トップ 差分 一覧 ソース 検索 ヘルプ RSS ログイン

FB-SQUID

Free-BSD で squid の時のメモ

 /usr/ports/www/squid で make install
 /etc/rc.conf に
 squid_enable="YES"
 を追加。
 
 /usr/local/etc/squid/squid.conf
 に
# 
 acl localnet src 192.168.12.0/24
 acl localhost src 192.168.12.0/24
#
# cache_dir ufs /var/squid/cache/squid 2000 16 256
 cache_dir diskd /home/squid/spool/squid 1024 64 256
#
 pid_filename /var/run/squid/squid.pid
#
 を追加

 キャシュディレクトリの作成
 chown -R squid:squid /var/squid
 mkdir -p /home/squid/spool/squid
 chown -R /home/squid/
 /usr/local/sbin/squid -z

/usr/local/etc/rc.d/squid start
 

ログのローテーション

 % squid -k rotate
 % crontab -l 
 0 3 * * * /usr/local/sbin/squid -k rotate
 ( 月1の場合)
 0 3 1 * * /usr/local/sbin/squid -k rotate

command option

/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf -k check
/usr/local/sbin/squid -k reconfigure

緊急停止

pkill -f 'squid'

動作確認

http_proxy=http://uuu:ppp@192.xx.yy.zz:8080 https_proxy=http://uuu:ppp@192.xx.yy.zz:8080 wget -d http://wx.qq.com
uuu // proxy_username
ppp // proxy_password

free-bsd sysctl

https://calomel.org/freebsd_network_tuning.html

WindowsXPで、WindowsUpdateができない

WindowsXPにSP2を適用以後、WindowsUpdateができなくなる場合があります。
これは、SP2にて WindowsUpdateが使っている転送プログラム(BITS)が更新され、
これがIEで指定されているプロキシの情報を使っていないために、直接、
インターネットにアクセスしようとするために発生します。
BITSにプロキシを認識させるためには、IEの設定を引き継ぐために
C:\>proxycfg -u
とするか、または直接設定として
C:\>proxycfg -d -p PTOXY-SERVER1:PORT BYPASS-ADDRESS
(例、proxycfg -d -p proxy.robata.org:8080 127.0.0.1,*.robata.org)を実行すると良いでしょう。

参考

http://squid.robata.org/build_hierarchy.html

squid のcache のリロード

/usr/local/sbin/squidclient -p 3128 -rs http://foo.bar.domain.xx/hoge.html
--helpにて help

squid のcache の削除

/usr/local/sbin/squidclient -p 3128 -m PURGE -h 127.0.0.1 http://foo.bar.domain.xx/hoge.html
grep SWAP /home/squid/logs/access.log | awk '{print $7}' | sort | uniq -c | sort -nr

squidclient

squidclient -h localhost -p 3128 mgr:60min
squidclient -h localhost -p 3128 mgr:5min
squidclient -h localhost -p 3128 mgr:info
squidclient -h localhost -p 3128 mgr:mem
##
# squidclient -h 127.0.0.1 -p 8080 mgr:info

cache dir build

#!/bin/sh

/usr/local/etc/rc.d/squid status
/usr/local/etc/rc.d/squid stop
sync
sleep 10
# /usr/local/sbin/squid -Z
/usr/local/sbin/squid -z

sync
sleep 10
/usr/local/etc/rc.d/squid start

/usr/local/etc/rc.d/squid status

squid.conf

## https のセッション を稼ぐ
client_persistent_connections off
server_persistent_connections off
## IPv4 を優先
dns_v4_first on
#
request_body_max_size 0 KB
# dns_nameservers 127.0.0.1
#

参考

https://www.l2tp.org/archives/165

log のパラメータを追加

logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %tl

https://www.robata.org/docs/squid/faq_6.html


cache のパラメータ サンプル

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 ignore-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 ignore-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 ignore-expire ignore-no-cache ignore-no-store ignore-private 
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320

ネタ元http://www.itmedia.co.jp/enterprise/articles/0812/01/news024.html

squid3
# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \.(ico|video-stats)$ 129600 100% 129600 override-expire ignore reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate
refresh_pattern imeem.*\.flv$ 0 0% 0 override-lastmod override-expire
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate
refresh_pattern ^.*safebrowsing.*google 129600 100% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 100% 129600 override-expire ignore-reload ignore-private
refresh_pattern ytimg\.com.*\.jpg 129600 100% 129600 override-expire ignore-reload
refresh_pattern images\.friendster\.com.*\.(png|gif) 129600 100% 129600 override-expire ignore-reload
refresh_pattern garena\.com 129600 100% 129600 override-expire reload-into-ims
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600 override-expire ignore-reload
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 129600 100% 129600 ignore-no-cache override-expire override-lastmod
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600 reload-into-ims override-expire ignore-private
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 129600 100% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 129600 100% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire
# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin) 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern (avgate|avira).*(idx|gz)$ 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern kaspersky.*\.avc$ 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern kaspersky 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store ignore-auth
refresh_pattern -i ^http://(khm?)([^/]*?)\.google\.(de|com) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://ecn\.t\d\.tiles\.virtualearth\.net/tiles/\w*\.jpeg 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload

freebsdのsysctl

# /etc/sysctl.conf
kern.maxfiles=16384
kern.maxfilesperproc=14745
kern.ipc.somaxconn=4096
kern.ipc.maxsockbuf=1048576
# net.inet.tcp.msl=5000
net.inet.tcp.msl=10000 

net.inet.tcp.sendspace=524280
net.inet.tcp.recvspace=524280
net.inet.udp.recvspace=524280
# # scale factor of 16 [65535*2^4  1048560]
# # scale factor of  8 [65535*2^3   524280]
# # scale factor of  4 [65535*2^2   262140]
# # scale factor of  2 [65535*2^1   131070]
# # scale factor of  0 [65535]
#
###################################
# TIME_WAIT = 10sec
# net.inet.tcp.msl=5000
###################################
#
###################################
# net.inet.tcp.rfc1323=1
# net.inet.tcp.delayed_ack=0
# net.local.stream.recvspace=65535
# net.local.stream.sendspace=65535
net.inet.tcp.rfc1323=1
net.inet.tcp.delayed_ack=0
net.local.stream.recvspace=131070
net.local.stream.sendspace=131070
###################################
kern.ipc.nmbclusters=262144
kern.ipc.maxsockets=204800
#
net.inet.icmp.icmplim=350
###################################
        kern.ipc.msgmnb=8192
        kern.ipc.msgssz=64
        kern.ipc.msgtql=2048
###################################
        net.graph.maxdata=65536
        net.graph.maxalloc=65536
###################################
** FreeBSD で は、スロースタートフライトサイズを net.inet.tcp.slowstart_flightsize sysctl で増やすことの方が、遅延確認応答をオフにするより、利益があるでしょ う。
net.inet.tcp.inflight.enable sysctl は、すべての TCP コネクションに対し、 バンド幅と遅延の積による制限を適用します。システムは、各コネクションに対 してバンド幅と遅延の積を計算し

https://kaworu.jpn.org/doc/FreeBSD/jman/man7/tuning.7.php

SSL bump

https://help.kaspersky.com/KWTS/6.0/ja-JP/166244.htm

https://help.kaspersky.com/KWTS/6.0/ja-JP/166244.htm

https://www.websense.com/content/support/library/web/v773/wcg_help/squid.aspx

https://qiita.com/tosier/items/30297afb6ffbd4567eb5

https://www.websense.com/content/support/library/web/v773/wcg_help/squid.aspx

https://calomel.org/freebsd_network_tuning.html

sysctl check

# squidclient mgr:info | grep 'file descri'
       Maximum number of file descriptors:   350271
       Available number of file descriptors: 350171
       Reserved number of file descriptors:   100

trafic_server