Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

Differences in Revisions: Proxy cache management configuration

»
corrected link to "Manually editing the Squid configuration"
# Proxy cache management configuration
 
**[Back to proxy main page](/configuration/network/proxy)**
 
[Next configuration section](/configuration/network/proxy/wui_conf/ports)
 
Getting the right cache configuration for your IPFire system is very important as it determines the efficiency of the web proxy. If some configuration settings are too small, such as "Memory cache size", your proxy may respond quickly, but won't efficiently cache web pages for clients. However, if some configuration settings are too large, including "Memory cache size", "Harddisk cache size" or "Number of level-1 subdirectories" (for example) your proxy may be very slow and significantly slow down the speed clients can browse the web.
 
* For helpful example configurations see the [Example Squid Web proxy configuration](/configuration/network/proxy/example_conf) page.
 
![](./cache_management.png)
 
### Activate cachemanager
This checkbox enables the Squid [Cachemanger](http://www.squid-handbuch.de/hb/node76_mn.html). The cache manager is a WUI utility for the management of the cache. It displays statistics and can be used for an overview of the memory usage of the current proxy process.
 
* If the Cache Manager is configured, the "Cache administrator password" field should also be configured
 
### Cache administrator e-mail
**cache_mgr** - This field is shown on error pages displayed by the proxy. It can provide a helpful link for users to contact the administrator.
 
### Cache administrator password
**cachemgr_passwd** - If the cachemanager is enabled, a password for administration should be entered here.
 
* The cache manager interface can be reached at the following address:
`https://<IP-of-your-IPFire>:444/cgi-bin/cachemgr.cgi`
 
You can leave the name field blank.
 
----
![](proxy_cachemgr1.png)
 
----
 
![](proxy_cachemgr2.png)
 
----
### Amount of filedescriptors
**max_filedescriptors** - In environments with a large amount of clients, or high/unusual traffic, the proxy may reach a limit where it is not permitted to open any more cache files. When this problem occurs the logs will contain the message:
`WARNING! Your cache is running out of filedescriptors`
 
If this occurs you should increase this field by 1024, or more. If you are not seeing this problem it is best not to increase this limit as a high file descriptor limit could use more memory.
 
### Memory cache size (MB)
**cache_mem** - This field defines the amount of memory allocated by Squid. "in-transit objects" (transition objects have the highest priority), Hot Objects (constantly requested objects) and Negative-Cached objects (non-cacheable objects such as 'Log HTTP' status messages) are cached by Squid. It will be stored in 4 KB blocks, so this value should be a multiple 4. Note that under high load, Squid can also override this value so this is not a fixed memory limit.
 
| Note! |
|---|
| This value does *not* determine the total memory footprint of the cache. This is only an additional memory value for the objects mentioned above. The actual memory requirements can be significantly higher. Ideally no more than 50% of installed RAM should be used. |
 
###Min object size (KB):
**minimum_object_size** = Smaller objects as the here defined value (in kilobytes) are not stored on the hard disk cache. A setting of "0" KB means there is no limit.
 
###Max object size (KB):
**maximum_object_size** - Objects, which are larger than the specified value here (also in KB), are no longer stored on the hard disk cache. With these configuration items, you can save more bandwidth, as a higher value allows larger objects. With a lower value, the speed can be increased. The default is 4 MB.
 
| Note! |
|---|
| If the 'Cache replacement policy' "heap LFUDA" is used, the maximum_object_size should be increased to maximize the byte hit rate. |
 
### Harddisk cache size (MB):
**cache_dir** = This directive determines the size of the cache on the hard disk.
 
| Note! |
|---|
| Avoid setting a very high harddisk cache size as doing so can result in very high memory usage. You should avoid squid causing IPFire to run out of ram and begin swapping to disk as it will dramatically reduce performance. |
| For each 1 GB of RAM, 10-20 MB hard disk space can be used used for cache_mem. So, a 20 GB disk cache would increase the cache_mem (memory cache size (MB) :) to 200-400 MB. For 512 MB this value grows up to 712-912 MB [](http://wiki.squid-cache.org/SquidFaq/SquidMemory#how-much-ram). |
| |
 
The directive "cache_dir" is composed of multiple values . The syntax is as follows:
 
Syntax example:
```
cache_dir aufs /var/log/cache 100 16 256
```
 
* **aufs** = Is by default the memory type for Squid on IPFire. "aufs" uses the same storage format as "ufs" but using POSIX-threads which can prevent the blocking of Squid processes on disk I/O.
* **/var/log/cache** = Defines the cache directory.
* **100** = The first value is the "cache size on the hard drive (MB):". If this option is used, there must be at least 100 MB of free disk space. Under full load, the real value can be significantly above it.
* **16** = Is the "number of level-1 subdirectories" and can be controlled via the WUI.
* **256** = Is the "number of Level 2 sub-directories". These can not be regulated over the WUI (default 256).
 
It is also possible to create multiple cache_dir lines */var/ipfire/proxy/advanced/acls/include.acl*) ,if you want to distribute the cache on multiple partitions or file systems. In [here](/en/configuration/network/proxy/extend/conf_edit) is a description of how to edit the squid.conf manually.
 
Also it should be referred to the Squid documentation --> [](http://www.squid-cache.org/Doc/config/cache_dir/) .
Also it should be referred to the Squid documentation --> [](https://wiki.ipfire.org/configuration/network/proxy/extend/conf_edit) .
 
| Note! |
|---|
| The cache can also be switched off with the value 0, which is a good idea especially for CompactFlash cards to increase their life span. 10 MB is the minimum value. |
 
### Number of level-1 subdirectories
Number of level-1 subdirectories: = (**cache_dir**) Squid creates its objects in a certain order, which accommodates to the file management system of Linux. Each level-1 directory contains 256 subdirectories by default. The default setting is 16 level-1 subdirectories so in this situation there are 4096 Level-2 subdirectories.
 
| Note! |
|---|
| The default value of 16 should only be increased when necessary |
 
### Memory and cache replacement policy
These two fields define the method used to decide which objects in memory *[memory_replacement_policy]* or in disk cache (*[cache_replacement_policy](http://www.squid-cache.org/Versions/v3/3.4/cfgman/cache_replacement_policy.html) will be removed so that there is space for new objects to be saved.
 
The policies available include one designed to increase object hit rate (so Squid is more likely to cache objects which are needed more often - speed) or byte hit rate (so that Squid is more likely to cache objects which will reduce the need for data being downloaded in future - bandwidth)
 
Both policies are configured with drop-down boxes and the memory replacement policy can differ from the cache replacement policy. They can have the following values:
 
* **LRU** (least recently used) Cache most recently requested objects, regardless of their size and age.
* This is the original list-based policy used by Squid and is usually less efficient than "heap LRU" or the newer two methods below.
* **heap LFUDA** (Least Frequently Used with Dynamic Aging) Byte-hit rate (saving bandwidth) is increased as frequently requested objects are cached regardless of their size. For example, frequently requested large objects may be kept in the cache at the expense of many small objects.
* This policy is often best for disk cache replacement policy when a large "harddisk cache size (MB)" is defined.
* **heap GDSF** = (Greedy-Dual Size Frequency) Aims to keep small and frequently requested objects in the cache, which will result in less frequently used larger objects being removed. The object-hit rate (cache speed) will be enhanced using this policy.
* This policy is often best for memory replacement policy or links with high bandwidth.
* **heap LRU** = Works the same way as the original LRU, but uses a [heap](https://en.wikipedia.org/wiki/Heap_(data structure)) data structure for increased efficiency.
 
### Enable offline mode
[squid-cache.org - offline_mode](http://www.squid-cache.org/Versions/v3/3.4/cfgman/offline_mode.html)
 
When this is enabled, Squid will not try to check if cached objects (web pages and images) are current and will display them regardless of their age. This mode will result in less internet traffic used, but is likely to result in stale (old) objects being returned to clients.
 
*This setting is **not** recommended for most IPFire installations.*
 
### Enable Cache-Digest Generation
This is only beneficial when working with multiple proxies (peers) and will not be helpful to basic IPFire installations. When selected a [summary of the objects held by the Squid cache](http://www.linuxsecurity.com/resource_files/server_security/squid/FAQ/FAQ-16.html) is created. This summary can be exchanged with cache peers (other proxies) and can result in reduced client latency and response time.
 
 
### Do not cache these domains (one per line)
**dst_nocache.acl** - IP Addresses or internet domains entered in to this text box will not be cached by Squid. This means that each time one of these addresses or domains are requested by a client they will be retrieved directly from the internet.
 
This is useful for sites which are very frequently updated, for bandwidth speed test sites and, if IPFire routes between two internal networks (such as Blue and Green), for internal domains and IPs.
 
 
[Next configuration section](/configuration/network/proxy/wui_conf/ports)
 
**[Back to proxy main page](/configuration/network/proxy)**
 
## Additional links
* [Cache options in the Squid wiki](http://www.squid-handbuch.de/hb/node31_ct.html)
* [Cache Information on Wikipedia](https://en.wikipedia.org/wiki/Cache_(computing))
* [Infos for the cache manager](http://wiki.squid-cache.org/Features/CacheManager)
* [More info about the cachemanager](http://etutorials.org/Server+Administration/Squid.+The+definitive+guide/Chapter+14.+Monitoring+Squid/14.2+The+Cache+Manager/)