Simple is Best

upgrade from squid 2.5 to 2.6 because of the new epoll support under linux kernel 2.6, but the most import reason is squid 2.6 now support ssl communcation between cache server and web server, which is NOT support in squid 2.5 version.
like 2.5, before compile 2.6 u should check max file descriptor and install openssl, then compile and install like below

./configure --prefix=/opt/squid2.6 --enable-large-cache-files --with-large-files --with-aufs-threads=3 --with-pthreads --with-aio --enable-storeio=diskd,ufs,aufs --enable-ssl --with-openssl=/opt/openssl

the squid config file is changed too much from version 2.5, the new reverse proxy config file like below, enable ssl support and no longer need the custom log patch:

http_port 80 accel defaultsite=www.yourdomain.com vhost protocol=http
https_port 443 accel defaultsite=www.yourdomain.com cert=/etc/ssl/cacert.pem key=/etc/ssl/privkey.pem
vhost protocol=https
ssl_unclean_shutdown on
sslproxy_flags DONT_VERIFY_PEER

cache_peer 123.123.123.123 parent 443 0 no-query originserver name=server_www1 ssl sslflags=DONT_VERIFY_PEER

cache_peer_domain server_www1 www.youdomain.com others.yourdomain.com

hierarchy_stoplist cgi-bin ?

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

cache_mem 256 MB
cache_dir diskd /opt/cachedir_2.6 4000 64 256

logformat combined %>a %ui %un [%{%d/%b/%Y:%H:%M:%S +0000}tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h"
access_log /opt/squid2.6/var/logs/access.log squid
cache_log /opt/squid2.6/var/logs/cache.log
cache_store_log none

hosts_file /etc/hosts

refresh_pattern -i .jsp 360 25% 720 override-expire ignore-reload
refresh_pattern -i .php 360 20% 720 override-expire ignore-reload
refresh_pattern -i .htm 360 25% 720 override-expire ignore-reload
refresh_pattern -i .html 360 25% 720 override-expire ignore-reload
refresh_pattern -i .js 360 25% 720 override-expire ignore-reload

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl webserver_networks src 123.123.213.64/24
http_access allow webserver_networks

acl www1 dstdomain www.yourdomain.com youdomain.net
http_access allow www1

acl PURGE method PURGE
acl me src 127.0.0.1
http_access allow PURGE me
http_access deny PURGE
http_access deny all
icp_access allow all

cache_mgr admin@yourdomain.com
visible_hostname squid.yourdomain.com

client_persistent_connections off
server_persistent_connections off

coredump_dir /opt/squid2.6/var/cache
when compile with openssl under centos4/rhel4, a known issue if OpenSSL is compiled as a static library will raise, and make will failed, resolve is so simple. after running squid configure, manually edit src/Makefile and add -ldl after -lcrypto, then make& make install will be ok.
the new config file is simple different from the old complex 2.5 version config,  the performance will increase about 20-30% in our test when compile it with epoll under high concurrent speed. but the stability is need  more  firm, we encountered a ssl leak bug in early version, so often watch the new version changelog to resolve your problem.

posted by devil4heaven  # 12:57 AM