This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!
Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.
Getting the right cache configuration for your IPFire system is very important as it determines the efficiency of the web proxy. If some configuration settings are too small, such as "Memory cache size", your proxy may respond quickly, but won't efficiently cache web pages for clients. However, if some configuration settings are too large, including "Memory cache size", "Harddisk cache size" or "Number of level-1 subdirectories" (for example) your proxy may be very slow and significantly slow down the speed clients can browse the web.
This checkbox enables the Squid Cachemanger. The cache manager is a WUI utility for the management of the cache. It displays statistics and can be used for an overview of the memory usage of the current proxy process.
cache_mgr - This field is shown on error pages displayed by the proxy. It can provide a helpful link for users to contact the administrator.
cachemgr_passwd - If the cachemanager is enabled, a password for administration should be entered here.
You can leave the name field blank.
max_filedescriptors - In environments with a large amount of clients, or high/unusual traffic, the proxy may reach a limit where it is not permitted to open any more cache files. When this problem occurs the logs will contain the message:
WARNING! Your cache is running out of filedescriptors
If this occurs you should increase this field by 1024, or more. If you are not seeing this problem it is best not to increase this limit as a high file descriptor limit could use more memory.
cache_mem - This field defines the amount of memory allocated by Squid. "in-transit objects" (transition objects have the highest priority), Hot Objects (constantly requested objects) and Negative-Cached objects (non-cacheable objects such as 'Log HTTP' status messages) are cached by Squid. It will be stored in 4 KB blocks, so this value should be a multiple 4. Note that under high load, Squid can also override this value so this is not a fixed memory limit.
|This value does not determine the total memory footprint of the cache. This is only an additional memory value for the objects mentioned above. The actual memory requirements can be significantly higher. Ideally no more than 50% of installed RAM should be used.|
minimum_object_size = Smaller objects as the here defined value (in kilobytes) are not stored on the hard disk cache. A setting of "0" KB means there is no limit.
maximum_object_size - Objects, which are larger than the specified value here (also in KB), are no longer stored on the hard disk cache. With these configuration items, you can save more bandwidth, as a higher value allows larger objects. With a lower value, the speed can be increased. The default is 4 MB.
|If the 'Cache replacement policy' "heap LFUDA" is used, the maximum_object_size should be increased to maximize the byte hit rate.|
cache_dir = This directive determines the size of the cache on the hard disk.
|Avoid setting a very high harddisk cache size as doing so can result in very high memory usage. You should avoid squid causing IPFire to run out of ram and begin swapping to disk as it will dramatically reduce performance.|
|For each 1 GB of RAM, 10-20 MB hard disk space can be used used for cache_mem. So, a 20 GB disk cache would increase the cache_mem (memory cache size (MB) :) to 200-400 MB. For 512 MB this value grows up to 712-912 MB http://wiki.squid-cache.org/SquidFaq/SquidMemory#how-much-ram.|
The directive "cache_dir" is composed of multiple values . The syntax is as follows:
cache_dir aufs /var/log/cache 100 16 256
It is also possible to create multiple cache_dir lines /var/ipfire/proxy/advanced/acls/include.acl) ,if you want to distribute the cache on multiple partitions or file systems. In here is a description of how to edit the squid.conf manually.
Also it should be referred to the Squid documentation --> http://www.squid-cache.org/Doc/config/cache_dir/ .
|The cache can also be switched off with the value 0, which is a good idea especially for CompactFlash cards to increase their life span. 10 MB is the minimum value.|
Number of level-1 subdirectories: = (cache_dir) Squid creates its objects in a certain order, which accommodates to the file management system of Linux. Each level-1 directory contains 256 subdirectories by default. The default setting is 16 level-1 subdirectories so in this situation there are 4096 Level-2 subdirectories.
|The default value of 16 should only be increased when necessary|
These two fields define the method used to decide which objects in memory [memory_replacement_policy] or in disk cache (*cache_replacement_policy will be removed so that there is space for new objects to be saved.
The policies available include one designed to increase object hit rate (so Squid is more likely to cache objects which are needed more often - speed) or byte hit rate (so that Squid is more likely to cache objects which will reduce the need for data being downloaded in future - bandwidth)
Both policies are configured with drop-down boxes and the memory replacement policy can differ from the cache replacement policy. They can have the following values:
When this is enabled, Squid will not try to check if cached objects (web pages and images) are current and will display them regardless of their age. This mode will result in less internet traffic used, but is likely to result in stale (old) objects being returned to clients.
This setting is not recommended for most IPFire installations.
This is only beneficial when working with multiple proxies (peers) and will not be helpful to basic IPFire installations. When selected a summary of the objects held by the Squid cache is created. This summary can be exchanged with cache peers (other proxies) and can result in reduced client latency and response time.
dst_nocache.acl - IP Addresses or internet domains entered in to this text box will not be cached by Squid. This means that each time one of these addresses or domains are requested by a client they will be retrieved directly from the internet.
This is useful for sites which are very frequently updated, for bandwidth speed test sites and, if IPFire routes between two internal networks (such as Blue and Green), for internal domains and IPs.