Simple is Best

don't use squid as reverse proxy(like squid) before a mod_deflate/mod_gzip apache/lighty/web server, especial for dynamtic pages, otherwise the reverse proxy cached page will be special linked to only one client(because of ziped page contain http cookie ?), thus the efficiency of the proxy will become terrible and the load of the behind server will increase a lot(depend on cached your pages and vistors).
deep in finding a solution.

upgrade from squid 2.5 to 2.6 because of the new epoll support under linux kernel 2.6, but the most import reason is squid 2.6 now support ssl communcation between cache server and web server, which is NOT support in squid 2.5 version.
like 2.5, before compile 2.6 u should check max file descriptor and install openssl, then compile and install like below

./configure --prefix=/opt/squid2.6 --enable-large-cache-files --with-large-files --with-aufs-threads=3 --with-pthreads --with-aio --enable-storeio=diskd,ufs,aufs --enable-ssl --with-openssl=/opt/openssl

the squid config file is changed too much from version 2.5, the new reverse proxy config file like below, enable ssl support and no longer need the custom log patch:

http_port 80 accel defaultsite=www.yourdomain.com vhost protocol=http
https_port 443 accel defaultsite=www.yourdomain.com cert=/etc/ssl/cacert.pem key=/etc/ssl/privkey.pem
vhost protocol=https
ssl_unclean_shutdown on
sslproxy_flags DONT_VERIFY_PEER

cache_peer 123.123.123.123 parent 443 0 no-query originserver name=server_www1 ssl sslflags=DONT_VERIFY_PEER

cache_peer_domain server_www1 www.youdomain.com others.yourdomain.com

hierarchy_stoplist cgi-bin ?

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

cache_mem 256 MB
cache_dir diskd /opt/cachedir_2.6 4000 64 256

logformat combined %>a %ui %un [%{%d/%b/%Y:%H:%M:%S +0000}tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h"
access_log /opt/squid2.6/var/logs/access.log squid
cache_log /opt/squid2.6/var/logs/cache.log
cache_store_log none

hosts_file /etc/hosts

refresh_pattern -i .jsp 360 25% 720 override-expire ignore-reload
refresh_pattern -i .php 360 20% 720 override-expire ignore-reload
refresh_pattern -i .htm 360 25% 720 override-expire ignore-reload
refresh_pattern -i .html 360 25% 720 override-expire ignore-reload
refresh_pattern -i .js 360 25% 720 override-expire ignore-reload

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl webserver_networks src 123.123.213.64/24
http_access allow webserver_networks

acl www1 dstdomain www.yourdomain.com youdomain.net
http_access allow www1

acl PURGE method PURGE
acl me src 127.0.0.1
http_access allow PURGE me
http_access deny PURGE
http_access deny all
icp_access allow all

cache_mgr admin@yourdomain.com
visible_hostname squid.yourdomain.com

client_persistent_connections off
server_persistent_connections off

coredump_dir /opt/squid2.6/var/cache
when compile with openssl under centos4/rhel4, a known issue if OpenSSL is compiled as a static library will raise, and make will failed, resolve is so simple. after running squid configure, manually edit src/Makefile and add -ldl after -lcrypto, then make& make install will be ok.
the new config file is simple different from the old complex 2.5 version config,  the performance will increase about 20-30% in our test when compile it with epoll under high concurrent speed. but the stability is need  more  firm, we encountered a ssl leak bug in early version, so often watch the new version changelog to resolve your problem.

posted by devil4heaven  # 12:57 AM 0 Comments

old document about 3 years ago
using reverse proxy to increase customer visit speed, concurrent performance etc,we use squid cluster to cache our dynamic jsp file before our web server cluster.

first compile with gcc under linux, without openssl, if u want,pls compile with the -with-openssl option,then make&make install

./configure --prefix=/opt/squid --disable-internal-dns --enable-async-io --enable-storeio=diskd,ufs --enable-removal-policies --e
nable-cache-digests --enable-poll --enable-gnuregex

edit the default squid.conf, open HTTPD-ACCELERATOR OPTIONS and others like http_port, our simple config file below:

http_port 80
#https_port 443 cert=/etc/ssl/cacert.pem key=/etc/ssl/privkey.pem
icp_port 0
hierarchy_stoplist cgi-bin ?
cache_mem 128 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 6144 KB
maximum_object_size_in_memory 512 KB
ipcache_size 2048
fqdncache_size 2048
cache_replacement_policy heap GDSF
memory_replacement_policy heap LRU
cache_dir diskd /opt/cachedir 2048 32 256
#cache_access_log /opt/squid/var/logs/access.log
logformat combined %>a %ui %un [%{%d/%b/%Y:%H:%M:%S +0000}tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h"
cache_access_log /opt/squid/var/logs/access.log combined
cache_log /opt/squid/var/logs/cache.log
cache_store_log none
emulate_httpd_log on
debug_options ALL,1
dns_children 32
hosts_file /etc/hosts
redirect_children 50
redirect_rewrites_host_header off

auth_param basic children 50
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern -i .jsp 360 25% 720 override-expire ignore-reload
refresh_pattern -i .php 360 20% 720 override-expire ignore-reload
refresh_pattern -i .htm 360 25% 720 override-expire ignore-reload
refresh_pattern -i .html 360 25% 720 override-expire ignore-reload
refresh_pattern -i .js 360 25% 720 override-expire ignore-reload



connect_timeout 2 minute
peer_connect_timeout 60 seconds
read_timeout 10 minutes
request_timeout 60 seconds
persistent_request_timeout 60 seconds
client_lifetime 10 minutes
half_closed_clients off
pconn_timeout 1 seconds
ident_timeout 5 seconds
shutdown_lifetime 45 seconds

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl trust_group 123.123.123.0/255.255.255.0
acl SSL_ports port 443 563i
acl CONNECT method CONNECT
acl PURGE method PURGE
acl Safe_ports port 80 # http
acl Safe_ports port 443 563 # https, snews
acl PURGE method PURGE

http_access allow PURGE localhost
http_access deny PURGE
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow trust_group

http_access deny all
http_reply_access allow all
icp_access allow all

cache_mgr admin@youdomain.com
visible_hostname squid.youdomain.com

httpd_accel_port 80
httpd_accel_host 222.60.80.65
httpd_accel_single_host off
httpd_accel_with_proxy off
httpd_accel_uses_host_header on

memory_pools off
memory_pools_limit 100 MB

coredump_dir /opt/squid/var/cache
ie_refresh off



in the config file, i patched squid 2.5 with the customlog patch from squid-cache.org, using refresh_pattern to force squid cache the jsp/php file and ie_fresh to anti the F5 fresh under ms ie and open the ssl port as u wish etc.ps: increase system file-max parameters to anti squid run out of filedescriptor(squid max use 32768,suggest to change file-max more than it), otherwise in high traffic squid will run out of file descrptor and response slow and slow.
the last thing is the /etc/hosts file, edit it to  add the reverse cache domain name and  ip address which resolve to the behind web server. DON'T use the outside name server.

one week ago, the user trace table in our mysql database reached about 2,00,000,000 rows, it used about 40G tablespace,
but works great without any crash last 24 months after last change.
we are using innodb engine on old mysql4.0.x version(self compiled) with rhel3/4,it began at 2005,which migrated from mysql4/rhas2.1 to mysql4/rhel3.
but after the upgrade,the db often crashed and the log only gave me an innodb internal error. i try to upgrad mysql to mysql4.0.27 and it still happened,  checked INSTALL-SOURCE from mysql.tar.gz,nothing wrong,but can't resolve the crash.
we used the compile  in INSTALL-SOURCE like below
./configure \
--prefix=/opt/mysql --enable-assembler \
--with-mysqld-ldflags=-all-static
but recompile can't reslove the crash, after about two days search, finally found mysqld manual compile like below works unstable with new glibc2.3  from rhel3 which began support nptl .
the solution is sample, compile the mysql without the ldflags all-static mark,  compile like below:
./configure --prefix=/opt/mysql --with-extra-charsets=complex --enable-thread-safe-client --enable-local-infile --enable-assembler --without-debug
after this compile, the innodb engine works perfect with nptl from glibc2.3, the reason maybe glibc2.3's backward compatibility for LinuxThreads.
Maybe it's time for mysql.tar.gz update the INSTALL-SOURCE txt:)

About two months ago, we changed our database server from five years old IBM x360 to a new Dell poweredge 6850 with four dual-kernel xeon and 32 G memory and raid5 array. Because we encountered the x86_32 memory limit and the x360 is too old for it's stability. 
So we changed from x86_32 to x86_64. the operation system migrated from rhas3 to rhas4(we even used rhas2.1 about seven years ago) x86_64 version, and database still using the Oracle 9i(9208) x86_64, and the not to upgrade to Oracle 10G because our old running applications based on oracle old rbo NOT new cbl. 
After the successfull os/database install, i setup the kernel  shmmax to 30G, Oracle started successful with default 2G sga, then i changed sga to 26G memory for better performance ,but when  startup oracle under sqlplus, it gived me  a strange ora-27102  error.
i checked the kernel shmmni,shmall,sem and file-max parameters etc again,nothing goes wrong,strange, except the ora-27102. 
after many hours search, the reason raised from deep water. the DEFAULT shmall is 219702 under rhas4, so the system max use memory is 219702*PAGE_SIZE(default 4096)=8G, so when the oracle try to use more than 8G memory, kernel can't permit do this, error ora-21702 then come.
The resolve is sample, changed shmall to 32212254720(30G) under /etc/sysctl.conf, reboot system or /sbin/sysctl -p to let kernel accpet the new setting, then successed to startup oracle with 26G memory.
It's the sample but boring shmall parameter under rhel4 x86_64 kernel.