We have a linux 3.16 with squid 3.4.8 listening on port 3128 ( not transparent proxy ).
And about 1200 windows clients, spread on 50 different sites.
They use the proxy to navigate on internet.
Our proxy.pac simplified :
function FindProxyForURL( url, host ) {
return "PROXY 10.1.1.108:3128; DIRECT";
}
The questions :
-
I cannot find the value of backlog used by squid3 on its listening socket. Is there a setting or does squid use the linux default ?
-
squid3 / debian / demon script : why the mainteners set ulimit -n 65535 ?
-
How can I check if the clients go direct because of the linux server too slow / undersized to accept the incoming connections ? Are there specific logging settings for linux and squid3 ?
The linux server has this tcp backlog :
cat /proc/sys/net/ipv4/tcp_max_syn_backlog
256
Does squid3 inherit this settings when calling
or does squid3 set its specific value ?
About max open file descriptors
Use operating system limits set by ulimit
It isn't so simple.
Our server can open a maximum of
cat /proc/sys/fs/file-max
818029
How many fd can squid3 handle ?
squidclient mgr:info | grep 'file descri'
Sending HTTP request … done.
Maximum number of file descriptors: 65535
It is a debian 8, and the mantainers built this daemon script
cat /etc/init.d/squid3 | grep ulimit
ulimit -n 65535
So, what is the rationale to limit squid3 fd to 65535 ?
best regards, Sala
Best Answer
Please only ask one question at a time.
Your PAC tells the browser it may use a proxy or go direct. The browser gets to choose, but should prefer using the proxy. How it does the choosing is browser specific.
The OS underlying TCP settings may have an effect on what actually gets delivered to Squid. The squid.conf max_filedescriptors setting determines an upper limit on the number of FD (both sockets and files) Squid can handle concurrently, each incoming client TCP connection requires between 2 and 6 FDs to produce a response.