Servidor parou, será que é memória?
Olá Luciano, boa tarde e parabéns por mais esse bom trabalho.
Eu tinha aqui na minha rede um servidor montato com base no tutorial https://under-linux.org/f128818-tuto...mk-3-13-3-22-a que rodava direitinho e nunca travou, porem percebi que aos pouscos deixou de fazer cache de alguns videos.
Resolvi atualiza-lo utilizando esse novo script e rodou tudo direitinho de primeira, sem nenhum problema e estava funcionando a dois dias direto. Agora a pouco percebemos que o mesmo travou e estava aparecendo a seguinte mensagem:
Debian Login: [148677 - 200109] out of memory: kill process 2647 (squid) score 589 68 or child
[148677.200200] killed process 2651 (squid)
Gostaria da opnião de vocês pois não sei o que pode estar acontecendo. Estou em dúvida se isso é um problema de memória ram ou o squid está travando.
Vale resaltar que ela jamais travou na versão do script antigo.
Hardware: Core 2 Duo 2.8 - 4Gb de ram - Hd de 750Gb sata
Caso seja o squid como posso resolver?
Atenciosamente
Evilazio
seguem as informação solicitadas...
Citação:
Postado originalmente por
m4d3
Obrigado pelo review, se puder responder as questões abaixo talvez possamos te ajudar:
Qual a distribuição do linux e plataforma (32 ou 64bits) ?
Qual a versão anterior e atual do thunder?
Poste suas configurações do squid.conf, thunder.conf e o que mais julgar necessário.
Rode o comando 'free' e plublique o resultado.
Rode o comando 'df -h' e publique o resultado.
Abraço
Resalto que não fiz nenhuma alteração em nenhum arquivo desde a instalação está tudo padrão.
Estou usando o Debian 5.0 32bits
A versão anterior do Thunder era a 2.1 e agora a 3 conforme o script deste post.
/etc/squid/squid.conf
http_port 3128 transparent
visible_hostname conprove
icp_port 0
error_directory /usr/share/squid/errors/Portuguese/
#===================================================================#
# NEGA CACHE A CONTEUDO DINAMICO CONTENDO CGI-BIN
#===================================================================#
#acl QUERY urlpath_regex cgi-bin \?
#cache deny QUERY
#===================================================================#
# SERVIDORES DNS E POLITICA
#===================================================================#
dns_nameservers 192.168.10.253 208.67.222.222 208.67.220.220
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
#===================================================================#
# ACESSO DIRETO A DETERMINADOS SITES
#===================================================================#
#acl directd dstdomain url_regex -i "/etc/squid/nocache.lst"
#acl directd dstdomain .siteacessodireto.net
#always_direct allow directd
#cache deny directd
refresh_pattern -i \.jpg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.gif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.png$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.jpeg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.bmp$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tiff$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.swf$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.html$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.htm$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtml$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtm$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.nub$ 2880 80% 21600 reload-into-ims
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 8640
refresh_pattern -i exe$ 0 50% 999999
refresh_pattern -i zip$ 0 50% 999999
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl con_clients dst 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12
acl purge method PURGE
acl CONNECT method CONNECT
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager localhost con_clients
http_access deny manager all
icp_access allow purge localhost con_clients
icp_access deny purge all
#===================================================================#
# NEGA CACHE DE ARQUIVOS ASX E ASF - STREAMING
#===================================================================#
acl asx url_regex -i \.asx$
cache deny asx
acl asf url_regex -i \.asf$
cache deny asf
#===================================================================#
# BLOQUEIO DE ARQUIVOS SUSPEITOS
#===================================================================#
acl vbs url_regex -i .*\.VBS$
http_access deny vbs
acl scr url_regex -i .*\.SCR$
http_access deny scr
acl cmd url_regex -i .*\.CMD$
http_access deny cmd
acl pif url_regex -i .*\.PIF$
http_access deny pif
#===================================================================#
# USO DA MEMORIA E DISCO PELO SQUID
#===================================================================#
cache_mem 400 MB
cache_swap_low 80
cache_swap_high 95
#===================================================================#
# TAMANHO DOS ARQUIVOS EM CACHE
#===================================================================#
maximum_object_size 100 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 32 KB
#===================================================================#
# POLITICA DE SUBSTITUIÇO DO CACHE
#===================================================================#
cache_replacement_policy heap LFUDA
memory_replacement_policy lru
ipcache_size 4096
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
max_filedescriptors 1024
cache_dir aufs /var/spool/squid/a 10000 16 256
cache_dir aufs /var/spool/squid/b 10000 16 256
cache_dir aufs /var/spool/squid/c 10000 16 256
cache_dir aufs /var/spool/squid/d 10000 16 256
cache_dir aufs /var/spool/squid/e 10000 16 256
cache_effective_user proxy
cache_effective_group proxy
ftp_user [email protected]
#===================================================================#
# LOG DOS ACESSOS PELO CACHE PARA USO COM SARG
#===================================================================#
access_log /var/log/squid/access.log
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
server_persistent_connections off
zph_mode tos
zph_local 0x30
#===================================================================#
# PUBLICIDADE MSN / GENERICO / MALWARES
#===================================================================#
acl ADSAdClient url_regex ADSAdClient31.dll
http_access deny ADSAdClient
deny_info http://192.168.10.250/banners/banner_msn.html ADSAdClient
#acl publicidade dstdomain url_regex -i "/etc/squid/publicidade.lst"
#http_access deny publicidade
#deny_info http://www.seudominioxx.com.br/publi.../generico.html publicidade
#acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt"
#http_access deny malware_block_list
#deny_info http://www.seudominioxx.com.br/avisos/perigo.html malware_block_list
#===================================================================#
# THUNDERCACHE 3.X - REGEX
#===================================================================#
acl thunder_lst url_regex -i "/etc/thunder/thunder.lst"
cache deny thunder_lst
cache_peer 192.168.10.250 parent 8080 0 proxy-only no-digest
dead_peer_timeout 2 seconds
cache_peer_access 192.168.10.250 allow thunder_lst
cache_peer_access 192.168.10.250 deny all
continua...
continuando resultados...
Citação:
Postado originalmente por
m4d3
Obrigado pelo review, se puder responder as questões abaixo talvez possamos te ajudar:
Qual a distribuição do linux e plataforma (32 ou 64bits) ?
Qual a versão anterior e atual do thunder?
Poste suas configurações do squid.conf, thunder.conf e o que mais julgar necessário.
Rode o comando 'free' e plublique o resultado.
Rode o comando 'df -h' e publique o resultado.
Abraço
/root$ free
total used free shared buffers cached
Mem: 3623168 3496464 126704 0 139800 451556
-/+ buffers/cache: 2905108 718060
Swap: 2650684 668 2650016
/root$ df -h
Sist. Arq. Tam Usad Disp Uso% Montado em
/dev/sda1 686G 28G 623G 5% /
tmpfs 1,8G 0 1,8G 0% /lib/init/rw
udev 10M 680K 9,4M 7% /dev
tmpfs 1,8G 0 1,8G 0% /dev/shm
/etc/resolv.conf
nameserver 192.168.10.253
/etc/thunder/thunder.lst
http.*\.4shared\.com.*(\.exe|\.iso|\.torrent|\.zip|\.rar|\.pdf|\.doc|\.tar|\.mp3|\.mp4|\.avi|\.wmv)
http.*\.avast\.com.*(\.def|\.vpu|\.vpaa|\.stamp)
http.*(\.avg\.com|\.grisoft\.com|\.grisoft\.cz).*(\.bin|\.exe)
http.*(\.avgate\.com|\.avgate\.net|\.freeav\.net|\.freeav\.com).*(\.dll\.gz|\.vdf\.gz)
http.*\.bitgravity\.com.*\.flv
http.*\.dailymotion\.com.*(\.flv|\.on2)
#http.*\.eset\.com.*\
http.*\.etrustdownloads\.ca\.com.*\(\.tar|\.zip|\.exe)
http.*flashvideo\.globo\.com.*(\.mp4|\.flv)
http.*\.googlevideo\.com.*videoplayback
http.*fpatch\.grandchase\.com\.br.*(\.kom|\.mkom|\.mp3)
http.*(\.kaspersky-labs\.com|\.geo\.kaspersky\.com).*\.avc
http.*\.mccont\.com.*\.flv
http.*\.mediafire\.com.*(\.exe|\.iso|\.torrent|\.zip|\.rar|\.pdf|\.doc|\.tar|\.mp3|\.mp4|\.avi|\.wmv)
http.*\.megaupload\.com.*(\.exe|\.iso|\.torrent|\.zip|\.rar|\.pdf|\.doc|\.tar|\.mp3|\.mp4|\.avi|\.wmv)
http.*\.megavideo\.com.*\.flv
http.*\.metacafe\.com.*\.flv
http.*(\.windowsupdate\.com|\.microsoft\.com).*(\.cab|\.exe)
#http.*\.nai\.com.*\
http.*\.orkut\.com.*\.jpg
#http.*\.pop6\.com.*\
http.*\.pornhub\.com.*\.flv
http.*\.pornotube\.com.*\.flv
http.*\.rapidshare\.com.*(\.exe|\.iso|\.torrent|\.zip|\.rar|\.pdf|\.doc|\.tar|\.mp3|\.mp4|\.avi|\.wmv)
http.*\.redtube\.com\/_videos.*flv
#http.*\.symantecliveupdate\.com.*\
http.*\.terra\.com.*\.flv
http.*media[a-z0-9]{2}\.tube8\.com.*.*\.flv
http.*\storage\.mais\.uol\.com\.br.*\.flv
http.*\.viddler\.com.*\.flv
http.*\.video\.msn\.com.*\.flv
http.*\.vimeo\.com.*\.flv
#http.*\.xpg\.com\.br.*\
http.*\.xtube\.com.*\.flv
http.*\.xvideos\.com.*\.flv
http.*\.youtube\.com.*videoplayback
http.*\.ziddu\.com.*(\.exe|\.iso|\.torrent|\.zip|\.rar|\.pdf|\.doc|\.tar|\.mp3|\.mp4|\.avi|\.wmv)
#http.*\.ytimg\.com.*\.jpg
/etc/thunder/thunder.conf
# PARAMETROS PARA O THUNDER
CACHEDIR /thunder/
PLUGINSDIR /etc/thunder/plugins/
# keep downloading when client stop download
# KEEPDOWNLOAD true
#
# For reasons of security it is recommended to run a proxy program
# without root rights. It is recommended to create user that is not
# used by any other program.
#
# Default:
# USER root
# GROUP root
# If this is true thunder is running as daemon in background.
# For testing you may run thunder at your text console.
#
# Default:
# DAEMON true
#
# Process id (PID) of the main thunder process is written to this file.
# Be sure that it is writeable by the user under which HAVP is running.
# /etc/init.d/thunder script requires this to work.
#
# Default:
# PIDFILE /var/run/thunder/thunder.pid
#
# For performance reasons several instances of thunder have to run.
# Specify how many servers (child processes) are simultaneously
# listening on port PORT for a connection. Minimum value should be
# the peak requests-per-second expected + 5 for headroom. For best
# performance, you should have atleast 1 CPU core per 16 processes.
#
# For single user home use, 8 should be minimum.
# For 500+ users corporate use, start at 40.
#
# Value can and should be higher than recommended. Memory and
# CPU usage is only affected by the number of concurrent requests.
#
# More childs are automatically created when needed, up to MAXSERVERS.
#
# Default:
# SERVERNUMBER 8
# MAXSERVERS 100
#
# Files where to log requests and info/errors.
# Needs to have write permission for thunder user.
#
# Default:
# ACCESSLOG /var/log/thunder/access.log
# ERRORLOG /var/log/thunder/thunder.log
#
# Syslog can be used instead of logging to file.
# For facilities and levels, see "man syslog".
#
# Default:
# USESYSLOG false
# SYSLOGNAME thunder
# SYSLOGFACILITY daemon
# SYSLOGLEVEL info
# SYSLOGVIRUSLEVEL warning
#
# true: Log every request to access log
# false: Log only viruses to access log
#
# Default:
# LOG_OKS true
#
# Level of thunder logging
# 0 = Only serious errors and information
# 1 = Less interesting information is included
#
# Default:
# LOGLEVEL 0
# thunder reloads scanners virus database by receiving a signal
# (send SIGHUP to PID from PIDFILE, see "man kill") or after
# a specified period of time. Specify here the number of
# minutes to wait for reloading.
#
# This only affects library scanners (clamlib, trophie).
# Other scanners must be updated manually.
#
# Default:
# DBRELOAD 60
#
# Run thunder as transparent Proxy?
#
# If you don't know what this means read the mini-howto
# TransparentProxy written by Daniel Kiracofe.
# (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html)
# Definitely you have more to do than setting this to true.
# You are warned!
#
# Default:
# TRANSPARENT false
#
# Specify a parent proxy (e.g. Squid) thunder should use.
#
# Default: NONE
# PARENTPROXY localhost
# PARENTPORT 3128
#
# Write X-Forwarded-For: to log instead of connecters IP?
#
# If thunder is used as parent proxy by some other proxy, this allows
# to write the real users IP to log, instead of proxy IP.
#
# Default:
# FORWARDED_IP false
#
# Send X-Forwarded-For: header to servers?
#
# If client sent this header, FORWARDED_IP setting defines the value,
# then it is passed on. You might want to keep this disabled for security
# reasons. Enable this if you use your own parent proxy after thunder, so it
# will see the original client IP.
#
# Disabling this also disables Via: header generation.
#
# Default:
# X_FORWARDED_FOR false
#
# Port thunder is listening on.
#
# Default:
PORT 8080
#
# IP address that thunder listens on.
# Let it be undefined to bind all addresses.
#
# Default: NONE
# BIND_ADDRESS 127.0.0.1
#
# IP address used for sending outbound packets.
# Let it be undefined if you want OS to handle right address.
#
# Default: NONE
# SOURCE_ADDRESS 1.2.3.4
Atenciosamente,