authenticator processes.
The startup= and idle= options permit some skew in the exact amount
- run. A minimum of startup=N will begin during startup and reconfigure
- and Squid will start more in groups of up to idle=N in an attempt to meet
+ run. A minimum of startup=N will begin during startup and reconfigure.
+ Squid will start more in groups of up to idle=N in an attempt to meet
traffic needs and to keep idle=N free above those traffic needs up to
the maximum.
you are likely to need lots of authenticator processes.
The startup= and idle= options permit some skew in the exact amount
- run. A minimum of startup=N will begin during startup and reconfigure
- and Squid will start more in groups of up to idle=N in an attempt to meet
+ run. A minimum of startup=N will begin during startup and reconfigure.
+ Squid will start more in groups of up to idle=N in an attempt to meet
traffic needs and to keep idle=N free above those traffic needs up to
the maximum.
processes.
The startup= and idle= options permit some skew in the exact amount
- run. A minimum of startup=N will begin during startup and reconfigure
- and Squid will start more in groups of up to idle=N in an attempt to meet
+ run. A minimum of startup=N will begin during startup and reconfigure.
+ Squid will start more in groups of up to idle=N in an attempt to meet
traffic needs and to keep idle=N free above those traffic needs up to
the maximum.
processes.
The startup= and idle= options permit some skew in the exact amount
- run. A minimum of startup=N will begin during startup and reconfigure
- and Squid will start more in groups of up to idle=N in an attempt to meet
+ run. A minimum of startup=N will begin during startup and reconfigure.
+ Squid will start more in groups of up to idle=N in an attempt to meet
traffic needs and to keep idle=N free above those traffic needs up to
the maximum.
sslcontext= SSL session ID context identifier.
+ generate-host-certificates[=<on|off>]
+ Dynamically create SSL server certificates for the
+ destination hosts of bumped CONNECT requests.When
+ enabled, the cert and key options are used to sign
+ generated certificates. Otherwise generated
+ certificate will be selfsigned.
+ If there is CA certificate life time of generated
+ certificate equals lifetime of CA certificate. If
+ generated certificate is selfsigned lifetime is three
+ years.
+ This option is enabled by default when SslBump is used.
+ See the sslBump option above for more information.
+
+ dynamic_cert_mem_cache_size=SIZE
+ Approximate total RAM size spent on cached generated
+ certificates. If set to zero, caching is disabled. The
+ default value is 4MB. An average XXX-bit certificate
+ consumes about XXX bytes of RAM.
Other Options:
keys.
DOC_END
+COMMENT_START
+ OPTIONS RELATING TO EXTERNAL SSL_CRTD
+ -----------------------------------------------------------------------------
+COMMENT_END
+
+NAME: sslcrtd_program
+TYPE: eol
+IFDEF: USE_SSL_CRTD
+DEFAULT: @DEFAULT_SSL_CRTD@ -s @DEFAULT_SSL_DB_DIR@ -M 4MB
+LOC: Ssl::TheConfig.ssl_crtd
+DOC_START
+ Specify the location and options of the executable for ssl_crtd process.
+ @DEFAULT_SSL_CRTD@ program requires -s and -M parameters
+ For more information use:
+ @DEFAULT_SSL_CRTD@ -h
+DOC_END
+
+NAME: sslcrtd_children
+TYPE: HelperChildConfig
+IFDEF: USE_SSL_CRTD
+DEFAULT: 32 startup=5 idle=1
+LOC: Ssl::TheConfig.ssl_crtdChildren
+DOC_START
+ The maximum number of processes spawn to service ssl server.
+ The maximum this may be safely set to is 32.
+
+ The startup= and idle= options allow some measure of skew in your
+ tuning.
+
+ startup=N
+
+ Sets the minimum number of processes to spawn when Squid
+ starts or reconfigures. When set to zero the first request will
+ cause spawning of the first child process to handle it.
+
+ Starting too few children temporary slows Squid under load while it
+ tries to spawn enough additional processes to cope with traffic.
+
+ idle=N
+
+ Sets a minimum of how many processes Squid is to try and keep available
+ at all times. When traffic begins to rise above what the existing
+ processes can handle this many more will be spawned up to the maximum
+ configured. A minimum setting of 1 is required.
+
+ You must have at least one ssl_crtd process.
+DOC_END
+
COMMENT_START
OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
-----------------------------------------------------------------------------
Format codes:
% a literal % character
+ sn Unique sequence number per log line entry
+ err_code The ID of an error response served by Squid or
+ a similar internal error identifier.
+ err_detail Additional err_code-dependent error information.
+
+ Connection related format codes:
+
>a Client source IP address
>A Client FQDN
>p Client source port
la Local IP address (http_port)
lp Local port number (http_port)
<lp Local port number of the last server or peer connection
- sn Unique sequence number per log line entry
+
+ Time related format codes:
+
ts Seconds since epoch
tu subsecond time (milliseconds)
tl Local time. Optional strftime format argument
default %d/%b/%Y:%H:%M:%S %z
tr Response time (milliseconds)
dt Total time spent making DNS lookups (milliseconds)
- err_code The ID of an error response served by Squid or
- a similar internal error identifier.
- err_detail Additional err_code-dependent error information.
HTTP cache related format codes:
===== Modules Currently available =====
- none Do not log any requests matchign these ACL.
+ none Do not log any requests matching these ACL.
Do not specify Place or logformat name.
stdio Write each log line to disk immediately at the completion of
DOC_END
NAME: log_fqdn
-COMMENT: on|off
-TYPE: onoff
-DEFAULT: off
-LOC: Config.onoff.log_fqdn
+TYPE: obsolete
DOC_START
- Turn this on if you wish to log fully qualified domain names
- in the access.log. To do this Squid does a DNS lookup of all
- IP's connecting to it. This can (in some situations) increase
- latency, which makes your cache seem slower for interactive
- browsing.
+ Remove this option from your config. To log FQDN use %>A in the log format.
DOC_END
NAME: client_netmask
Valid values are as follows:
hash - Hash assignment
- mask - Mask assignment
+ mask - Mask assignment
As a general rule, cisco routers support the hash assignment method
and cisco switches support the mask assignment method.