Como Melhorar o Desempenho ??

[igoiglesias]

Olá Amigos,

será que vcs poderiam me dar uma ajudinha para melhora o desempenho(performace) de meu servidor de Proxy/Cache ??
Estou começando com um provedor de internet aqui onde moro e estou precisando muito desse servidor!!

ele tem:
1GB de Memoria DDR2
Processador AMD Sempron 1.6Ghz
Hd de 160GB
1 placa rede (trabalha em paralelo com o Mikrotik)

o Squid.conf que eu uso é esse ai

Código :

http_port 3128 transparent
#icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 100 MB
maximum_object_size_in_memory 256 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 80
cache_swap_high 85
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_dir ufs /var/spool/squid 100000 16 256
cache_access_log /var/log/squid/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
dns_nameservers 8.8.4.4
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
 
http_access allow localhost
http_access allow all
http_reply_access allow all
icp_access allow all
 
refresh_pattern -i \.jpg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.gif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.png$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.jpeg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.bmp$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tiff$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.swf$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.exe$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.php$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.html$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.htm$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtml$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtm$ 0 20% 1440 reload-into-ims
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
 
#Cache windowsupdate ( Faz cache do Windows Update ) ##
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern [URL="http://www.download.microsoft.com/.*/.%28cab%7Cexe%7Cdll%7Cmsi%29"]www.download.microsoft.com/.*\.(cab|exe|dll|msi)[/URL] 10080 100% 43200 reload-into-ims
refresh_pattern [URL="http://www.microsoft.com/.*/.%28cab%7Cexe%7Cdll%7Cmsi%29"]www.microsoft.com/.*\.(cab|exe|dll|msi)[/URL] 10080 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims
refresh_pattern download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims
refresh_pattern [URL="http://www.download.windowsupdate.com/.*/.%28cab%7Cexe%7Cdll%7Cmsi%29"]www.download.windowsupdate.com/.*\.(cab|exe|dll|msi)[/URL] 4320 100% 43200 reload-into-ims
 
#Cache atulizacao avira ( Faz cache do Avira ) ##
refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims
 
#Cache atualizacao symantec
refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
 
#Cache avast
refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims
 
#zph_tos_local 0x30
#zph_tos_peer 0
#zph_tos_parent off
#zph_preserve_miss_tos on
 
#mime_table /etc/squid/mime.conf
pid_filename /var/run/proxy.pid
debug_options ALL,1
log_fqdn off
 
forwarded_for off
error_directory /usr/share/squid/errors/Portuguese
coredump_dir /var/cache/squid
detect_broken_pconn on
pipeline_prefetch on

des de já, muito obrigado !!

[icebox]

Boas
não sei o numero de clientes que v c têm
mas acho que esse cpu Sempron para proxy fraquinho

a proxy usa bastante memoria
tenta arrumar uns 4 GB de ram

seria bom vc ter um hd so para o sistema
e um outro hd so para cache -- performance muito melhor

e no cache_dir usa a opção diskd


Abraços

[igoiglesias]

tenho por enquanto 30 clientes

e no cache_dir ja mudei para aufs

[Não Registrado(s)]

Bom dia,

Possuo um squid configurado no iptables, porem o Avira antivir nao faz update, ja liberei o PREROUTING e ainda não permite atualizar:

$IPTABLES -t nat -A PREROUTING -i $IF_TEC -p tcp -d 62.146.66.0/24 --dport $HTTP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $IF_TEC -p tcp -d 80.190.143.0/24 --dport $HTTP -j ACCEPT

Com o tcpdump:
12:15:02.252562 IP 192.168.0.80.1121 > 62.146.66.188.www: Flags [.], ack 1, win 64240, length 0
12:15:02.252799 IP 192.168.0.80.1121 > 62.146.66.188.www: Flags [P.], seq 1:374, ack 1, win 64240, length 373
12:15:02.252819 IP 62.146.66.188.www > 192.168.0.80.1121: Flags [.], ack 374, win 6432, length 0
12:15:02.283447 IP 80.190.143.243.www > 192.168.0.80.1120: Flags [.], ack 375, win 6432, length 0

Se alguem souber como resolver, por favor poste.

Vlw!