Forgot about: My server is relatively modest (more resources just do not need :))
Just 8 cores (Xeon 2.3 GHz), 16 Gb RAM, SAS HDD's 10k RPM (~300 Gb in RAID-10) :) Overall CPU usage is ~3% (with SSL Bump). And half of RAM is free :) 20.03.2018 23:14, Yuri пишет: > > 20.03.2018 23:10, Yuri пишет: >> 20.03.2018 23:03, FredB пишет: >>> Hi Yuri, >>> >>> 200 mbits, more or less 1000/2000 simultaneous users >>> >>> I increase children value, because the limit is reached very quickly >> Because of SSL processing to slow. Investigate, why. Simple increasing >> number of children exghausting your RAM. >>>> and only 100 MB on disk? >>> 100 MB by process, no ? I think I should reduce this value and rather >>> increase the max of children >> No. This is overall fs limit to store. > Look on my relatively big server (Squid 5.0) config snippet: > > https_port 3127 intercept ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=10MB cert=/usr/local/squid/etc/rootCA2.crt > key=/usr/local/squid/etc/rootCA2.key > tls-cafile=/usr/local/squid/etc/rootCA12.crt > options=SINGLE_DH_USE:SINGLE_ECDH_USE > tls-dh=secp384r1:/usr/local/squid/etc/dhparam.pem > cipher=HIGH:MEDIUM:RC4:3DES:!aNULL:!eNULL:!LOW:!MD5:!EXP:!PSK:!SRP:!DSS > tls-no-npn sslflags=NO_DEFAULT_CA:VERIFY_CRL_ALL > http_port 3128 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=10MB cert=/usr/local/squid/etc/rootCA2.crt > key=/usr/local/squid/etc/rootCA2.key > tls-cafile=/usr/local/squid/etc/rootCA12.crt > options=SINGLE_DH_USE:SINGLE_ECDH_USE > tls-dh=secp384r1:/usr/local/squid/etc/dhparam.pem > cipher=HIGH:MEDIUM:RC4:3DES:!aNULL:!eNULL:!LOW:!MD5:!EXP:!PSK:!SRP:!DSS > tls-no-npn sslflags=NO_DEFAULT_CA:VERIFY_CRL_ALL > tls_outgoing_options cafile=/usr/local/squid/etc/ca-bundle.crt > cipher=HIGH:MEDIUM:RC4:3DES:!aNULL:!eNULL:!LOW:!MD5:!EXP:!PSK:!SRP:!DSS > > # Cert database on ramdisk > sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s > /ramdisk1/ssl_db -M 1GB > sslcrtd_children 32 startup=10 idle=5 > > Pay attention - I've put SSL db on RAM disk. :) >>> Maybe such load is just impossible because I reached a limit with a single >>> core >> Hardly. SSL helper children should spread across cores by OS scheduler. >>> Perhaps I should retry SMP but unfortunately in the past I had many issues >>> with, and some features I'm using still SMP-unaware >> Squid's SMP itself does not solves SSL Bump issues. It's about different >> things, and, IMHO, irrelevant your load profile. >>> _______________________________________________ >>> squid-users mailing list >>> squid-users@lists.squid-cache.org >>> http://lists.squid-cache.org/listinfo/squid-users -- "C++ seems like a language suitable for firing other people's legs." ***************************** * C++20 : Bug to the future * *****************************
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
