Squid Package Tuning

From PFSenseDocs

Performance Tweaks

Some users have reported that making the following change has greatly increased performance:

Edit /boot/loader.conf
Change kern.ipc.nmbclusters="0" to kern.ipc.nmbclusters="32768"
Reboot the pfSense router

Compact swap.state

Squid will keep a cache index journal called swap.state in the top level of the squid cache folder, typically /var/squid/cache. This file can grow very large and consume all of your hard drive space if you are not careful. To ensure this does not happen, set a "log rotate" value in the squid configuration.

By setting a number of days to retain the logs, the squid package will activate a nightly cron job which runs:

squid -k rotate

Part of this rotation process includes compacting the swap.state file, keeping it from getting too large.

If you notice this file is too large and you remove it, you may do so while squid is running. After the file is removed, run:

squid -k rotate

This will cause it to be written out again (but compacted). Alternately, you can tell squid to perform a clean shutdown with

squid -k shutdown

This will also write the swap.state file out again, but squid will stop after this and must be restarted, so it is a less desriable option.

If you remove the swap.state file while squid is not running, it will have to completely rescan your cache folder to rebuild it once squid is started back up. This can be a lengthy and time consuming process. It may be better to remove the contents of the existing cache folder, and rebuild the structure again by running:

squid -z

See the Squid FAQ entry for more details.

Random Tips/Tricks

**WARNING**
There could be any number of reasons not to do the following things. Be careful, and test any changes.

Caching Windows Updates

**WARNING**
These settings could break things, but when it works it works beautifully!

If you have a bunch of local PCs that need Windows Updates, but you do not/cannot have a WSUS server, squid can cache them for you.

On the General Settings tab of the squid config (Services > Proxy Server), place the following in the Custom Options box at the bottom:

refresh_pattern windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims;
refresh_pattern download.microsoft.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims;
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims;
range_offset_limit -1;

Click save
On the Cache Management tab of the Squid config:
- Change Hard Disk Cache size to something large, say 3000 or 4000 (3GB or 4GB), to accommodate the updates.
- Change the Maximum object size to something big, such as 512000 for 512MB. Going bigger may be needed if any updates larger than that size are released.
Click Save

Caching AVG Updates

As above, but add this before the other options. The same warnings apply:

 refresh_pattern guru.avg.com/.*\.(bin) 4320 100% 43200 reload-into-ims;

Parent proxy

Setting parent proxy available at the 'Proxy server: Upstream proxy settings' tab. In most cases, these settings are working, if the parent proxy also squid. If you want to use a parent proxy another server (not squid), it is necessary to disable 'Upstream proxy settings', and use the' Custom options' in the 'Proxy server: General settings' tab. For example for use as a parent proxy installed package HAVP need to add the line 'cache_peer 127.0.0.1 parent 3121 7 no-query' (Here havp configured to use the ip 127.0.0.1 port 3121).

More about Squid & Havp see HERE.

Search

Personal tools

Views

Navigation

Toolbox