+5 votes
76 views
in Setting by (78.1k points)
reopened
Squid: speed up your website with a cross-platform proxy-cache

1 Answer

+3 votes
by (518k points)
edited
 
Best answer

image

Squid: speed up your website with a cross-platform proxy-cache

Performance is one of the most important qualities of a good website, since users often leave a page with excessive loading times before they have even been able to appreciate the quality of the content it hosts. Since 2010, page speed, or pagespeed, has been included in Google's ranking factors as a component of user experience (UX). This makes it necessary to devote some attention to optimizing the loading speed of a web page, especially when you are an administrator. Among other possibilities, this is achieved by compressing the images, compressing or optimizing code files or reducing the number of requests..

Another way to improve the performance of a website and reduce server load is to install a reverse proxy server that acts as an intermediary between the browser and the web server , processing browser requests on its behalf and delivering static content, which has been stored autonomously, without having to request it from the main server. This is especially effective when the server has to dynamically generate the same page over and over again, even if it is unchanged. Among the most popular solutions for implementing a proxy-cache server of this type is the free Squid program.

Index
  1. What is Squid?
  2. Why you should implement a Squid proxy server
  3. How does caching a Squid server work?
  4. Hardware requirements to install a Squid
  5. Squid Installation Manual
  6. How to configure Squid to speed up a web page
    1. Network Options: # NETWORK OPTIONS
    2. Caching options: # OPTIONS WHICH AFFECT THE CACHE SIZE
    3. Caching and logfile directories: # LOGFILE PATHNAMES AND CACHE DIRECTORIES
    4. Access options: # ACCESS CONTROLS

What is Squid?

Squid is proxy server software released by Duane Wessels in 1998 as the last pre-commercial version of the Harvest object cache, naming it to differentiate it from the main NetCache branch, the development of which has not been continued. Squid is licensed under a GNU General Public License and supports, among others, the HTTP, HTTP / 2, HTTPS and FTP protocols..

Squid servers run on common operating systems, such as various Linux distributions or Mac OS X and Windows systems , either with the device's own command tool or through a graphical interface such as GAdmin-SQUID or SquidMan.

Squid is used as a proxy-cache by thousands of web administrators. Wikipedia, without going any further, used several Squid proxy servers for years to deliver the content, with the aim of decongesting the database and the web server. Also, the fact of supporting the HTTPS protocol makes it ideal for establishing secure SSL connections. In another area, Internet providers also use it as a transparent proxy in order to optimize Internet access. Of course, it can also be used as a forward proxy for a single client, so that the IP address itself is hidden, thus providing additional protection in addition to the packet filtering of the firewall. The SquidGuard extension allows you to filter packets autonomously..

Why you should implement a Squid proxy server

Free software since its first version, Squid's source code is publicly available and does not require a license fee, which means that it is not only downloaded for free but can be modified to suit the needs of each particular case. However, changes are not usually necessary due to the diversity and speed improvement that Squid offers, a product of the long-standing experience of developers who are dedicated to managing and developing the proxy program.

Also in the private sphere, the advantages of installing a Squid proxy server are demonstrated thanks to the definable access control lists ( Access Control Lists ) that allow, on the one hand, to block access to certain content or limit the bandwidth that is used. you can use and, on the other hand, analyze the proxy logfiles to control data traffic.

Another relevant aspect of Squid is its great flexibility, from which the most complex networks especially benefit, in such a way that it would allow building a combination of interconnected Squid proxy-cache servers, among which the requests would be distributed. This set of servers offloads each of the components and greatly increases crash safety . In the same way as in a content delivery network, each of the reverse proxy servers can be located in different places.

How does caching a Squid server work?

The security and control functions mentioned are a sample of the diversity of the fields of application of a Squid server, but as it convinces in the first instance it is by its main function of proxy-cache server for the temporary storage of data . In order to guarantee the currency and availability of this data, Squid calculates its state from time to time, with two possible results: that the examined object is current (fresh) or is obsolete (stale). To avoid having to always check the entire data set, an algorithm calculates how often the state of each object needs to be checked. The following information is considered in this evaluation:

LM Last modified; information in the header that reveals the date of the last modification
FORMER Expire; information in the header with the expiration date of an object
NOW Current date
OBJ_Date Date the object was cached in Squid or last change
MIN Minimum cache permanence
MAX Maximum cache persistence
PERCENT Permanence factor
Obj_Age Describes how long an object has been in the cache (NOW - OBJ_Date)
LM_Age Age of an object at time of caching (OBJ_Date - LM)
LM_FACTOR Age factor (Obj_Age / LM_Age)

If we want to find out until when (X) an object is valid in the cache, we use this formula:

  X = OBJ_Date + (LM_Age * PERCENT)  

This caching algorithm increases the Squid server's control over the state of an object if the object experiences frequent changes. The moment where the evaluation begins is then MIN, that is, the minimum date assigned for the stay in the cache. Later, when the maximum date for stay or MAX is reached, Squid has no choice but to contact the web server. To do this, the proxy software sends a GET request with the If Modified Since information that includes the OBJ_DATE date . The web server checks the status of the object and can send two responses:

  • Status code 304 (not modified) if the object has not been changed,
  • Status code 200 (ok), as well as the new and changed object.

In this way data is only transmitted if it has actually changed.

Hardware requirements to install a Squid

When you want to use a Squid reverse proxy the first task is to check that you have the necessary hardware structures. A proxy-cache does not have special needs in terms of processor power , but it does depend on adequate storage capacity in the hard disk drive and memory and, since today they are very affordable components, their acquisition is more a question of the correct calculation than of the price. First, calculate the memory space requirement of the project, leaving some room for potential growth, and second, go for modern hardware components such as SSD solid-state drives, characterized by short access times that guarantee the ideal optimization of the speed of your website.

Squid Installation Manual

In general, there are two options to choose from when installing Squid software. You can choose the first one if Squid is included in the package management of the distribution you are using. If it is, the installation of the proxy program takes place via command lines following the familiar pattern:

  sudo apt-get update sudo apt-get install squid  

The second variant involves downloading the installation files, which are also extracted and compiled as usual (version 3.5.20 has been followed in the example):

  tar xzf squid-3.5.20.tar.gz cd squid-3.5.20 ./configure make  

Once downloaded, the installation starts with the command:

  make install  

Since version 3.5 there is an unofficial MSI installation package for 64 bit Windows systems that is run by double-clicking after download.

It should be mentioned that for each stable version published there is a beta version and a development version with new features. However, the reason for these two versions is precisely to try these new functions, so you should not resort to them unless you know the Squid software very well.

How to configure Squid to speed up a web page

The squid .conf configuration file is used to define the type of proxy Squid should impersonate , which is usually found by default in / etc or in / usr / local / squid / etc / (or in the directory that you specified during installation). Some settings are already defined by default on command lines preceded by the pound sign (#). What follows is a summary of the options required to install Squid.

Network Options: # NETWORK OPTIONS

These commands define the IP addresses and ports relevant to the operation of the Squid server. The following entries are key to the proxy-cache:

http_port

Syntax : http_port [ Host name or IP address :] Port number

Description : Defines the port on which Squid listens for HTTP requests from clients, defined by default as port 3128. If neither hostname nor IP address is entered, the settings apply to all embedded IP addresses. It is also possible to enter multiple ports.

Example : http_port 192.168.0.1:3128

https_port

Syntax : https_port [ Address IP :] port number cert = Path to SSL certificate [key = Path to private SSL key ] [ options ]

Description : If Squid is to receive SSL or TLS connection is necessary to provide the HTTPS port as well as also the path to the certificate used (in PEM format). If no private SSL key is entered, Squid assumes that the PEM file already contains the private key. The options parameter allows you to enter extra options according to the OpenSSL documentation.

icp_port

Syntax : icp_port Port number

Description : here you enter the port on which Squid accepts ICP (Internet Cache Protocol) requests or receives UDP packets. You only have to enter it in the case that several proxies are used that have to communicate with each other. The standard port is 3130. To disable the function, enter the parameter 0.

Example : icp_port 3130

Caching options: # OPTIONS WHICH AFFECT THE CACHE SIZE

In the caching options you define whether Squid will use memory for caching tasks and, if it does, how much, or it determines the minimum and maximum size of the objects and the general caching behavior.

cache_mem

Syntax : cache_mem Memory space in MB

Description : cache_mem defines the size of the main disk reserved for objects in transit ( In-Transit Objects ), for highly requested objects ( Hot Objects ) and for non-cacheable objects ( Negative-Cached Objects ). As these objects exist in blocks of 4 KB each, the value entered here must be a multiple of 4 KB. This option is not to be confused with Squid's overall storage requirement, which is not regulated in this way.

Example : cache_mem 256 MB

maximum_object_size

Syntax : maximum_object_size Object size in KB / MB

Description : This line informs Squid about the maximum size that the objects must have to be stored in the cache. The minimum size is set with minimum_object_size.

Example : maximum_object_size 4 MB

Caching and logfile directories: # LOGFILE PATHNAMES AND CACHE DIRECTORIES

Along with the information about the ports and the behavior of the proxy-cache, Squid also needs to know in which directory to temporarily store the contents and the generated log data.

cache_dir

Syntax : cache_dir Type of directory Path to directory Storage space Number of directories

Description : with cache_dir you define both the directory for caching and its maximum capacity in Megabyte and the number of directories and subdirectories. The default installed directory type is ufs. This option is generally disabled, so it must be enabled first.

Example : cache_dir ufs / usr / local / squid / var / cache / squid 100 16 256

cache_log

Syntax : cache_log File path

Description : specifies where the Squid server logfile is stored, which records general information about the behavior of the software.

Example : cache_log /usr/local/squid/var/logs/cache.log

Access options: # ACCESS CONTROLS

Lastly, the ports used by Squid require clearly defined access lists. Two parameters are especially decisive in this case:

Acl

Syntax : acl List name List type Argument

Description : this parameter allows you to create an exhaustive list of accesses for all HTTP, ICP and TCP connections. For a complete list of types and options we recommend taking a look at the official Squid manual.

Example : acl all src 0.0.0.0

http_access

Syntax : http_acess allow | deny [!] List name

Description : http_acess allows (allow) or denies (deny) access to the HTTP port based on previously defined access lists. When the name of the list is preceded by the exclamation point, the instruction affects all connections that are not included in the referenced list.

Example : htttp_access deny! SSL_ports


...