Squid2 発 Cacheboy 経由 Lusca 行き その2

FreeBSD ports

のろのろと書き直し中

前回の続き。make configで有効にしているのは

[X] SQUID_COSS           Enable the COSS storage scheme
[X] SQUID_KQUEUE         Use kqueue(2) instead of poll(2)

この2つだけ。kqueueとcossは使わなにゃソンです。他にはports.conf中で

SQUID_DEFAULT_LANG=Japanese | SQUID_LANGUAGES=Japanese \
| SQUID_CONFIGURE_ARGS= --with-maxfd="2048" --disable-unlinkd

と、デフォルトのエラーメッセージに日本語を選択、ファイルディスクリプタを2048、unlinkdはdiskdとcossを使っていると全然使われていないようなのでoffに。
ただし、ファイルディスクリプタは設定しても有効になってないです。たぶんバグ。squid.conf中でmax_filedescriptorsを設定してもさっぱり効かないので。

あとはsquid.conf。squid 2.7系でもそのまま流用可能なはず。2.6系、3系はそのままではダメです。3系にはcossが無いし2.6系にはtcpkeepaliveとかaccept_filterが無いはず。

http_port 192.168.0.1:8080 http11 tcpkeepalive
icp_port 0
ipcache_size 1500
fqdncache_size 320
accept_filter httpready
tcp_recv_bufsize 262144 bytes
zero_buffers off
memory_pools off
request_header_max_size 32 KB
reply_header_max_size 32 KB
coredump_dir none
dns_retransmit_interval 3 seconds
dns_timeout 30 seconds
dns_nameservers 192.168.0.1 208.67.222.222 208.67.220.220

cache_mem 16 MB
maximum_object_size_in_memory 64 KB
memory_replacement_policy heap GDSF

cache_effective_user squid
cache_effective_group squid
cache_replacement_policy heap LFUDA
cache_dir coss /usr/local/squid/cache/coss.1 250 block-size=8192 max-size=262144
cache_dir diskd /usr/local/squid/cache 500 16 256 min-size=262145 max-size=3145728
maximum_object_size 3 MB

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.0.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 81       # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 1025-65535  # unregistered ports
acl CONNECT method CONNECT
acl blacklist url_regex -i "/usr/local/etc/squid/blacklist"

http_access deny blacklist
http_access allow manager localhost
http_access allow localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all

header_access X-Forwarded-For deny all
header_access Via deny all
header_access Cache-Control deny all

acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

refresh_pattern -i \.(gif|png|jpe?g|tif?f|bmp)$	14400	100%	10080	ignore-no-cache ignore-private reload-into-ims ignore-reload
refresh_pattern -i \.(class|swf|pdf|flv|jar)$	14400	100%	10080	ignore-no-cache ignore-private reload-into-ims ignore-reload
refresh_pattern -i \.(js|css)$			14400	100%	10080
refresh_pattern -i \.(mpe?g|avi|ra?m|wmv|mov|mp4)$	0	0%	0
refresh_pattern -i \.(wav|mp3|mid)$		0	0%	0
refresh_pattern -i \.(zip|exe|lzh|rar|cab|dll)$	0	0%	0
refresh_pattern -i \.(gz|bz2|tgz|tbz|7z|gca|dgc)$	0	0%	0
refresh_pattern -i \.(xpi)$	0	0%	0
refresh_pattern .				3	20%	60

logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log daemon:/usr/local/squid/logs/access.log combined
cache_store_log none
cache_swap_state /usr/local/squid/logs/%s
cache_log /usr/local/squid/logs/cache.log
pid_filename /var/run/squid/squid.pid
logfile_rotate 0

#url_rewrite_program /usr/local/libexec/adzap
#url_rewrite_children 6

shutdown_lifetime 5 seconds

update_headers off

久しぶりにsquid.conf.default見たらなんか増えてたし後で書きなおすかも?
参考 Squidの更新パターンでインターネットアクセスを高速化する - SourceForge.JP Magazineただしsquid3系なので、squid2系のCacheboy/Luscaではそのままではダメな部分も。