LN-squid
Linux の squid
ファイルディスクリプターが足りない
# squidclient -h 127.0.0.1 -p 8080 mgr:info | grep descri File descriptor usage for squid: Maximum number of file descriptors: 1024 Available number of file descriptors: 296 Reserved number of file descriptors: 100
コンフィグの修正
vi /etc/squid/squid.conf # max_filedesc 1024 max_filedesc 2048 ## ← 修正
client_persistent_connections off server_persistent_connections off
# vi /etc/rc.d/init.d/squid ulimit -HSn 2048 ## ← 追加 6行目あたり
## config-check # /usr/sbin/squid -k check
動作確認
# squidclient -h 127.0.0.1 -p 8080 mgr:info | grep descri File descriptor usage for squid: Maximum number of file descriptors: 4096 Available number of file descriptors: 4021 Reserved number of file descriptors: 100
====
port が開かない
# http_port 3128 ## ORIGNAL http_port 192.168.54.101:3128
Kernel tuning
sysctl net.ipv4.tcp_fin_timeout=30 sysctl net.ipv4.tcp_max_syn_backlog=4096 sysctl net.core.somaxconn=4096 sysctl net.core.netdev_max_backlog=4096 sysctl net.core.netdev_max_backlog=360000 sysctl net.ipv4.tcp_tw_reuse=1
log のフォーマットを変更する
https://nwengblog.com/squidlog/
SSLBump
https://help.kaspersky.com/KWTS/6.0/ja-JP/166244.htm
https://webnetforce.net/squid-ssl-bump/