Squid 2.6 config for reverse proxy accelerator
Caching is an important part of a scalability strategy for a busy web application and there are many tools out there which perform various types of caching.
I favor the Reverse Proxy style cache, where a dedicated cache layer sits in front of your application stack and is the common gateway for all inbound and outbound traffic. This way you can offload as much of the work on an easily scalable cache layer, and allow fewer and fewer requests to burden the backend servers where the lifting is heavier, and cheap and simple horizontal scalability can be more challenging.
I have evaluated many of the caching tools out there, and decided to go with Squid for one reason: sheer volume of information available (such as archived mailing list entries). When the impossible issues arise I like to have a large set of data to research from. That said, there are quite a few challengers to Squid’s dominance in the caching realm, and most of them have superior performance and more modern design than Squid does.
The alternatives I have looked at include ncache which is based on the awesome nginx, Varnish which is the clear performance leader and will become mainstream very soon I imagine (and powers this very site), Mod-Cache for lighty and also various combinations of Apache with mod_proxy, mod_cache and mod_mem_cache.
In testing, I showed a 500%-700% page load time decrease, and 300%-500% throughput speed increase, and a backend offload rate of 40%-90% of requests when Squid was introduced in front of one particular application. This increases capacity by an order of magnitude, at the cost of some (cheap) hardware and one more moving part which can fail or introduce bugs (timeouts, anyone?). It’s a very acceptable tradeoff IMHO.
Here’s what you came for: A very stripped down, and possibly less than 100% secure (Squid ACLs still vex me to some extent) squid.conf for a reverse proxy accelerator:
##########################################################################################
# Admin settings
##########################################################################################
cache_mgr cacheman@yoursite.com
##########################################################################################
# Cache Params
##########################################################################################
# Disk cache: 4096 MB, 16 top directories max, 256 second-level directories max
cache_dir ufs /path/to/squid/current/var/cache 4096 16 256
# want to use volatile memory for squid?
cache_mem 340 MB
#This option enables multiple requests for the same URI to be processed as one request
#and needs careful consideration
collapsed_forwarding on
#Smallest expiry interval that Squid will honor in headers
minimum_expiry_time 120 seconds
##########################################################################################
# Backend Servers Settings
##########################################################################################
#URL of the site you are caching
http_port 80 accel defaultsite=domain.yoursite.com vhost
#round robin loadbalancing of backends
cache_peer 192.168.10.25 parent 80 0 no-query originserver round-robin name=server25
cache_peer 192.168.10.26 parent 80 0 no-query originserver round-robin name=server26
#send some requests to different places by naming cache_peers and using acls
cache_peer 192.168.10.10 parent 80 0 no-query originserver name=server10
##########################################################################################
# ACLs
##########################################################################################
acl all src 0.0.0.0/0.0.0.0
#here we can reroute selected requests in an ACL
#anything for /admintools should go to server10
acl adminonly urlpath_regex ^/admintools
cache_peer_access adminonly allow server10
cache_peer_access server25 deny adminonly
cache_peer_access server26 deny adminonly
#security feature: allow only traffic for this URL pattern through your Squid
acl our_sites dstdomain .yoursite.com
http_access allow our_sites
##########################################################################################
# ACLs for manager app
##########################################################################################
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
http_access allow manager localhost
#set your password for cachemgr here
cachemgr_passwd myn1cepass all
##########################################################################################
# Headers
##########################################################################################
#i prefer to have the Via header
via on
header_access Via allow all
header_access Age deny all
header_access X-Cache deny all
##########################################################################################
# Refresh-patterns: forcing caching behavior, even when the backed Headers are wrong
##########################################################################################
# Note: some of these actions violate the HTTP standard and can cause issues.
# ref: http://www.squid-cache.org/Versions/v2/2.6/cfgman/refresh_pattern.html
#images we cache for 10mins no more no less, no matter what the backend tells me
refresh_pattern -i \.jpg$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.jpeg$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.gif$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.png$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims
#swf/flv we cache for 10mins no more no less, no matter what the backend tells me
refresh_pattern -i \.swf$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.flv$ 10 90% 10 override-expire override-lastmod ignore-reload reload-into-ims
#html elements we cache for 2mins no more no less, no matter what the backend tells me
refresh_pattern -i \.js$ 2 90% 2 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern -i \.css$ 2 90% 2 override-expire override-lastmod ignore-reload reload-into-ims
##########################################################################################
#logs
##########################################################################################
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %
access_log /path/to/squid/current/var/logs/access.log squid
cache_log /path/to/squid/current/var/logs/cache.log
cache_store_log /path/to/squid/current/var/logs/store.log