:/etc/squid # squid -v
Squid Cache: Version 2.6.STABLE1
configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads' '--enable-storeio=ufs,aufs,diskd,null' '--enable-linux-netfilter' '--enable-linux-proxy' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--enable-underscores' '--enable-referer-log' '--enable-useragent-log' '--enable-auth=basic,digest,ntlm' '--enable-carp' '--with-large-files' 'i386-debian-linux' 'build_alias=i386-debian-linux' 'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux'
root@lunix:/etc/squid #


for other configuration settings:

set cache_mem to about 1/3rd or 1/4th the size of your memory.

if possible, put the disk cache on one drive and squid's logs/the operating system/etc on the other drive (and make sure they're on different controllers, if they're ide drives).

use aufs or diskd as the cache storage format, not ufs.

your squid process will spend a lot of time dealing with disk i/o, so it doesn't matter if you use the smp kernel or not.

run a nameserver on the same machine. i recommend dnscache, but bind will work fine, out of the box.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby azfar » Mon Jan 15, 2007 2:36 pm

Thanks.

What should i do for these
--with-large-files
--enable-large-cache-files

And you missed the cache size on HD.
Azfar Hashmi

Email : azfarhashmi@hotmail.com
azfar
Captain
 
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
WLM: azfarhashmi@hotmail.com
Yahoo Messenger: azfarhusain@yahoo.com
Location: Karachi

Postby lambda » Mon Jan 15, 2007 2:43 pm

azfar wrote:What should i do for these
--with-large-files
--enable-large-cache-files
that depends. do you need them?

And you missed the cache size on HD.
that's a strange question. if you have 100gb of disk space on the cache drive, why would you not use all of it for the cache? similarly, if you have 250gb, you'd use it all, wouldn't you?

do you really need me to tell you how much disk space you should use on your own server?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby azfar » Mon Jan 15, 2007 2:48 pm

I was just asking it becuase i am thinking that large cache can be slow down the squid perofrmance due to heavy i/o operations.
Azfar Hashmi

Email : azfarhashmi@hotmail.com
azfar
Captain
 
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
WLM: azfarhashmi@hotmail.com
Yahoo Messenger: azfarhusain@yahoo.com
Location: Karachi

Postby lambda » Mon Jan 15, 2007 2:57 pm

squid probably uses something more complex than this, but read up on how hashtables work.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby azfar » Mon Jan 15, 2007 2:59 pm

ok i select follwoing any objection.

--enable-async-io --with-pthreads --enable-storeio=ufs,aufs,diskd,null --enable-linux-netfilter --enable-poll --enable-removal-policies=lru,heap --enable-htcp --enable-cache-digests --enable-underscores --enable-auth=basic,digest,ntlm --with-large-files --enable-large-cache-files --enable-ssl --disable-hostname-checks


and do i realy need these modules to work ftp normaly.

ip_conntrack
ip_conntrack_ftp
ip_nat_ftp


and what refresh_pattern policy you suggest.

all my clients have public ips and this machine will work for them as gateway. and what about ssl traffic ?
Azfar Hashmi

Email : azfarhashmi@hotmail.com
azfar
Captain
 
Posts: 598
Joined: Tue Mar 23, 2004 1:16 am
WLM: azfarhashmi@hotmail.com
Yahoo Messenger: azfarhusain@yahoo.com
Location: Karachi


Return to “%s” Installation

Who is online

Users browsing this forum: No registered users and 2 guests

cron