1:freebsd环境下squid突然工作不正常,squid启动日志中有如下提示:
open port RST response from 1087 to 200 packets per second
open port RST response from 1087 to 200 packets per second
open port RST response from 1087 to 200 packets per second
open port RST response from 1087 to 200 packets per second
重启机器系统都进不去
原因:后来查询了下原来机器被syn flood 攻击了!
处理办法:
160beiji# cat /etc/sysctl.conf
# $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl' to adjust kernel values. ``man 5 sysctl.conf' for details.
#
# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
#security.bsd.see_other_uids=0
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
上面是freebsd下的问题
添加红色的就可以了!
2: 2010/12/15 09:07:22| comm_old_accept: FD 14: (53) Software caused connection abort
2010/12/15 09:07:22| httpAccept: FD 14: accept failure: (53) Software caused connection abort
故障原因:因为syn flood 攻击,导致外网不通,在外网不通的情况下,squid就会有此错误!
3:FATAL: ipcache_init: DNS name lookup tests failed
Page faults with physical i/o: 0
2010/10/09 10:39:22| Starting Squid Cache version 3.0.STABLE8 for i686-pc-linux-gnu...
2010/10/09 10:39:22| Process ID 3399
2010/10/09 10:39:22| With 1024 file descriptors available
2010/10/09 10:39:22| Performing DNS Tests...
FATAL: ipcache_init: DNS name lookup tests failed. # 是dns解析错误
Squid Cache (Version 3.0.STABLE8): Terminated abnormally.
CPU Usage: 0.018 seconds = 0.01
解决方法:首先确认机器上的网络正常,然后查看/etc/resolv.conf中的nameserver
4:FATAL: cache_dir /cache/squid: (13) Permission denied
Squid Cache (Version 2.6.STABLE6): Terminated abnormally.
CPU Usage: 0.006 seconds = 0.004 user + 0.002 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
FATAL: cache_dir /cache/squid: (13) Permission denied
可能原因:cache的权限不对,squid effective user对它没有w的权限
5:squid运行一段时间自己停掉
可能原因:squid.log超过2G ,当日志文件超过2G时,squid就不稳定
除非编译squid时加入:--with-large-files ,这个问题耗费我好长的时间,一直查不出问题原因!
squid权威指南上有如下的解释:
假如你不小心,squid的日志文件增加没有限制。某些操作系统对单个文件强制执行2G 的大小限制,即使你有充足的磁盘空间。超过该限制会导致写错误,这样squid就会退出。为了保证日志文件大小合理,你应创建任务来有规律的重命名和打包日志。squid有内建功能来使这个容易做到
###关于squid日志文件我的故障经历如下!
当时情况是在UnixJT(*.*.*.170)服务器上,仅仅是apache+squid处理html文件,但每间隔一段时间后,squid就会自动退出,用户投诉网站不能访问,就是squid日志大小的问题,如果每天将squid日志备份(当时因为硬件故障后,重新切换机器,没有添加备份日志的脚步,所以squid log文件一直在增大,当增大到2G的时候,就会出现问题),该问题就不存在了或加上--with-large-files 参数!
6:
WARNING! Your cache is running out of filedescriptors
67552:2010/12/14 15:08:20| client_side.cc(2692) WARNING! Your cache is running out of filedescriptors
74241:2010/12/14 15:20:40| httpAccept: FD 14: accept failure: (23) Too many open files in system
原因:文件描述符被用光
解决方法:
6.1:在/usr/include/bits/types.h
中加入:#define _ _FD_SETSIZE 65536
6.2:在/etc/security/limits.conf最后加入:
* soft nofile 65536
* hard nofile 65536
6.3:编译squid时加入
--with-filedescriptors=65536,就算有这个指定,如果没有1中设置,还是会出上面的问题
6.4:执行echo 65536 > /proc/sys/fs/file-max
7:查看文件描述符
[root@IDC-D-2522 logs]# /usr/local/squid3/bin/squidclient -p80 -h 61.155.**.** mgr:info | grep 'file descri'
Maximum number of file descriptors: 32768
Available number of file descriptors: 32611
Reserved number of file descriptors: 100
[root@IDC-D-2522 logs]# /usr/local/squid3/bin/squidclient -p80 -h 61.155.**.** mgr:info | grep 'file descri'
Maximum number of file descriptors: 32768
Available number of file descriptors: 32597
Reserved number of file descriptors: 100
8:FATAL: Could not determine fully qualified hostname. Please set 'visible_hostname'
[root@qht2 etc]# /usr/local/squid/sbin/squid -k parse -f /usr/local/xncenter/confcenter/squid.conf
2010/07/05 13:30:03| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)
2010/07/05 13:30:03| WARNING cache_mem is larger than total disk cache space!
FATAL: Could not determine fully qualified hostname. Please set 'visible_hostname'
原因:squid.conf中没有设置visible_hostname
9:/usr/local/squid/var/logs/cache.log: Permission denied
[root@qht2 etc]# /usr/local/squid/sbin/squid -k parse
2010/07/05 13:37:12| Processing Configuration File: /usr/local/squid/etc/squid.conf (depth 0)
WARNING: Cannot write log file: /usr/local/squid/var/logs/cache.log
/usr/local/squid/var/logs/cache.log: Permission denied
messages will be sent to 'stderr'.
原因:/usr/local/squid/var/logs目录去权限,修改该文件夹的所有者和组即可
10: Creating Swap Directories
[root@qht2 logs]# /usr/local/squid/sbin/squid -f /usr/local/xncenter/confcenter/squid.conf -z
2010/07/05 13:46:34| Making directories in /usr/local/squid/var/cache/00
2010/07/05 13:46:34| Making directories in .....
......
......
11:TCP connection to 192.168.0.14/80 failed
2012/09/18 05:18:51| TCP connection to 192.168.0.14/80 failed
2012/09/18 05:18:53| TCP connection to 192.168.0.14/80 failed
2012/09/18 05:18:59| TCP connection to 192.168.0.14/80 failed
......
这种问题偶尔才出现,一天就出现个十几分钟吧!
解决方法:关闭apache机器上的防火墙!(该机器只有内网,不影响安全的,squid到apache通过内网的!)
其实真正的原因也不是这个,还是后端的apache出现问题了(代码的bug造成了apache的异常工作)
12:启动squid时失败:
2010/10/13 15:23:14| Loaded Icons.
2010/10/13 15:23:14| commBind: Cannot bind socket FD 12 to 61.*.*.151:80: (49) Can't assign requested address
2010/10/13 15:23:14| commBind: Cannot bind socket FD 12 to 61.*.*.15*:80: (49) Can't assign requested address
2010/10/13 15:23:14| commBind: Cannot bind socket FD 12 to 122.1*.*.15*:80: (49) Can't assign requested address
2010/10/13 15:23:14| commBind: Cannot bind socket FD 12 to 122.*.*.15x:80: (49) Can't assign requested address
2010/10/13 15:23:14| commBind: Cannot bind socket FD 12 to 10.4.3.151:80: (49) Can't assign requested address
FATAL: Cannot open HTTP Port
原因:我的机器为61.155.152.19x 而非61.*.*.15x/15*, 而61.*.*.15x在运行,而且它上面的squid在占用80端口!
故会出现上面的错误!
13:squid+apache配置(apache在127.0.0.1:80监听)
出现故障时如下显示:
显然是squid不能将请求转发给apache所致!
查看apache服务器是否已经down了。
3199:2012/02/14 03:51:03| Failed to select source for ''
33203:2012/02/14 03:51:03| Failed to select source for ''
33207:2012/02/14 03:51:03| Failed to select source for ''
33211:2012/02/14 03:51:03| Failed to select source for ''
33215:2012/02/14 03:51:03| Failed to select source for ''
33219:2012/02/14 03:51:03| Failed to select source for ''
33223:2012/02/14 03:51:03| Failed to select source for ''
33228:2012/02/14 03:51:04| TCP connection to 127.0.0.1/80 failed
33229:2012/02/14 03:51:04| TCP connection to 127.0.0.1/80 failed
33230:2012/02/14 03:51:04| TCP connection to 127.0.0.1/80 failed
33231:2012/02/14 03:51:04| TCP connection to 127.0.0.1/80 failed
33232:2012/02/14 03:51:04| TCP connection to 127.0.0.1/80 failed
33233:2012/02/14 03:51:04| TCP connection to 127.0.0.1/80 failed
33234:2012/02/14 03:51:04| TCP connection to 127.0.0.1/80 failed
后台日志中有类似上面的错误!
如果是down了,重新开启即可!
(蛮好)
另外还遇到一个问题,用户的网站访问是正常的,但通过cdn转发到我们的cdn节点上,却访问失败!(但手动解析web地址到用户的web服务器上正常),显然是我们的squid有问题, 问题原因:文件的描述符太小了,默认1024,修改为65536(参考值),用户的网站即可访问正常!
14:squid在使用过程中日志文件中有提示:
WARNING! Your cache is running out of filedescriptors
是因为文件描述符太小了
解决方法:在/etc/rc.local中加入:ulimit -HSn 65536
并在终端中执行:ulimit -HSn 65536 ##当然可以修改65536为你想设置的数值
还有一种解决方法:
# vi /etc/security/limits.conf(修改文件开启的限制)
# -
#
#* soft core 0
#* hard rss 10000
hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
- maxlogins 4
* soft nofile 65536
* hard nofile 65536 (添加的两行)
# End of file
保存退出即可
这样必须重启系统才生效:
可以执行:
ulimit -HSn 65536使得该系统理解生效
15: acl OverConnLimit maxconn 配置造成了问题!
acl OverConnLimit maxconn 6
#http_access deny OverConnLimit
场景:开始151和152机器工作是正常的,后来由于备案的问题,一部分网站的解析需要修改为北京的ip,然后在北京的机器上统一使用nat转发,结果造成了机器的访问失败!就是因为这个参数的设置,注释掉http_access deny OverConnLimit行即可正常!
