Hi
I have 25Mbit internet connection, ( cable ) and i have installed squid3 proxy server on one of my local LAN pc. All the pcs are connected to MT 750G box. I have only 3 pcs, and are connected to 2, 3rd, 4th, port on MTik box.
I had configure the squid and it works, but it is so slow i get around 50kbs -4 Mbps download cached files from squid3. Those files are ex: zip, youtube movies, iso etc. They are so slow i have no idea why? is that.
I should be able to download the cached content at full speed, like 5Mbs, or around 50 Mbits, but i stuck with Kbs lol.
All the ethernet NICs are 100 or 1000 on MT.
I dont know what can cause it.
Just for now i put the proxy config in user browser for simplysiti.
Any help would be appriciated.
I use for it nginx web server:81 and some script rubin or something.
Here is my Squid config file:
Coppied from net:
\
Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
Example rule allowing access from your local networks.
Adapt to list your (internal) IP networks from where browsing
should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl Safe_ports port 1-65535
acl CONNECT method GET POST HEAD CONNECT PUT DELETE # http
acl block-fnes urlpath_regex -i .*/fnes/echo
#Enable ecap module for gzip compression
#ecap_enable on
#ecap_service gzip_service respmod_precache 0 ecap://www.vigos.com/ecap_gzip
#loadable_modules /usr/local/lib/ecap_adapter_gzip.so
#acl GZIP_HTTP_STATUS http_status 200
#adaptation_access gzip_service allow GZIP_HTTP_STATUS
Recommended minimum Access Permission configuration:
Only allow cachemgr access from localhost
http_access deny block-fnes
http_access allow all
Deny requests to certain unsafe ports
Deny CONNECT to other than secure SSL ports
We strongly recommend the following be uncommented to protect innocent
web applications running on the proxy server who think the only
one who can access services on .localhost. is a local user
#http_access deny to_localhost
INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#cache_peer 192.168.1.1 parent 8080 0 default no-query no-digest no-netdb-exchange
#never_direct allow all
Example rule allowing access from your local networks.
Adapt localnet in the ACL section to list your (internal) IP networks
from where browsing should be allowed
allow localhost always proxy functionality
And finally deny all other access to this proxy
Squid normally listens to port 3128
http_port 8080 transparent
We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
##------ Uncomment and adjust the following to add a disk cache directory.
##cache_dir ufs /var/cache/squid 51200 36 256
cache_dir ufs /media/proxy/cache1 4000 16 256
Leave coredumps in the first cache dir
##coredump_dir /var/cache/squid
coredump_dir /media/proxy/var/spool/squid3
\
How much days to keep users access web logs
You need to rotate your log files with a cron job. For example:
0 0 * * * /usr/local/squid/bin/squid -k rotate
logfile_rotate 14
debug_options ALL,1
cache_access_log /media/proxy/var/log/squid3/access.log
cache_log /media/proxy/var/log/squid3/cache.log
cache_store_log /media/proxy/var/log/squid3/store.log
\
Add any of your own refresh_pattern entries above these.
refresh_pattern -i .(html|htm|html?|htm?)$ 9440 90% 100000 override-expire reload-into-ims
refresh_pattern -i .(gif|png|jpg|jpeg|ico|bmp|tiff|webp|bif|gif?|png?|jpg?|jpeg?|ico?|bmp?|tiff?|webp?|bif?)$ 36000 90% 100000 override-expire reload-into-ims ignore-reload
refresh_pattern .(swf|swf?|js|js?|wav|css|css?|class|dat|zsci)$ 36000 90% 100000 override-expire reload-into-ims
refresh_pattern -i .(bin|deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|docx|tiff|pdf|uxx|gz|xls|xlsx|psd|crl|msi|dll|dll?|crx|enc|skl|arc)$ 36000 90% 100000 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i .(xml)$ 0 90% 100000
refresh_pattern -i .(json|json?)$ 1440 90% 5760 override-expire reload-into-ims
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern ^ftp: 5440 90% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i . 0 90% 5760
ignore_expect_100 on
log_icp_queries off
minimum_object_size 0 KB
#buffered_logs on
pipeline_prefetch on
cache_effective_user squid
cache_effective_group squid
#dns_v4_fallback on
header_replace User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.2
#header_replace User-Agent Mozilla/5.0 (X11; U;) Gecko/20080221 Firefox/2.0.0.9
maximum_object_size 250 MB
maximum_object_size_in_memory 1 MB
visible_hostname shadow
unique_hostname shadow-DHS
client_db off
cache_store_log none
positive_dns_ttl 16 day
shutdown_lifetime 0 second
cache_mem 768 MB
ipcache_size 8192
fqdncache_size 8192
request_header_max_size 256 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LRU
memory_pools on
read_ahead_gap 1 MB
access_log none
half_closed_clients off
\
Youtube Cache Section [zaib]
url_rewrite_program /etc/nginx/nginx.rb
url_rewrite_host_header off
acl youtube_videos url_regex -i ^http://[^/]+.youtube.com/videoplayback?
acl range_request req_header Range .
acl begin_param url_regex -i [?&]begin=
acl id_param url_regex -i [?&]id=
acl itag_param url_regex -i [?&]itag=
acl sver3_param url_regex -i [?&]sver=3
cache_peer 127.0.0.1 parent 8081 0 proxy-only no-query connect-timeout=10
cache_peer_access 127.0.0.1 allow youtube_videos id_param itag_param sver3_param !begin_param !range_request
cache_peer_access 127.0.0.1 deny all