- 追加された行はこのように表示されます。
- 削除された行は
このように表示されます。
!Free-BSD で squid の時のメモ
*https://trafficserver.apache.org/
/usr/ports/www/squid で make install
/etc/rc.conf に
squid_enable="YES"
を追加。
/usr/local/etc/squid/squid.conf
に
#
acl localnet src 192.168.12.0/24
acl localhost src 192.168.12.0/24
#
# cache_dir ufs /var/squid/cache/squid 2000 16 256
cache_dir diskd /home/squid/spool/squid 1024 64 256
#
pid_filename /var/run/squid/squid.pid
#
を追加
キャシュディレクトリの作成
chown -R squid:squid /var/squid
mkdir -p /home/squid/spool/squid
chown -R /home/squid/
/usr/local/sbin/squid -z
/usr/local/etc/rc.d/squid start
! ログのローテーション
% squid -k rotate
% crontab -l
0 3 * * * /usr/local/sbin/squid -k rotate
( 月1の場合)
0 3 1 * * /usr/local/sbin/squid -k rotate
! command option
/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf -k check
/usr/local/sbin/squid -k reconfigure
! 緊急停止
pkill -f 'squid'
! 動作確認
http_proxy=http://uuu:ppp@192.xx.yy.zz:8080 https_proxy=http://uuu:ppp@192.xx.yy.zz:8080 wget -d http://wx.qq.com
uuu // proxy_username
ppp // proxy_password
! free-bsd sysctl
https://calomel.org/freebsd_network_tuning.html
! WindowsXPで、WindowsUpdateができない
WindowsXPにSP2を適用以後、WindowsUpdateができなくなる場合があります。
これは、SP2にて WindowsUpdateが使っている転送プログラム(BITS)が更新され、
これがIEで指定されているプロキシの情報を使っていないために、直接、
インターネットにアクセスしようとするために発生します。
BITSにプロキシを認識させるためには、IEの設定を引き継ぐために
C:\>proxycfg -u
とするか、または直接設定として
C:\>proxycfg -d -p PTOXY-SERVER1:PORT BYPASS-ADDRESS
(例、proxycfg -d -p proxy.robata.org:8080 127.0.0.1,*.robata.org)を実行すると良いでしょう。
! 参考
http://squid.robata.org/build_hierarchy.html
!squid のcache のリロード
/usr/local/sbin/squidclient -p 3128 -rs http://foo.bar.domain.xx/hoge.html
--helpにて help
!squid のcache の削除
/usr/local/sbin/squidclient -p 3128 -m PURGE -h 127.0.0.1 http://foo.bar.domain.xx/hoge.html
grep SWAP /home/squid/logs/access.log | awk '{print $7}' | sort | uniq -c | sort -nr
!squidclient
squidclient -h localhost -p 3128 mgr:60min
squidclient -h localhost -p 3128 mgr:5min
squidclient -h localhost -p 3128 mgr:info
squidclient -h localhost -p 3128 mgr:mem
##
# squidclient -h 127.0.0.1 -p 8080 mgr:info
!cache dir build
#!/bin/sh
/usr/local/etc/rc.d/squid status
/usr/local/etc/rc.d/squid stop
sync
sleep 10
# /usr/local/sbin/squid -Z
/usr/local/sbin/squid -z
sync
sleep 10
/usr/local/etc/rc.d/squid start
/usr/local/etc/rc.d/squid status
----
!squid.conf
## https のセッション を稼ぐ
client_persistent_connections off
server_persistent_connections off
## IPv4 を優先
dns_v4_first on
#
request_body_max_size 0 KB
# dns_nameservers 127.0.0.1
#
!参考
https://www.l2tp.org/archives/165
! log のパラメータを追加
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %tl
https://www.robata.org/docs/squid/faq_6.html
----
!cache のパラメータ サンプル
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 ignore-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 ignore-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 ignore-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320
ネタ元
http://www.itmedia.co.jp/enterprise/articles/0812/01/news024.html
squid3
# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \.(ico|video-stats)$ 129600 100% 129600 override-expire ignore reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate
refresh_pattern imeem.*\.flv$ 0 0% 0 override-lastmod override-expire
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate
refresh_pattern ^.*safebrowsing.*google 129600 100% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 100% 129600 override-expire ignore-reload ignore-private
refresh_pattern ytimg\.com.*\.jpg 129600 100% 129600 override-expire ignore-reload
refresh_pattern images\.friendster\.com.*\.(png|gif) 129600 100% 129600 override-expire ignore-reload
refresh_pattern garena\.com 129600 100% 129600 override-expire reload-into-ims
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600 override-expire ignore-reload
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 129600 100% 129600 ignore-no-cache override-expire override-lastmod
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600 reload-into-ims override-expire ignore-private
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 129600 100% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 129600 100% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire
# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin) 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern (avgate|avira).*(idx|gz)$ 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern kaspersky.*\.avc$ 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern kaspersky 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims
#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store
#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store
#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store ignore-auth
refresh_pattern -i ^http://(khm?)([^/]*?)\.google\.(de|com) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern -i ^http://ecn\.t\d\.tiles\.virtualearth\.net/tiles/\w*\.jpeg 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
!freebsdのsysctl
# /etc/sysctl.conf
kern.maxfiles=16384
kern.maxfilesperproc=14745
kern.ipc.somaxconn=4096
kern.ipc.maxsockbuf=1048576
# net.inet.tcp.msl=5000
net.inet.tcp.msl=10000
net.inet.tcp.sendspace=524280
net.inet.tcp.recvspace=524280
net.inet.udp.recvspace=524280
# # scale factor of 16 [65535*2^4 1048560]
# # scale factor of 8 [65535*2^3 524280]
# # scale factor of 4 [65535*2^2 262140]
# # scale factor of 2 [65535*2^1 131070]
# # scale factor of 0 [65535]
#
###################################
# TIME_WAIT = 10sec
# net.inet.tcp.msl=5000
###################################
#
###################################
# net.inet.tcp.rfc1323=1
# net.inet.tcp.delayed_ack=0
# net.local.stream.recvspace=65535
# net.local.stream.sendspace=65535
net.inet.tcp.rfc1323=1
net.inet.tcp.delayed_ack=0
net.local.stream.recvspace=131070
net.local.stream.sendspace=131070
###################################
kern.ipc.nmbclusters=262144
kern.ipc.maxsockets=204800
#
net.inet.icmp.icmplim=350
###################################
kern.ipc.msgmnb=8192
kern.ipc.msgssz=64
kern.ipc.msgtql=2048
###################################
net.graph.maxdata=65536
net.graph.maxalloc=65536
###################################
** FreeBSD で は、スロースタートフライトサイズを net.inet.tcp.slowstart_flightsize sysctl で増やすことの方が、遅延確認応答をオフにするより、利益があるでしょ う。
net.inet.tcp.inflight.enable sysctl は、すべての TCP コネクションに対し、 バンド幅と遅延の積による制限を適用します。システムは、各コネクションに対 してバンド幅と遅延の積を計算し
https://kaworu.jpn.org/doc/FreeBSD/jman/man7/tuning.7.php
! SSL bump
https://help.kaspersky.com/KWTS/6.0/ja-JP/166244.htm
https://help.kaspersky.com/KWTS/6.0/ja-JP/166244.htm
https://www.websense.com/content/support/library/web/v773/wcg_help/squid.aspx
https://qiita.com/tosier/items/30297afb6ffbd4567eb5
https://www.websense.com/content/support/library/web/v773/wcg_help/squid.aspx
https://calomel.org/freebsd_network_tuning.html
! sysctl check
# squidclient mgr:info | grep 'file descri'
Maximum number of file descriptors: 350271
Available number of file descriptors: 350171
Reserved number of file descriptors: 100
!trafic_server
*https://trafficserver.apache.org/