FB-SQUID
Free-BSD で squid の時のメモ
/usr/ports/www/squid で make install /etc/rc.conf に squid_enable="YES" を追加。 /usr/local/etc/squid/squid.conf に # acl localnet src 192.168.12.0/24 acl localhost src 192.168.12.0/24 # # cache_dir ufs /var/squid/cache/squid 2000 16 256 cache_dir diskd /home/squid/spool/squid 1024 64 256 # pid_filename /var/run/squid/squid.pid # を追加 キャシュディレクトリの作成 chown -R squid:squid /var/squid mkdir -p /home/squid/spool/squid chown -R /home/squid/ /usr/local/sbin/squid -z /usr/local/etc/rc.d/squid start
ログのローテーション
% squid -k rotate % crontab -l 0 3 * * * /usr/local/sbin/squid -k rotate ( 月1の場合) 0 3 1 * * /usr/local/sbin/squid -k rotate
command option
/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf -k check /usr/local/sbin/squid -k reconfigure
緊急停止
pkill -f 'squid'
動作確認
http_proxy=http://uuu:ppp@192.xx.yy.zz:8080 https_proxy=http://uuu:ppp@192.xx.yy.zz:8080 wget -d http://wx.qq.com uuu // proxy_username ppp // proxy_password
free-bsd sysctl
https://calomel.org/freebsd_network_tuning.html
WindowsXPで、WindowsUpdateができない
WindowsXPにSP2を適用以後、WindowsUpdateができなくなる場合があります。 これは、SP2にて WindowsUpdateが使っている転送プログラム(BITS)が更新され、 これがIEで指定されているプロキシの情報を使っていないために、直接、 インターネットにアクセスしようとするために発生します。 BITSにプロキシを認識させるためには、IEの設定を引き継ぐために C:\>proxycfg -u とするか、または直接設定として C:\>proxycfg -d -p PTOXY-SERVER1:PORT BYPASS-ADDRESS (例、proxycfg -d -p proxy.robata.org:8080 127.0.0.1,*.robata.org)を実行すると良いでしょう。
参考
http://squid.robata.org/build_hierarchy.html
squid のcache のリロード
/usr/local/sbin/squidclient -p 3128 -rs http://foo.bar.domain.xx/hoge.html --helpにて help
squid のcache の削除
/usr/local/sbin/squidclient -p 3128 -m PURGE -h 127.0.0.1 http://foo.bar.domain.xx/hoge.html
grep SWAP /home/squid/logs/access.log | awk '{print $7}' | sort | uniq -c | sort -nr
squidclient
squidclient -h localhost -p 3128 mgr:60min squidclient -h localhost -p 3128 mgr:5min squidclient -h localhost -p 3128 mgr:info squidclient -h localhost -p 3128 mgr:mem ## # squidclient -h 127.0.0.1 -p 8080 mgr:info
cache dir build
#!/bin/sh /usr/local/etc/rc.d/squid status /usr/local/etc/rc.d/squid stop sync sleep 10 # /usr/local/sbin/squid -Z /usr/local/sbin/squid -z sync sleep 10 /usr/local/etc/rc.d/squid start /usr/local/etc/rc.d/squid status
squid.conf
## https のセッション を稼ぐ client_persistent_connections off server_persistent_connections off ## IPv4 を優先 dns_v4_first on # request_body_max_size 0 KB # dns_nameservers 127.0.0.1 #
参考
https://www.l2tp.org/archives/165
log のパラメータを追加
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %tl
https://www.robata.org/docs/squid/faq_6.html
cache のパラメータ サンプル
refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 ignore-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 ignore-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 ignore-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.index.(html|htm)$ 0 40% 10080 refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320 refresh_pattern . 0 40% 40320
ネタ元http://www.itmedia.co.jp/enterprise/articles/0812/01/news024.html
squid3 # 1 year = 525600 mins, 1 month = 43800 mins refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern \.(ico|video-stats)$ 129600 100% 129600 override-expire ignore reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate refresh_pattern imeem.*\.flv$ 0 0% 0 override-lastmod override-expire refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 129600 20% 129600 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate refresh_pattern ^.*safebrowsing.*google 129600 100% 129600 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 129600 100% 129600 override-expire ignore-reload ignore-private refresh_pattern ytimg\.com.*\.jpg 129600 100% 129600 override-expire ignore-reload refresh_pattern images\.friendster\.com.*\.(png|gif) 129600 100% 129600 override-expire ignore-reload refresh_pattern garena\.com 129600 100% 129600 override-expire reload-into-ims refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600 override-expire ignore-reload refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 129600 100% 129600 ignore-no-cache override-expire override-lastmod refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 129600 100% 129600 reload-into-ims override-expire ignore-private refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 129600 100% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire refresh_pattern ^http:\/\/www.onemanga.com.*\/ 129600 100% 129600 reload-into-ims ignore-no-cache ignore-no-store ignore-reload override-expire # ANTI VIRUS refresh_pattern guru.avg.com/.*\.(bin) 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims refresh_pattern (avgate|avira).*(idx|gz)$ 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims refresh_pattern kaspersky.*\.avc$ 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims refresh_pattern kaspersky 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims refresh_pattern update.nai.com/.*\.(gem|zip|mcs) 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip) 43200 100% 43200 ignore-no-cache ignore-no-store ignore-reload reload-into-ims refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims refresh_pattern update.microsoft.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 100% 129600 ignore-no-cache ignore-no-store ignore-reload reload-into-ims #images facebook refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 129600 100% 129600 ignore-reload override-expire ignore-no-cache ignore-no-store #banner IIX refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 129600 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/ 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store refresh_pattern ^http:\/\/img.ads.kompas.com.*\/ 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store refresh_pattern ^http:\/\/openx.kompas.com.*\/ 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store #IIX DOWNLOAD refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 43200 100% 129600 reload-into-ims ignore-reload override-expire ignore-no-cache ignore-no-store ignore-auth refresh_pattern -i ^http://(khm?)([^/]*?)\.google\.(de|com) 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload refresh_pattern -i ^http://ecn\.t\d\.tiles\.virtualearth\.net/tiles/\w*\.jpeg 129600 100% 129600 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
freebsdのsysctl
# /etc/sysctl.conf kern.maxfiles=16384 kern.maxfilesperproc=14745 kern.ipc.somaxconn=4096 kern.ipc.maxsockbuf=1048576 # net.inet.tcp.msl=5000 net.inet.tcp.msl=10000 net.inet.tcp.sendspace=524280 net.inet.tcp.recvspace=524280 net.inet.udp.recvspace=524280 # # scale factor of 16 [65535*2^4 1048560] # # scale factor of 8 [65535*2^3 524280] # # scale factor of 4 [65535*2^2 262140] # # scale factor of 2 [65535*2^1 131070] # # scale factor of 0 [65535] # ################################### # TIME_WAIT = 10sec # net.inet.tcp.msl=5000 ################################### # ################################### # net.inet.tcp.rfc1323=1 # net.inet.tcp.delayed_ack=0 # net.local.stream.recvspace=65535 # net.local.stream.sendspace=65535 net.inet.tcp.rfc1323=1 net.inet.tcp.delayed_ack=0 net.local.stream.recvspace=131070 net.local.stream.sendspace=131070 ################################### kern.ipc.nmbclusters=262144 kern.ipc.maxsockets=204800 # net.inet.icmp.icmplim=350 ################################### kern.ipc.msgmnb=8192 kern.ipc.msgssz=64 kern.ipc.msgtql=2048 ################################### net.graph.maxdata=65536 net.graph.maxalloc=65536 ###################################
** FreeBSD で は、スロースタートフライトサイズを net.inet.tcp.slowstart_flightsize sysctl で増やすことの方が、遅延確認応答をオフにするより、利益があるでしょ う。 net.inet.tcp.inflight.enable sysctl は、すべての TCP コネクションに対し、 バンド幅と遅延の積による制限を適用します。システムは、各コネクションに対 してバンド幅と遅延の積を計算し
https://kaworu.jpn.org/doc/FreeBSD/jman/man7/tuning.7.php
SSL bump
https://help.kaspersky.com/KWTS/6.0/ja-JP/166244.htm
https://help.kaspersky.com/KWTS/6.0/ja-JP/166244.htm
https://www.websense.com/content/support/library/web/v773/wcg_help/squid.aspx
https://qiita.com/tosier/items/30297afb6ffbd4567eb5
https://www.websense.com/content/support/library/web/v773/wcg_help/squid.aspx
https://calomel.org/freebsd_network_tuning.html
sysctl check
# squidclient mgr:info | grep 'file descri' Maximum number of file descriptors: 350271 Available number of file descriptors: 350171 Reserved number of file descriptors: 100