Slow server ¿?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Slow server ¿?

erdosain9
Hi.
Can somebody tell why the squid server it's going slow???

top - 15:05:21 up  3:52,  1 user,  load average: 0,93, 2,15, 10,85
Tasks: 186 total,   1 running, 185 sleeping,   0 stopped,   0 zombie
%Cpu(s):  1,7 us,  0,5 sy,  0,0 ni, 97,2 id,  0,7 wa,  0,0 hi,  0,0 si,  0,0 st
KiB Mem :  3882708 total,   110044 free,  1934236 used,  1838428 buff/cache
KiB Swap:  2097148 total,  2087324 free,     9824 used.  1646000 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND    
 2142 squid     20   0 1127580 0,977g   9244 S   3,7 26,4  65:15.76 squid      
 2171 squid     20   0   52788   3404   2292 S   0,7  0,1  10:54.76 negotiate_+
  939 clamscan  20   0 1437976 553640   9036 S   0,3 14,3   2:03.58 clamd      
    1 root      20   0   41148   3156   2368 S   0,0  0,1   0:01.56 systemd    
    2 root      20   0       0      0      0 S   0,0  0,0   0:00.00 kthreadd    
    3 root      20   0       0      0      0 S   0,0  0,0   0:00.23 ksoftirqd/0
    7 root      rt   0       0      0      0 S   0,0  0,0   0:00.32 migration/0
    8 root      20   0       0      0      0 S   0,0  0,0   0:00.00 rcu_bh      
    9 root      20   0       0      0      0 S   0,0  0,0   0:00.00 rcuob/0    
   10 root      20   0       0      0      0 S   0,0  0,0   0:00.00 rcuob/1    
   11 root      20   0       0      0      0 S   0,0  0,0   0:26.01 rcu_sched  
   12 root      20   0       0      0      0 S   0,0  0,0   0:12.05 rcuos/0    
   13 root      20   0       0      0      0 S   0,0  0,0   0:25.08 rcuos/1    
   14 root      rt   0       0      0      0 S   0,0  0,0   0:00.05 watchdog/0  
   15 root      rt   0       0      0      0 S   0,0  0,0   0:00.05 watchdog/1  
   16 root      rt   0       0      0      0 S   0,0  0,0   0:00.00 migration/1
   17 root      20   0       0      0      0 S   0,0  0,0   0:04.11 ksoftirqd/1

Config file
*-----------------------------------------------------------------------------------------**


####GRUPOS DE IP
acl sin_autenticacion src "/etc/squid/listas/sin_autenticacion.lst"
acl red6 src 192.168.6.0/24

###Kerberos Auth with ActiveDirectory###
auth_param negotiate program /lib64/squid/negotiate_kerberos_auth -s HTTP/squid.xxxxxxx.lan@xxxxxxx.LAN
auth_param negotiate children 35 startup=0 idle=1
auth_param negotiate keep_alive off


external_acl_type i-full %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-full@xxxxxxx.LAN
external_acl_type i-limitado %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-limitado@xxxxxxx.LAN
external_acl_type i-sinlimite %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -g i-sinlimite@xxxxxxx.LAN


#GRUPOS
acl i-full external i-full
acl i-limitado external i-limitado
acl i-sinlimite external i-sinlimite

####Bloquea Publicidad ( http://pgl.yoyo.org/adservers/ )
acl ads dstdom_regex "/etc/squid/listas/ad_block.lst"
http_access deny ads


####Streaming
acl youtube url_regex -i \.flv$
acl youtube url_regex -i \.mp4$
acl youtube url_regex -i watch?
acl youtube url_regex -i youtube
acl facebook url_regex -i facebook
acl facebook url_regex -i fbcdn\.net\/v\/(.*\.mp4)\?
acl facebook url_regex -i fbcdn\.net\/v\/(.*\.jpg)\?
acl facebook url_regex -i akamaihd\.net\/v\/(.*\.mp4)\?
acl facebook url_regex -i akamaihd\.net\/v\/(.*\.jpg)\?

##Dominios denegados
acl dominios_denegados dstdomain "/etc/squid/listas/dominios_denegados.lst"

##Extensiones bloqueadas
acl multimedia urlpath_regex "/etc/squid/listas/multimedia.lst"

##Extensiones peligrosas
acl peligrosos urlpath_regex "/etc/squid/listas/peligrosos.lst"


#Puertos
acl SSL_ports port 443
acl SSL_ports port 8443
acl SSL_ports port 8080
acl SSL_ports port 20000
acl SSL_ports port 10000
acl SSL_ports port 2083

acl Safe_ports port 631         # httpCUPS
acl Safe_ports port 85
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 8443        # httpsalt
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 8080        # edesur y otros
acl Safe_ports port 2199 # radio
acl CONNECT method CONNECT


#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localhost
http_access allow i-sinlimite
http_access allow sin_autenticacion
http_access allow i-limitado #!dominios_denegados
http_access allow i-full #!dominios_denegados

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 192.168.1.215:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=5MB cert=/etc/squid/ssl_cert/myca.pem key=/etc/squid/ssl_cert/myca.pem

acl step1 at_step SslBump1

acl excludeSSL ssl::server_name_regex "/etc/squid/listas/excluidosSSL.lst"

ssl_bump peek step1
ssl_bump splice excludeSSL
ssl_bump bump all


# Uncomment and adjust the following to add a disk cache directory.
cache_dir diskd /var/spool/squid 15000 16 256
cache_mem 256 MB

cache_swap_low 90
cache_swap_high 95

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid


#Your refresh_pattern
refresh_pattern -i \.jpg$ 30 0% 30 ignore-no-cache ignore-no-store ignore-private

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

###ACTIVAR EN CASO DE "Connection reset by peer" EN MUCHOS HOST
via off
forwarded_for delete
###

#Pools para ancho de banda
delay_pools 5

#Ancho de Youtube
delay_class 1 2
delay_parameters 1 1000000/1000000 50000/512000
delay_access 1 allow i-limitado youtube !facebook
delay_access 1 deny all

#Ancho de Facebook
delay_class 2 2
delay_parameters 2 1000000/1000000 50000/512000
delay_access 2 allow i-limitado facebook !youtube
delay_access 2 deny all

#Ancho de banda YOUTUBE FULL
delay_class 3 1
delay_parameters 3 1000000/1000000
delay_access 3 allow i-full youtube !facebook
delay_access 3 deny all

#Ancho de banda LIMITADO
delay_class 4 3
delay_parameters 4 3000000/3000000 1000000/1000000 256000/512000
delay_access 4 allow i-limitado !youtube !facebook
delay_access 4 deny all

#Ancho de banda FULL
delay_class 5 3
delay_parameters 5 1500000/1500000 750000/750000 256000/512000
delay_access 5 allow i-full !youtube !facebook
delay_access 5 deny all

dns_nameservers 192.168.1.200 8.8.8.8
#dns_nameservers 8.8.8.8 8.8.4.4
visible_hostname squid.xxxxxxx.lan

# try connecting to first 25 ips of a domain name
forward_max_tries 25

# fix some ipv6 errors (recommended to comment out)
dns_v4_first on

# c-icap integration
# -------------------------------------
# Adaptation parameters
# -------------------------------------
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squidclamav bypass=on
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://127.0.0.1:1344/squidclamav bypass=off
adaptation_access service_avi_resp allow all
# end integration

Reply | Threaded
Open this post in threaded view
|

Re: Slow server ¿?

Amos Jeffries
Administrator
On 16/05/17 06:52, erdosain9 wrote:
> Hi.
> Can somebody tell why the squid server it's going slow???

Please define "slow".

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Slow server ¿?

erdosain9

Hi.
The server is serving web pages very slow.
Not related to bandwith of delay pools.......
Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Slow server ¿?

dijxie
On 2017-05-17 19:43, erdosain9 wrote:

> Hi.
> The server is serving web pages very slow.
> Not related to bandwith of delay pools.......
> Thanks
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Slow-server-tp4682400p4682440.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

Just check every mgr item listed in mgr:menu with squidclient or do some
basic setup for cachemgr.cgi - it's not so hard after all.
At this point, it can be literally everything. Negotiate helpers or slow
KDC reply can be an issue, as well as slow dns response. Disk cache
problem. Even rsyslog, if used. Just anything.

--
Greets, Dijx.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users