'lo all,
I inherited a task that I'm not quite up to but would like to learn how to set
up properly, maybe you can shed some light?
My barely adequate Squid skills are about 3 years rusty and I'm still reading
about the differences, but I believe the desired configuration is "accelerated
mode", "reverse proxy", or "a redirector". Basicly I want to hide/protect a
webserver farm from the Internet (with the added benefit of caching).
And there is a somewhat functional solution in place:
The box is remote, so I don't know much about the hardware yet:
70Gb drive, but a df shows <3Gb in use. (that's odd, right?)
Running a top command shows squid only periodicly, and using <5% CPU and <5%
Memory
(sorry, I forgot to write down the total RAM)
The squid is version 2.5.STABLE9, and it has acceleration configs:
http_accel_host virtual
http_accel_port 80
http_accel_single_host off
http_accel_with_proxy off [this means it is not caching, right?]
http_accel_uses_host_header on
and some
https_port <ip>:443 cert=/path/to/cert key=/path/to/key
They also have some kind of redirector in place... but I don't really
understand how or what it's doing.
There is no "redirect_program" line in the squid.conf, though "redir" seems to
run as a service?
There is a script called port.forwarder in /etc/init.d which calls a bunch of
redir's (redir-2.2.1) with parameters like:
--laddr=aaa.aaa.aaa.aaa --lport=8080 --cport=8080 --caddr=bbb.bbb.bbb.bbb
Which I interpret as port forwarding... but I don't see where it's actually
being used.
Running a ps -aux command shows a redir process running for each ip assigned to
the NIC, yet I don't see them with top.
There have been increasing problems with timeouts on the client side and the
concern is that redir-2.2.1 is obsolete and slowing down traffic. And when
they get complaints, they run "port.forwarder stop; port.forwarder start" and
the symptoms go away. The solution proposed as my task is: upgrade "redir" to
"squidGuard"...
(personally I believe the root of their problem lies elsewhere, but the least I
can do is tune up their squid)
Can anyone explain what they have set up now?
Or, help me understand how squidGuard will improve performance (and then how to
configure it in an accelerator mode to port forward?!) or help me gain the
weapons to prove that squidGuard is not the answer?
Sincerely,
Mike
