Squid as accelerator for TurboGears

April 16, 2008 at 5:49 am | Posted in http, programming | 3 Comments

I’m trying to use squid as transparent caching proxy between apache httpd and a – largely read-only – TurboGears web application.

Apache already acts as proxy, sending requests to the web app which listens on a different port. But using mod_cache was not an option, because for apache 2.0 it’s still experimental and additionally it doesn’t seem to work well with mod_rewrite.

So the idea was, to simply plug in squid.

The main problem so far was to narrow down the monumental squid configuration to the few lines i actually need. This is what i came up with so far:

http_port accel defaultsite=site.served.by.web.app
cache_peer parent 8080 0 no-query originserver
refresh_pattern ^http: 1440 20% 1440 override-expire override-lastmod ignore-no-cache ignore-reload ignore-private
acl all src
acl our_sites dstdomain
http_access allow all
http_access allow our_sites

The http_port directive tells squid to listen on port 8888, in accelerator mode, proxying the dafault site.

The cache_peer directive specifies – i.e. the web app – as only cache peer. So whenever squid cannot serve a request from its cache, this is where it will turn to for help. The last three tokens 0 no-query originserver basically say that this is not another squid proxy, by setting the ICP port to 0.

The refresh_pattern directive specifies the rules according to which an item in the cache is to be treated as fresh or stale. In this case, all items with an http URL will be regarded as fresh for one day (1440 minutes). The options override-expire override-lastmod ignore-no-cache ignore-reload ignore-private basically override whatever either client or web app say about caching – so this setup is NOT an http compliant cache. But that’s alright, since we only cache stuff that we are the producers of, so we should know.

I didn’t spend much time investigationg the access control settings, since i figure my setup – squid only listening on an internal port – does already away with most security concerns.

So this is what the results look like in squid’s access log:

1208325630.099 688 TCP_MISS/200 11103 GET http://localhost/feature/28 - FIRST_UP_PARENT/ text/html
1208325634.274 1 TCP_HIT/200 11109 GET http://localhost/feature/28 - NONE/- text/html

The second token is the number of milliseconds squid needed to process the requests.



RSS feed for comments on this post. TrackBack URI

  1. Squid has a large helpful support base for configurations. Take a look through the squid wiki wiki.squid-cache.org or the squid-users mailing list for a lot of configs like the one you are trying to make.

    local port listening only is secure if no outsiders have any route to make requests there. It sounds like you apache proxy may be using squid and letting them through.

    Either way try the one below:

    http_port accel defaultsite=site.served.by.web.app
    cache_peer parent 8080 0 no-query originserver

    acl all src all
    acl our_sites dstdomain site.served.by.web.app
    cache_peer_access allow out_sites
    cache_peer_access deny all
    http_access allow our_sites
    http_access deny all

  2. thanx for the info amos. you’re right, by way of apache outsiders may make requests to squid. i’ll change that.

  3. […] on Ubuntu December 3, 2008 at 7:00 pm | In http | Tags: squid, ubuntu As described in earlier posts, our standard web application setup at work is TurboGears behind squid as transparent caching […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: