Squid Web Cache wiki

Squid Web Cache documentation

🔗 Running multiple instances of Squid on a system

Running multiple instances of Squid on a system is not hard, but it requires the administrator to make sure they don’t stomp on each other’s feet, and know how to recognize each other to avoid forwarding loops (or misdetected forwarding loops).

🔗 SMP enabled Squid

:information_source: Squid-3.5 provides the -n command line option to configure a unique service name for each Squid instance started. Each set of SMP-aware processes will interact only with other processes using the same service name. A service name is always present, the default service name is squid is used when the -n option is absent from the command line.

:information_source: A service name may only contain ASCI alphanumeric values (a-z, A-Z, 0-9).

When using a non-default service name to run squid all other command line options require use of the -n service name to target the service being controlled. This includes the -z option as some cache types require SMP-aware processing.

The configuration directives outlined below still require unique values to be configured even when service name is being used.

The macro ${service_name} is added to squid.conf processing. It expands to the service name of the process parsing the config file.

🔗 Relevant squid.conf directives

🔗 Tips

:warning: This section does not apply to SMP Squids.

The easiest way I found to manage multiple squids running on one single box was to:

🔗 Load Balancing behind a single port with iptables

by Felipe Damasio, Eric Dumazet, Jan Engelhardt

The theory of operation is: It puts the new HTTP connection on the extrachain chain. There, it marks each connection with a sequential number. This marking is latter checked by the PREROUTING chain and forwards it a squid port depending on the mark.

So, the first connection will be sent to port 3127, the second to 3128, the third to 3129, and the fourth back to 3127 (cycling through the ports on an even distribution).

The full thread on netfilter-devel where this was developed is here: http://marc.info/?l=netfilter-devel&m=127483388828088&w=2

(watch the wrap, iptables rules are single lines)


iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -N extrachain
iptables -t mangle -A PREROUTING -p tcp --dport 80 -m conntrack --ctstate NEW -j extrachain

for i in `seq 0 $((N-1))`; do
  iptables -t mangle -A extrachain -m statistic --mode nth --every $N --packet $i -j CONNMARK --set-mark $i

for i in `seq 0 $((N-1))`; do
  iptables -t mangle  -A PREROUTING -i eth0 -p tcp --dport 80 -m connmark --mark $i -j TPROXY --tproxy-mark 0x1/0x1  --on-port $((i+first_squid_port))
done ```

Categories: KnowledgeBase

Navigation: Site Search, Site Pages, Categories, 🔼 go up