Squid not caching

apache-2.2 cache squid

I am trying to configure Squid as a caching server. I have a LAN where The webserver (apache) is at 192.168.122.11 squid is at 192.168.122.21 and my client is at 192.168.122.22. The problem is, when I look at Squid's access log, all I see are TCP_MISS messages. It seems Squid is not caching at all. I checked that the cache directory has all proper permissions. What else can go wrong here? Here is my squid config:

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.1/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_port 3128 accel defaultsite=cona-proxy vhost
cache_peer 192.168.122.11 parent 80 0 no-query originserver login=PAS name=webserver
cache_dir ufs /var/spool/squid3 100 16 256
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:   1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?)   0   0%  0
refresh_pattern (Release|Packages(.gz)*)$   0   20% 2880
refresh_pattern .   0   20% 4320
always_direct allow all
acl server_users dstdomain cona-proxy
http_access allow server_users
cache_peer_access webserver allow server_users
cache_peer_access webserver deny all

In all machines, cona-proxy points to 192.168.122.21 (added that in /etc/hosts)

Output of curl -v 192.168.122.11

* About to connect() to 192.168.122.11 (#0)
* Trying 192.168.122.11... connected
> GET / HTTP/1.1
> User-Agent: curl/7.22.0 (i686-pc-linux-gnu) libculr/7.22.0 OpneSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: 192.168.122.11
> Accept: */*
>
< HTTP/1.1 202 OK
< Date Mon, 02 Jul 2012 05:48:50 GMT
< Server: Apache/2.2.22 (Ubuntu)
< Last-Modified: Tue, 19 Jun 2012 23:04:25 GMT
< ETag: "27389-b1-4c2db4dc2c182"
< Accept_Ranges: bytes
< Content-Length: 177
< Vary: Accept-Encoding
< Content-Type: text/html
< X-Pad: avoid browser bug
<
<html><body><h1>It works!</h1>
<p>This is the default web page for the server.</p>
<p>The web server software is running but no content has been added, yet. </p>
</body></html>
* Connection #0 to host 192.168.122.11 left intact
* Closing connection #0

In your config you have missed this lines:

acl myhosts src 192.168.0.0/255.255.0.0 (your internal network/netmask)
http_access allow myhosts

EDIT1:

Your web server is not your cache_peer. Please, remove this line from your config file. Squid has for interoperability between caches another type of protocol (ICP), which apache don't know.


In my experience, the 3 most common reasons why Squid refuses to cache content are:

  • Cache directory permissions, and you have taken care of that. Good :)
  • http_access, but it's not your case, because you are seeing TCP_MISS lines in your access.log
  • refresh_pattern directives

refresh_pattern directive(s) control how Squid considers objects fresh or stale, particularly in relation to the way your browser makes the requests, and which cache control HTTP headers are exchanged.

The refresh_pattern lines you have in your configuration are Squid's default lines. However, I just installed Squid on Ubuntu 2 weeks ago, and with those defaults, it caches almost nothing.

Squid's documentation about refresh_pattern should explain the meaning of each line, but I actually can't understand what that documentation means. And apparently I'm not alone :)

I would suggest you to add one or more of the following patterns and test specific files/URLs until you're satisfied. Example:

refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200

With this one, you're telling Squid to consider all icons/pictures cacheable for at least 1 hour to a maximum of half a day. Your browser might send HTTP requests with particular cache headers that cause Squid to reply with a TCP_MISS anyway. To force cached replies, even breaking client expectations, you can do this:

refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private

Same goes for bigger movie/audio/iso files:

refresh_pattern -i \.(mp[34g]|swf|wav|...)$ 43200 90% 432000

If anything else fails, use a mighty hammer :) but I do not recommend this:

refresh_pattern . 3600    80%     14400

with which you're telling Squid that it can cache everything for at least 1 hour. However, this will almost certainly break dynamic applications. Use it if the server you're trying to cache is mostly composed of static content.

Also, don't forget maximum_object_size. By default, it's 20Mb. If the objects you're trying to cache are bigger than that, Squid won't cache them. I upped it 10x, to 200Mb. YMMV.

maximum_object_size 204800 KB

BTW, your cache_peer line is incorrect, because it points to Apache. A cache_peer in squid speak is another squid instance higher up in the cache hierarchy, that usually used to be an ISP cache server in the old days. Just remove that line.

And good luck :)

Related

Start detached screen session
VLAN Inheritance?
Can an e-mail's headers tell you if it has an attachment?
Correct process for starting new EC2 Instance from an EBS snapshot
How do I determine what taskhost.exe is doing?
Migrate raw disk image over LAN
DegradedArray event on /dev/md1
mdadm: Which disk is being rebuilt?
How can I automatically delete old apache error log files?
Dell PowerEdge server crashed, how to repair? What happened? Information inside
Are there standards/conventions used by IT technical writers?
Tail -f on new files