Chinaunix

标题: squid占用很大内存，并且崩溃 [打印本页]

作者: qianguozheng 时间: 2016-05-24 18:08
标题: squid占用很大内存，并且崩溃
Squid作为透明代理。

2016/05/24 16:51:03| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.48.1:3128 remote=192.168.56.3:53150 FD 4 flags=33
2016/05/24 16:51:03| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.48.1:3128 remote=192.168.56.3:53148 FD 4 flags=33: (2) No such file or directory
2016/05/24 16:51:03| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.48.1:3128 remote=192.168.56.3:53148 FD 4 flags=33
2016/05/24 16:51:03| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.48.1:3128 remote=192.168.56.3:53152 FD 4 flags=33: (2) No such file or directory
2016/05/24 16:51:03| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.48.1:3128 remote=192.168.56.3:53152 FD 4 flags=33
2016/05/24 16:51:03| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.48.1:3128 remote=192.168.56.3:53158 FD 4 flags=33: (2) No such file or directory
2016/05/24 16:51:03| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.48.1:3128 remote=192.168.56.3:53158 FD 4 flags=33

以上日志是squid出问题时打印的，这个时候已经无法通过squid访问网络了。

此时squid占用了很大的系统内存，CPU占用率高达20%左右，我使用ab命令在内网内给其制造压力。

配置文件如下：

acl all src all
#acl manager proto cache_object
#acl localhost src 127.0.0.1/32
#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8

作者: qianguozheng 时间: 2016-05-24 18:11

acl all src all

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

http_access allow all

icp_access deny all

# Squid normally listens to port 3128
http_port 3128 intercept
http_port 3129 intercept
#http_port 8080
nonhierarchical_direct off

access_log /var/log/access.log squid

#Default:
# logfile_daemon /usr/lib/squid/logfile-daemon
logfile_daemon /var/log/logfile-daemon

# TAG: cache_log
# Cache logging file. This is where general information about
# your cache's behavior goes. You can increase the amount of data
# logged to this file with the "debug_options" tag below.
#
#Default:
cache_log /var/log/cache.log

#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# Don't upgrade ShoutCast responses to HTTP
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
#upgrade_http0.9 deny shoutcast

acl apache rep_header Server ^Apache
#broken_vary_encoding allow apache

#Default:
cache_effective_user nobody

coredump_dir /var/cache

#acl NCACHE method GET
#no_cache deny NCACHE
debug_options ALL,1

#delay_pools 1
#delay_class 1 1

#delay_parameters 1 200000/200000

#delay_access 1 allow all

#logfile_rotate 4
########### Cache Config #########################

#### Disable Cache, memory cache included ########
acl NCACHE method GET
no_cache deny NCACHE

#cache_replacement_policy lru
#memory_replacement_policy lru

#cache_dir aufs /tmp/squid 20 16 256 max-size=2048
#cache_mem 512 MB # 1/3 of whole memory

#cache_swap_low 85
#cache_swap_high 95

#maximum_object_size 4096 KB
#maximum_object_size_in_memory 512 KB

#cache_mgr richard.qian@magicwifi.com.cn

cache_log /var/log/cache.log
access_log none
########### Cache Config End #####################

negative_ttl 0 minutes
negative_dns_ttl 0 minutes
positive_dns_ttl 10 minutes

half_closed_clients off

#memory_pools on
#memory_pools_limit 64MB

via off

作者: qianguozheng 时间: 2016-05-24 18:12
二楼为配置文件，通过如下配置，关闭缓存功能。
acl NCACHE method GET
no_cache deny NCACHE

作者: action08 时间: 2016-06-18 15:28
你想要说什么哦

作者: action08 时间: 2016-06-18 21:18
只要访问量商量了，很多事情就来了，自然是一种检验

拿这份工资就要能经受这个考验

作者: qianguozheng 时间: 2016-06-19 09:42
回复 5# action08

搞定了，工资拿少了。

作者: action08 时间: 2016-06-19 18:45
回复 6# qianguozheng

嗯，可以分享一下经验，让更多同学能拿跟你一样的工资

作者: qianguozheng 时间: 2016-06-20 18:05
回复 7# action08

我的插件的bug，在ecap论坛立找到了类似的问题，对象退出没有调用析构函数，导致内存泄漏

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)