Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
16
Installation and Upgrades / Re: HTTP Proxy slow when higher load
« on: November 07, 2013, 03:40:11 pm »
I also checked I/O of the HDD, never goes more than 10%, so thats not a problem here. And filedescriptors are showing ok (65536 max) with squidclient.
17
Installation and Upgrades / HTTP Proxy slow when higher load
« on: November 05, 2013, 05:23:12 pm »
I have traveled across this forum and commented on different discussions about problems with slowness with squid+dansguardian setup. I think my issue is a bit different.
PROBLEM:
Slow proxy. Mostly when 5+ clients are highly using the internet. Sometimes the inital requests are slow, takes 1-3sec to load (sometimes loads well), but when using proxy alone its pretty smooth, but still sometimes have tiny delays.
Without proxy its fine, DNS is working smooth. Even with proxy on it resolves DNS fine, the delays are usually on html/text documents.
In short what I have currently:
HARDWARE:
Intel Xeon CPU E3-1220 V2 3.10GHz
4GB DDR3 RAM
1TB 7200RPM HDD (hdparm -t shows ~140MB/s)
2 Gigabit ethernet ports
SOFTWARE:
Zentyal 3.0.25 with HTTP Proxy (Cache and Filter) 3.0.14
File sharing, domain controller, webserver, NTP, VPN, Antivirus for samba
At one time there are 10-40 clients which are using internet.
I use the proxy as transparent proxy with filtering (bigblacklist with few categories enabled) for 2 network segments and non-filtered traffic for all other connections. I have modified configuration, because the default config was pretty slow to me.
Config files:
http://pastebin.com/3Q1Yb78T
http://pastebin.com/YyU6Gwby
I have also modified dansguardian stub to fix forwarding loop issue described here http://forum.zentyal.org/index.php/topic,18388.0.html
I have assigned 40GB to squid cache, but its under the main system drive (I have only one drive in my server). Can that really be the bottleneck? The CPU load is low when proxy is used. And RAM usage is fine, no swapping occurs according to system stats and what squidclient says.
Also sometimes I get
Also the filedescriptor count is fine and its always under the limit 65536.
I have Zentyal logging off for HTTP proxy.
The cache fs is reiserfs mounted with noatime and notail options. I recently switched from aufs to diskd caching method, but it didn't make any changes.
Maybe any ideas I can try? Meanwhile I will disable the transparent proxy and configure only for some devices.
Thanks!
PROBLEM:
Slow proxy. Mostly when 5+ clients are highly using the internet. Sometimes the inital requests are slow, takes 1-3sec to load (sometimes loads well), but when using proxy alone its pretty smooth, but still sometimes have tiny delays.
Without proxy its fine, DNS is working smooth. Even with proxy on it resolves DNS fine, the delays are usually on html/text documents.
In short what I have currently:
HARDWARE:
Intel Xeon CPU E3-1220 V2 3.10GHz
4GB DDR3 RAM
1TB 7200RPM HDD (hdparm -t shows ~140MB/s)
2 Gigabit ethernet ports
SOFTWARE:
Zentyal 3.0.25 with HTTP Proxy (Cache and Filter) 3.0.14
File sharing, domain controller, webserver, NTP, VPN, Antivirus for samba
At one time there are 10-40 clients which are using internet.
I use the proxy as transparent proxy with filtering (bigblacklist with few categories enabled) for 2 network segments and non-filtered traffic for all other connections. I have modified configuration, because the default config was pretty slow to me.
Config files:
http://pastebin.com/3Q1Yb78T
http://pastebin.com/YyU6Gwby
I have also modified dansguardian stub to fix forwarding loop issue described here http://forum.zentyal.org/index.php/topic,18388.0.html
I have assigned 40GB to squid cache, but its under the main system drive (I have only one drive in my server). Can that really be the bottleneck? The CPU load is low when proxy is used. And RAM usage is fine, no swapping occurs according to system stats and what squidclient says.
Also sometimes I get
Code: [Select]
WARNING - Queue congestion in my cache.log.Also the filedescriptor count is fine and its always under the limit 65536.
I have Zentyal logging off for HTTP proxy.
The cache fs is reiserfs mounted with noatime and notail options. I recently switched from aufs to diskd caching method, but it didn't make any changes.
Maybe any ideas I can try? Meanwhile I will disable the transparent proxy and configure only for some devices.
Thanks!
18
Installation and Upgrades / Re: Drop ClamAV
« on: October 30, 2013, 09:54:37 pm »
I still use it as samba file scanner in Zentyal. You mean it makes no sense to use it like that?
19
Installation and Upgrades / Re: Transparent proxy excemptions
« on: October 28, 2013, 01:50:13 pm »
I tried to add sun.com and javadl-esd.sun.com to excemptions, but still external-access.log shows up that the url is going trough proxy.
The java updates fails to get javadl-esd.sun.com/update/1.7.0/1.7.0_45-b18.xml (currently), but with the browser the xml file opens ok. This issue can be found on the internet, but I havent got to know any solutions. Only thing that came into mind was to bypass the transparent proxy and in that way to get it working.
The java updates fails to get javadl-esd.sun.com/update/1.7.0/1.7.0_45-b18.xml (currently), but with the browser the xml file opens ok. This issue can be found on the internet, but I havent got to know any solutions. Only thing that came into mind was to bypass the transparent proxy and in that way to get it working.
20
Installation and Upgrades / Transparent proxy excemptions
« on: October 27, 2013, 09:51:53 am »
Hi. This should be easy to answer, but I couldn't stop thinking how this might work actually, so I did post here.
For unknown reason I am unable to install any Java updates trough transparent proxy, altrough offline installer does well. To fix this maybe I could bypass proxy for whole java.com or sun.com domain, but will this work if I add transparent proxy excemption? Will this work for all subdomains of java.com?
Thanks!
For unknown reason I am unable to install any Java updates trough transparent proxy, altrough offline installer does well. To fix this maybe I could bypass proxy for whole java.com or sun.com domain, but will this work if I add transparent proxy excemption? Will this work for all subdomains of java.com?
Thanks!
21
Installation and Upgrades / Re: HTTP proxy slow + forwarding loop after update to 3.2 [solved]
« on: October 26, 2013, 12:47:45 pm »
Just wanted to clarify. The authplugin line in dansguardian conf is only needed when I use user authentication? I use transparent proxy which has only some filtering rules for network segments (no user auth whatsoever), so I could try removing that line to gain better performance?
22
Installation and Upgrades / Re: HTTP proxy slow + forwarding loop after update to 3.2 [solved]
« on: October 25, 2013, 09:52:35 am »
Yeah, I already supposed that's the file to change. Will see how it will run now.
I can share with my modified stubs.
http://pastebin.com/Pf8snKuG
http://pastebin.com/VawNKAik
Edit: the loops seem to be gone indeed. The proxy seems to work nicely now, thanks!
Still I get some queue congestion warnings when using the proxy more intense, is that alright?
I can share with my modified stubs.
http://pastebin.com/Pf8snKuG
http://pastebin.com/VawNKAik
Edit: the loops seem to be gone indeed. The proxy seems to work nicely now, thanks!
Still I get some queue congestion warnings when using the proxy more intense, is that alright?
23
Installation and Upgrades / Re: HTTP proxy slow + forwarding loop after update to 3.2 [solved]
« on: October 24, 2013, 08:52:36 pm »
I got same forwarding loops and the proxy sometimes slows down for a tiny bit. Should I add no-digest option in squid-external.conf.mas ? I'm running 3.0
24
Installation and Upgrades / Re: Controlling the Permissions of a Sub-Folder in a Zentyal 3.2 Samba Share
« on: October 07, 2013, 10:40:53 pm »
For this reason I made a PHP application to upload any files, which can then only be seen by the user who uploaded them and a administrative user. Very useful in my environment.
Actually I didn't know you can do this in 3.0! Thanks for the info, gonna be useful to me!
Actually I didn't know you can do this in 3.0! Thanks for the info, gonna be useful to me!
25
Installation and Upgrades / Re: SAMBA Error
« on: October 06, 2013, 10:15:56 am »Quote
Somehow, after a timeout, they do get logged inIf the home share isn't mounted than the client logged in offline using the stored passwords on the client machine. That normally happens if the DC is not reachable.
26
Installation and Upgrades / Re: Guest Access File Share
« on: October 01, 2013, 10:49:35 am »
A common bug is that GPO's fail to apply when having at least one guest share. Confirmed on 3.0.25
27
Installation and Upgrades / Re: SAMBA Error
« on: September 30, 2013, 11:03:33 am »
On a test environment I upgraded from 3.0.27 to 3.2 well. I had 4 test users, 2 test groups, PDC, GPO's (default domain policy and another policy for one user group), one share. All working after upgrade and reboot. At first the samba module did not start, threw [fail] after upgrading, but after reboot it worked fine. That was x64 release.
I will make more tests tho so I can try upgrading my production 3.0 machine sometime.
I will make more tests tho so I can try upgrading my production 3.0 machine sometime.
28
Installation and Upgrades / Re: Upgrade from 3.0 to 3.2
« on: September 26, 2013, 06:02:15 pm »
I now especially for that reason created a test domain with test users,groups and GPO's on 3.0 with all latest updates. Will then modify the repo list and upgrade.
EDIT:
on a quick look, when restarting the zentyal samba when doing dist-upgrade, it threw [fail] when starting it. After reboot everyting seems to work including GPO's which all are still there. Nice!
Installed modules:
EDIT:
on a quick look, when restarting the zentyal samba when doing dist-upgrade, it threw [fail] when starting it. After reboot everyting seems to work including GPO's which all are still there. Nice!
Installed modules:
Code: [Select]
Network
Firewall
Antivirus
DNS
Events
Logs
Monitoring
NTP
VPN
Traffic Shaping
Users and Computers
Web Server
Bandwidth Monitor
File Sharing
HTTP Proxy
Printer SharingWill try to update my production server to latest updates, do full system backup and try it there when I safely can. Will inform then. Cheers!
29
Installation and Upgrades / Re: Upgrade from 3.0 to 3.2
« on: September 26, 2013, 05:43:23 pm »
I'm testing the upgrade currently on virtual machine, for me most important is not to lose anything in samba module. If I succeed, I'll try it on the production machine and then post the results and modules.
30
Installation and Upgrades / Access to Zentyal API via PHP
« on: September 24, 2013, 09:55:51 am »
Hi. I have custom made PHP application to add new users, currently I'm typing them by hand into the Zentyal administration panel. It would be awesome and time-saving to automatically add them into the Zentyal server. I'm not familiar to perl, but probably would manage to write a tiny script based on what can be found on the internet. The problem would be launching that perl script (which uses zentyal api) with passed parameters (userame, password, name, surname) from PHP. Maybe anyone has done something like that?
Thanks in advance!
Thanks in advance!