Squid 2.6 config for reverse proxy accelerator

Caching is an important part of a scalability strategy for a busy web application and there are many tools out there which perform various types of caching.

I favor the Reverse Proxy style cache, where a dedicated cache layer sits in front of your application stack and is the common gateway for all inbound and outbound traffic. This way you can offload as much of the work on an easily scalable cache layer, and allow fewer and fewer requests to burden the backend servers where the lifting is heavier, and cheap and simple horizontal scalability can be more challenging.

I have evaluated many of the caching tools out there, and decided to go with Squid for one reason: sheer volume of information available (such as archived mailing list entries). When the impossible issues arise I like to have a large set of data to research from. That said, there are quite a few challengers to Squid’s dominance in the caching realm, and most of them have superior performance and more modern design than Squid does.

The alternatives I have looked at include ncache which is based on the awesome nginx, Varnish which is the clear performance leader and will become mainstream very soon I imagine (and powers this very site), Mod-Cache for lighty and also various combinations of Apache with mod_proxy, mod_cache and mod_mem_cache.

In testing, I showed a 500%-700% page load time decrease, and 300%-500% throughput speed increase, and a backend offload rate of 40%-90% of requests when Squid was introduced in front of one particular application. This increases capacity by an order of magnitude, at the cost of some (cheap) hardware and one more moving part which can fail or introduce bugs (timeouts, anyone?). It’s a very acceptable tradeoff IMHO.

Here’s what you came for: A very stripped down, and possibly less than 100% secure (Squid ACLs still vex me to some extent) squid.conf for a reverse proxy accelerator:

########################################################################################## # Admin settings ########################################################################################## cache_mgr cacheman@yoursite.com ########################################################################################## # Cache Params ########################################################################################## # Disk cache: 4096 MB, 16 top directories max, 256 second-level directories max cache_dir ufs /path/to/squid/current/var/cache 4096 16 256 # want to use volatile memory for squid? cache_mem 340 MB #This option enables multiple requests for the same URI to be processed as one request #and needs careful consideration collapsed_forwarding on #Smallest expiry interval that Squid will honor in headers minimum_expiry_time 120 seconds ########################################################################################## # Backend Servers Settings ########################################################################################## #URL of the site you are caching http_port 80 accel defaultsite=domain.yoursite.com vhost #round robin loadbalancing of backends cache_peer 192.168.10.25 parent 80 0 no-query originserver round-robin name=server25 cache_peer 192.168.10.26 parent 80 0 no-query originserver round-robin name=server26 #send some requests to different places by naming cache_peers and using acls cache_peer 192.168.10.10 parent 80 0 no-query originserver name=server10 ########################################################################################## # ACLs ########################################################################################## acl all src 0.0.0.0/0.0.0.0 #here we can reroute selected requests in an ACL #anything for /admintools should go to server10 acl adminonly urlpath_regex ^/admintools cache_peer_access adminonly allow server10 cache_peer_access server25 deny adminonly cache_peer_access server26 deny adminonly #security feature: allow only traffic for this URL pattern through your Squid acl our_sites dstdomain .yoursite.com http_access allow our_sites ########################################################################################## # ACLs for manager app ########################################################################################## acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 http_access allow manager localhost #set your password for cachemgr here cachemgr_passwd myn1cepass all ########################################################################################## # Headers ########################################################################################## #i prefer to have the Via header via on header_access Via allow all header_access Age deny all header_access X-Cache deny all ########################################################################################## # Refresh-patterns: forcing caching behavior, even when the backed Headers are wrong ########################################################################################## # Note: some of these actions violate the HTTP standard and can cause issues. # ref: http://www.squid-cache.org/Versions/v2/2.6/cfgman/refresh_pattern.html #images we cache for 10mins no more no less, no matter what the backend tells me refresh_pattern -i \.jpg$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern -i \.jpeg$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern -i \.gif$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern -i \.png$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims #swf/flv we cache for 10mins no more no less, no matter what the backend tells me refresh_pattern -i \.swf$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern -i \.flv$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims #html elements we cache for 2mins no more no less, no matter what the backend tells me refresh_pattern -i \.js$ 2 90% 2 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern -i \.css$ 2 90% 2 override-expire override-lastmod ignore-reload reload-into-ims ########################################################################################## #logs ########################################################################################## logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs % logformat squidmime %ts.%03tu %6tr %>a %Ss/%03Hs %h] [% logformat common %>a %ui %un [%tl] “%rm %ru HTTP/%rv” %Hs % logformat combined %>a %ui %un [%tl] “%rm %ru HTTP/%rv” %Hs %h” “%{User-Agent}>h” %Ss:%Sh access_log /path/to/squid/current/var/logs/access.log squid cache_log /path/to/squid/current/var/logs/cache.log cache_store_log /path/to/squid/current/var/logs/store.log

By: warwick, on: Jan 27, 2008
Tagged with: cache, proxy, squid

Discussion: 2 Responses

Dear Sir,
I am a complete newbie to reverse proxy.
I want to setup a reverse proxy and points it to a webserver. How can I do it sir.
can you help me with these?.

thanks in advance.

please help me.

By: Rodel Maranon On: June 17th, 2008 (5:17 am)

Thanks Warwick. This is the first working reverse proxy setup I find on the net.

By: Jose On: November 21st, 2008 (11:53 pm)