!!Linux の squid

!ファイルディスクリプターが足りない

 # squidclient -h 127.0.0.1 -p 8080 mgr:info | grep descri
 File descriptor usage for squid:
        Maximum number of file descriptors:   1024
        Available number of file descriptors:  296
        Reserved number of file descriptors:   100

! コンフィグの修正
 vi /etc/squid/squid.conf
 
 # max_filedesc 1024
 max_filedesc 2048  ## ←  修正

 client_persistent_connections off
 server_persistent_connections off

 # vi /etc/rc.d/init.d/squid
 
 ulimit -HSn 2048   ## ←   追加 6行目あたり

 ## config-check
 # /usr/sbin/squid -k check

!動作確認
 # squidclient -h 127.0.0.1 -p 8080 mgr:info | grep descri
 File descriptor usage for squid:
        Maximum number of file descriptors:   4096
        Available number of file descriptors: 4021
        Reserved number of file descriptors:   100
====
----
!port が開かない
 # http_port 3128 ## ORIGNAL
 http_port 192.168.54.101:3128
----
!Kernel tuning
 
 sysctl net.ipv4.tcp_fin_timeout=30
 sysctl net.ipv4.tcp_max_syn_backlog=4096
 sysctl net.core.somaxconn=4096
 sysctl net.core.netdev_max_backlog=4096
 sysctl net.core.netdev_max_backlog=360000
 sysctl net.ipv4.tcp_tw_reuse=1
----
! log のフォーマットを変更する
https://nwengblog.com/squidlog/

----
! SSLBump

https://help.kaspersky.com/KWTS/6.0/ja-JP/166244.htm

https://webnetforce.net/squid-ssl-bump/

----
*https://trafficserver.apache.org/
----